Malicious code in kinvey-flex-scripts (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2db8900040473f66489c468a226e662892ffd1324837d5096c33e16fc43bdd7a The package kinvey-flex-scripts was found to contain malicious code. Source: ghsa-malware...

MAL-2025-191119 Malicious code in kinvey-flex-scripts (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2db8900040473f66489c468a226e662892ffd1324837d5096c33e16fc43bdd7a The package kinvey-flex-scripts was found to contain malicious code. Source: ghsa-malware...

Malicious code in jsonschemex (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 21f678f82847db32c68ab5a95a827f755d13b5d4cd371667eb584f25ed28ed01 Malicious clone of a legitimate package with hidden code that downloads the next stage scripts. Analysed payloads had just exfiltrated basic infos --- Category...

MAL-2025-191769 Malicious code in jsonschemex (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 21f678f82847db32c68ab5a95a827f755d13b5d4cd371667eb584f25ed28ed01 Malicious clone of a legitimate package with hidden code that downloads the next stage scripts. Analysed payloads had just exfiltrated basic infos --- Category...

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Sha1-hulud supply chain attack, and its content was removed from the official package manager. The malware functions as a self-replicating worm capable of...

EUVD-2025-198815

Malicious code in zapier-scripts npm...

Malicious code in zapier-scripts (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c3ba8a867b632a8d6da937fdbfc075adef06017c7ab8a6b17924da7ac6d13470 The package zapier-scripts was found to contain malicious code. Source: ghsa-malware a7ff5378c64d4e7f1b2a7f36f2ed69279219f697dd2cff8098a4de7e70f34ff0...

MAL-2025-190861 Malicious code in zapier-scripts (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c3ba8a867b632a8d6da937fdbfc075adef06017c7ab8a6b17924da7ac6d13470 The package zapier-scripts was found to contain malicious code. Source: ghsa-malware a7ff5378c64d4e7f1b2a7f36f2ed69279219f697dd2cff8098a4de7e70f34ff0...

CVE-2025-41087

Cross-Site Scripting XSS vulnerability stored in tha Taclia web application, where the uploaded SVG images are not properly sanitized. This allows to the attackers to embed malicious scripts in SVG files such as image profiles, which are then stored on the server and executed in the context of an...

EUVD-2025-198629

Cross-Site Scripting XSS vulnerability stored in tha Taclia web application, where the uploaded SVG images are not properly sanitized. This allows to the attackers to embed malicious scripts in SVG files such as image profiles, which are then stored on the server and executed in the context of an...

Redis: Redis is vulnerable to DoS via specially crafted LUA scripts

A vulnerability was found in Redis where an authenticated user to run a crafted Lua script that can read out‑of‑bounds memory or crash the server, leading to information disclosure and denial of service...

redis: Lua library commands may lead to integer overflow and potential RCE

An integer overflow present in the Redis Lua scripting engine that allows an authenticated client to submit a specially crafted Lua script for example via EVAL/EVALSHA that can trigger memory corruption and potentially lead to remote code execution within the Redis server process...

PT-2025-47899

Cross-Site Scripting XSS vulnerability stored in tha Taclia web application, where the uploaded SVG images are not properly sanitized. This allows to the attackers to embed malicious scripts in SVG files such as image profiles, which are then stored on the server and executed in the context of an...

SQL-INJECTION

SQL-INJECTION SQL Injection SQLi Demonstration Pro...

CVE-2025-13134

The AuthorSure plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.3. This is due to missing or incorrect nonce validation on the 'authorsure' page. This makes it possible for unauthenticated attackers to update settings and inject malicious we...

MGASA-2025-0307 Updated redis packages fix security vulnerabilities

A Lua script may lead to remote code execution. CVE-2025-49844 A Lua script may lead to integer overflow and potential RCE. CVE-2025-46817 A Lua script can be executed in the context of another user. CVE-2025-46818 LUA out-of-bound read. CVE-2025-46819...

EUVD-2025-198408

The Affiliate AI Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'asin' shortcode attribute in the affiaiimg shortcode in all versions up to, and including, 1.0.1. This is due to insufficient input sanitization and output escaping. This makes it possible for...

CVE-2025-13134

The AuthorSure plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.3. This is due to missing or incorrect nonce validation on the 'authorsure' page. This makes it possible for unauthenticated attackers to update settings and inject malicious we...

CVE-2025-12661

The Pollcaster Shortcode Plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'height' parameter in the 'pollcaster' shortcode in all versions up to, and including, 1.0. This is due to insufficient input sanitization and output escaping on user supplied attributes. This makes...

CVE-2025-12660

The Padlet Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'key' parameter in the 'wallwisher' shortcode in all versions up to, and including, 1.3. This is due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...