Lucene search
K

393 matches found

Snyk
Snyk
added 2025/10/29 10:49 p.m.1 views

Malicious Package

Overview @aio-commerce-sdk/config-typescript is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization an...

9.8CVSS6.8AI score
Exploits0References2
EUVD
EUVD
added 2025/10/29 10:49 p.m.2 views

EUVD-2025-36802

Malicious code in @aio-commerce-sdk/config-typedoc npm...

6.6AI score
Exploits0References1
EUVD
EUVD
added 2025/10/29 10:49 p.m.2 views

EUVD-2025-36801

Malicious code in @aio-commerce-sdk/config-typescript npm...

6.6AI score
Exploits0References1
EUVD
EUVD
added 2025/10/29 10:49 p.m.2 views

EUVD-2025-36800

Malicious code in @aio-commerce-sdk/config-vitest npm...

6.6AI score
Exploits0References1
EUVD
EUVD
added 2025/10/29 10:49 p.m.2 views

EUVD-2025-36803

Malicious code in @aio-commerce-sdk/config-tsdown npm...

6.6AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/10/29 10:49 p.m.5 views

Malicious code in @aio-commerce-sdk/config-typedoc (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 7115c3c8e9d8049f239251eeaf99504698b6eea04f36d5490dedff17b173f77b Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.8AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/10/29 10:49 p.m.4 views

Malicious code in @aio-commerce-sdk/config-vitest (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 952a468e9821b0b8238bc9a6e6c0f9ee4964fca63e82403ed880279141fb5088 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.8AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/10/29 10:49 p.m.4 views

Malicious code in @aio-commerce-sdk/config-tsdown (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a0ae61acddeafb85596fd6c4a2c12309826d57b53250d789af0b1145bc8a2c3b Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.8AI score
Exploits0References2
OSV
OSV
added 2025/10/29 10:49 p.m.1 views

MAL-2025-48957 Malicious code in @aio-commerce-sdk/config-typescript (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 85b2c7fad2af3e611f7fe4d8399529e1b897e4ca8838e1a5db0a2c61acb4d998 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.8AI score
Exploits0References2
OSV
OSV
added 2025/10/29 10:49 p.m.2 views

MAL-2025-48956 Malicious code in @aio-commerce-sdk/config-typedoc (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 7115c3c8e9d8049f239251eeaf99504698b6eea04f36d5490dedff17b173f77b Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.8AI score
Exploits0References2
OSV
OSV
added 2025/10/29 10:49 p.m.2 views

MAL-2025-48958 Malicious code in @aio-commerce-sdk/config-vitest (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 952a468e9821b0b8238bc9a6e6c0f9ee4964fca63e82403ed880279141fb5088 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.8AI score
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/10/25 8:29 a.m.12 views

CVE-2025-11889

The AIO Forms – Craft Complex Forms Easily plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the import functionality in all versions up to, and including, 1.3.18. This makes it possible for authenticated attackers, with Administrator-level access...

7.2CVSS6.6AI score0.00599EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/10/25 12:0 a.m.7 views

WordPress plugin AIO Forms 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A code issue...

7.2CVSS7.6AI score0.00599EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/10/24 8:24 a.m.4 views

CVE-2025-11889 AIO Forms <= 1.3.15 - Authenticated (Admin+) Arbitrary File Upload via Zip Import

The AIO Forms – Craft Complex Forms Easily plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the import functionality in all versions up to, and including, 1.3.15. This makes it possible for authenticated attackers, with Administrator-level access...

7.2CVSS6.9AI score0.00599EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/10/24 8:24 a.m.10 views

CVE-2025-11889 AIO Forms <= 1.3.18 - Authenticated (Admin+) Arbitrary File Upload via Zip Import

The AIO Forms – Craft Complex Forms Easily plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the import functionality in all versions up to, and including, 1.3.18. This makes it possible for authenticated attackers, with Administrator-level access...

7.2CVSS0.00599EPSS
Exploits0References3
CVE
CVE
added 2025/10/24 8:24 a.m.21 views

CVE-2025-11889

CVE-2025-11889 : WordPress plugin AIO Forms – Craft Complex Forms Easily is vulnerable to authenticated arbitrary file upload via the Zip Import feature due to missing file type validation in versions up to and including 1.3.15 . The flaw allows users with Administrator-level access and above to ...

7.2CVSS6.6AI score0.00599EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/10/24 12:0 a.m.15 views

PT-2025-43595

Name of the Vulnerable Software and Affected Versions AIO Forms – Craft Complex Forms Easily plugin for WordPress versions through 1.3.15 Description The AIO Forms – Craft Complex Forms Easily plugin for WordPress is susceptible to arbitrary file uploads because of a lack of file type validation...

7.2CVSS7.7AI score0.00599EPSS
Exploits0References8
Patchstack
Patchstack
added 2025/10/23 10:46 p.m.10 views

WordPress AIO Forms plugin <= 1.3.18 - Arbitrary File Upload vulnerability

Arbitrary File Upload vulnerability discovered by tmrswrr in WordPress Plugin AIO Forms versions = 1.3.18...

7.2CVSS6.8AI score0.00599EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2025/10/22 9:24 a.m.3 views

CVE-2025-6833 All in One Time Clock Lite – Tracking Employee Time Has Never Been Easier <= 2.0 - Insecure Direct Object Reference to Authenticated (Subscriber+) Arbitrary Clocking In/Out

The All in One Time Clock Lite – Tracking Employee Time Has Never Been Easier plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.0 via the 'aiotimeclocklitejs' AJAX action due to missing validation on a user controlled key. This makes it...

4.3CVSS5.3AI score0.00178EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2005-0917

Malware in sbrugna...

2.1CVSS6.3AI score0.00724EPSS
Exploits0References6
Rows per page
Query Builder