Mozilla Firefox ESR < 60.2

The version of Firefox ESR installed on the remote macOS or Mac OS X host is prior to 60.2. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2018-21 advisory. - A use-after-free vulnerability can occur when an IndexedDB index is deleted while still in use by...

WordPress Meta Display Block plugin <= 1.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Itthidej Aramsri Boeing777 in WordPress Plugin Meta Display Block versions = 1.0.0...

EUVD-2025-150406

The SureForms plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.13.1 via the 'srfmemailnotification' post meta registration. This is due to setting the 'authcallback' parameter to 'returntrue', which allows unauthenticated access to the...

CVE-2025-12536 SureForms <= 1.13.1 - Missing Authorization to Unauthenticated Sensitive Information Exposure

The SureForms plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.13.1 via the 'srfmemailnotification' post meta registration. This is due to setting the 'authcallback' parameter to 'returntrue', which allows unauthenticated access to the...

CVE-2025-12536

CVE-2025-12536 affects WordPress SureForms plugin up to version 1.13.1. The issue is missing authorization on the _srfm_email_notification post meta, where the auth_callback was set to __return_true, allowing unauthenticated access to sensitive metadata (e.g., email notification configurations, C...

EUVD-2025-179155

Malicious code in emulate-throw-root-meta-file npm...

EUVD-2025-177049

Malicious code in private-easy-string-decrypt-meta npm...

EUVD-2025-178381

Malicious code in integer-omega-virtualize-star-meta npm...

EUVD-2025-180435

Malicious code in analyze-meta-error-chi-serialize npm...

EUVD-2025-176234

Malicious code in stack-theta-meta-index-web npm...

EUVD-2025-179917

Malicious code in cache-meta-root-try-key npm...

Malicious code in theta-validate-meta-air-cat (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 21d3e186b062df4165b4ff6124f4467a91df506dc840e45e44a67191212c48ff This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in xml-sigma-meta-daemon-delta (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9814f634f331ea15ee456dadfc2e7f1468d32fd0e4eb9ef64568b3b1466cec6f This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

EUVD-2025-176172

Malicious code in stub-encode-object-meta-info npm...

EUVD-2025-175985

Malicious code in test-sudo-notify-meta-orchestrate npm...

EUVD-2025-175959

Malicious code in theta-validate-meta-air-cat npm...

EUVD-2025-175953

Malicious code in thread-simulate-meta-small-cat npm...

EUVD-2025-177759

Malicious code in moon-unix-meta-process-kernel npm...

EUVD-2025-177013

Malicious code in promise-meta-node-orchestrate-proxy npm...

EUVD-2025-176948

Malicious code in proxy-meta-pi-theta-bad npm...