137 matches found
WordPress AuthorSure plugin cross-site request forgery vulnerability
WordPress AuthorSure plugin is an open source plugin designed for the WordPress platform, mainly used to manage the submission process of multi-author sites. WordPress AuthorSure plugin has a cross-site request forgery vulnerability, the vulnerability stems from the lack of random number validati...
CVE-2025-11815
CVE-2025-11815 documents a vulnerability in the UiPress lite plugin for WordPress (versions
CVE-2025-63221
The Axel Technology puma devices firmware versions 0.8.5 to 1.0.3 are vulnerable to Broken Access Control due to missing authentication on the /cgi-bin/gstFcgi.fcgi endpoint. Unauthenticated remote attackers can list user accounts, create new administrative users, delete users, and modify system...
EUVD-2025-198156
The Axel Technology WOLF1MS and WOLF2MS devices firmware versions 0.8.5 to 1.0.3 are vulnerable to Broken Access Control due to missing authentication on the /cgi-bin/gstFcgi.fcgi endpoint. Unauthenticated remote attackers can list user accounts, create new administrative users, delete users, and...
CVE-2025-63218
The Axel Technology WOLF1MS and WOLF2MS devices firmware versions 0.8.5 to 1.0.3 are vulnerable to Broken Access Control due to missing authentication on the /cgi-bin/gstFcgi.fcgi endpoint. Unauthenticated remote attackers can list user accounts, create new administrative users, delete users, and...
PT-2025-47469
The Axel Technology puma devices firmware versions 0.8.5 to 1.0.3 are vulnerable to Broken Access Control due to missing authentication on the /cgi-bin/gstFcgi.fcgi endpoint. Unauthenticated remote attackers can list user accounts, create new administrative users, delete users, and modify system...
CVE-2025-63218
The CVE-2025-63218 vulnerability affects Axel Technology WOLF1MS and WOLF2MS devices (firmware 0.8.5–1.0.3). It is caused by Broken Access Control due to missing authentication on the /cgi-bin/gstFcgi.fcgi endpoint, enabling unauthenticated remote attackers to list user accounts, create administr...
CVE-2025-12827 Top Friends <= 0.3 - Cross-Site Request Forgery to Settings Update
The Top Friends plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.3. This is due to missing nonce validation on the topfriendsoptionssubpanel function. This makes it possible for unauthenticated attackers to modify plugin settings via a forge...
MAL-2025-171130 Malicious code in eclipsevoyager (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c52b4b3d9ec4d7c1c71ad0be245964e791f240e70c5261917c23079404905f18 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-97288 Malicious code in voiceless_anteater_z3n (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e75c172b46b5bafd38507205cc832fa01576714309e541b8d251021814043cfd This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-91830 Malicious code in vida-oncom67-miaww (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d720024b93675caf04f19359b63959577449b10e143dc56295ba3213a31da71b This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-79933 Malicious code in mathematical_guineafowl_z3n (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0fa49d0ff38621df0c38fa5d315fb49a2b82ce4a7ca875326eb2816edb4fa18d This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-74419 Malicious code in maya-rangi92-breki (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 19570e326c5e5cdcff659a889c94f642c385daa741ed6a8deef6bd85ff6417bd This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in agus-kupat60-breki (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 20989340191a9d9666afc5988620791ac84dcb34784793110ecdb38c733802fb This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
EUVD-2020-30803
The 10WebMapBuilder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Plugin Settings Change in versions up to, and including, 1.0.63 due to insufficient input sanitization and output escaping and a lack of capability checks. This makes it possible for unauthenticated attacker...
EUVD-2021-11237
Malware in sbrugna...
EUVD-2019-18381
Malware in sbrugna...
EUVD-2021-11930
Malware in sbrugna...
EUVD-2021-8054
Malicious code in bioql PyPI...
EUVD-2025-24812
Malicious code in bioql PyPI...