CVE-2025-12752 Subscriptions & Memberships for PayPal <= 1.1.7 - Unauthenticated Fake Payment Creation

The Subscriptions & Memberships for PayPal plugin for WordPress is vulnerable to fake payment creation in all versions up to, and including, 1.1.7. This is due to the plugin not properly verifying the authenticity of an IPN request. This makes it possible for unauthenticated attackers to create...

PT-2025-47825

The Subscriptions & Memberships for PayPal plugin for WordPress is vulnerable to fake payment creation in all versions up to, and including, 1.1.7. This is due to the plugin not properly verifying the authenticity of an IPN request. This makes it possible for unauthenticated attackers to create...

EUVD-2025-198122

The Icegram Express - Email Subscribers, Newsletters and Marketing Automation Plugin for WordPress is vulnerable to Authorization in versions up to, and including, 5.9.10. This is due to the plugin not properly verifying that a user is authorized to perform an action in the...

EUVD-2025-104496

Malicious code in instantplatypusz3n npm...

EUVD-2025-74530

Malicious code in instantcarpblue-56 npm...

Malicious code in instant_crab-appteadev (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 73fe43f6f99c75dbbdd7cf647e93dff065b56426261f7f073e77056094710776 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in instant_silkworm-tool (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d42c57043398db9042f7058eb8d443a92771c50ae3d01ecae2279dc313037878 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

EUVD-2025-76544

Malicious code in instantsilkworm-silentdev npm...

EUVD-2025-79004

Malicious code in instantporcupinez3n npm...

EUVD-2025-79003

Malicious code in instantrodentz3n npm...

EUVD-2025-81538

Malicious code in instantskunkreplicateautomation npm...

EUVD-2025-81539

Malicious code in instantdolphin0xrequest npm...

MAL-2025-104254 Malicious code in instant_starfish_z3n (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 30db18bc037b3204d8133244021ed114539e9def98a2e90ddfd82bdc4e334f78 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

EUVD-2025-63506

Malicious code in instantsilkwormz3n npm...

Malicious code in instant_crane_z3n (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8431aa9987b510930a8d2a90cba24bba29c042cb30b39ed4d0af98581f79e02e This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

CVE-2025-5343

Zohocorp ManageEngine Exchange Reporter Plus versions through 5721 are vulnerable to Stored Cross Site Scripting in the Instant Search option...

CVE-2025-5343

Zohocorp ManageEngine Exchange Reporter Plus versions through 5721 are vulnerable to Stored Cross Site Scripting in the Instant Search option...

CVE-2025-5343

Zohocorp ManageEngine Exchange Reporter Plus versions through 5721 are vulnerable to Stored Cross Site Scripting in the Instant Search option...

CVE-2025-5343 Stored XSS

Zohocorp ManageEngine Exchange Reporter Plus versions through 5721 are vulnerable to Stored Cross Site Scripting in the Instant Search option...

CVE-2025-5343

CVE-2025-5343 concerns ManageEngine Exchange Reporter Plus, affected up to version 5721. The vulnerability is a Stored Cross-Site Scripting (XSS) flaw in the Instant Search feature, allowing an attacker to inject scripts that are stored on the server and executed when other users access the affec...