CVE-2025-12126 The Total Book Project <= 1.0 - Insecure Direct Object Reference to Authenticated (Contributor+) Book Manipulation

The The Total Book Project plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.0 via several functions due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Contributor-level access a...

Malicious code in yuni-gulai29-breki (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector eed7d13f55933f2779f879ea8e8f54f884eae5cf00d80cf745dbb6634d925a49 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

WordPress The Total Book Project plugin <= 1.0 - Insecure Direct Object Reference to Authenticated (Contributor+) Book Manipulation vulnerability

Insecure Direct Object Reference to Authenticated Contributor+ Book Manipulation vulnerability discovered by Athiwat Tiprasaharn Jitlada in WordPress Plugin The Total Book Project versions = 1.0...

Malicious code in increased-olive-cockroach (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9394fea9f851588f25f3695d77d0aba3dcb8ce1b0b8d0e60e055e1f8538f28b3 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-69061 Malicious code in large-fuchsia-wasp (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0d1062a47ed1f2271a0fdb57d02fb2c0e5cfaf128936e54cda914bcb6a251405 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in tomi-mendut45-sluey (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1b1e76cf7cf4506abecc4453f731ce2139ca314e3ad18dec9e128f7675248b61 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

EUVD-2025-56945

Malicious code in tuti-nasisayur99-sluey npm...

MAL-2025-64703 Malicious code in oktafian-gepuk80-sluey (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7bdbcb845bb5a80065804364342b7ab922887fd527b872c8aba40bd8a1ddbc2a This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

WordPress plugin The Total Book Project 安全漏洞

WordPress and the WordPress plugin are products of the WordPress Foundation, a blogging platform developed in the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerability exists in...

FairSketch Rise Ultimate Project Manager and CRM 跨站脚本漏洞

FairSketch Rise Ultimate Project Manager and CRM is a team management and customer relationship management system from FairSketch. A cross-site scripting vulnerability exists in FairSketch Rise Ultimate Project Manager and CRM version 3.8.1, which stems from insufficient validation of user input...

PT-2025-46529

Name of the Vulnerable Software and Affected Versions Lite XL versions 2.1.8 and prior Description Lite XL is a lightweight, cross-platform text editor written in Lua and C, designed for extensibility via plugins and project-specific modules. The application executes project-level Lua modules and...

PT-2025-46528

Name of the Vulnerable Software and Affected Versions Lite XL versions prior to 2.1.9 Description Lite XL automatically executes the .lite project.lua file when opening a project directory without user confirmation. This file is designed for project configuration but can contain executable Lua...

Lite XL Arbitrary Code Execution via Project Module and Legacy system.exec Function

Overview Lite XL is a lightweight text editor derived from the lite project, written primarily in Lua and C. It supports Windows, Linux, and macOS, and is designed for extensibility through plugins and project‑specific modules. Description Two vulnerabilities were identified Lite XL: CVE-2025-121...

CVE-2025-64504

Langfuse vulnerability CVE-2025-64504 affects 2.70.0–2.95.10 and 3.0.0–3.124.0. The issue stems from the server trusting a user‑controlled orgId in project membership APIs, allowing any authenticated user on the same instance to enumerate member names and email addresses from other organizations ...

EUVD-2025-50782

ktg-mes before commit a484f96 2025-07-03 has a fastjson deserialization vulnerability. This is because it uses a vulnerable version of fastjson and deserializes unsafe input data...

Malicious code in legislative_tiglon_z3n (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fb9b3026fd21555a1d30b2ec705ca30368bee7f3c08f751d587a2e7d19b8ba3b This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-61471 Malicious code in thoughtful_vicuna_z3n (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8e3265ba9d89dea383b18462301f595c36ca4f0df8f288c61d3c088715d94644 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

tandem is unmaintained

The tandem crates in https://github.com/sine-fdn are no longer maintained by the SINE Foundation. The repository has been archived. Recommended alternative We are continuing our work on SMPC by implementing our secure multi-party computation engine Polytune...

RUSTSEC-2025-0115 tandem_http_server is unmaintained

The tandem crates in https://github.com/sine-fdn are no longer maintained by the SINE Foundation. The repository has been archived. Recommended alternative We are continuing our work on SMPC by implementing our secure multi-party computation engine Polytune...

CVE-2025-64490

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management CRM software application. Versions 7.14.7 and prior, 8.0.0-beta.1 through 8.9.0 allow a low-privileged user with a restrictive role to view and create work items through the Resource Calendar and project screens, even...