MAL-2025-177791 Malicious code in polymer-arash-mildelio (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7cecf88ddd0c35b8269d1e04d0efa49702aed81c76d22f746b26e528621efe2a This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in polymer-arash-treua (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7f6a1a87de45ea49a0fd003fa7a843679fd1f49c85d258d1a5e03978be373ee4 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

EUVD-2025-138436

Malicious code in polymer-arash-millio npm...

EUVD-2025-138438

Malicious code in polymer-arash-milddelio npm...

EUVD-2025-138437

Malicious code in polymer-arash-mildelio npm...

EUVD-2025-138435

Malicious code in polymer-arash-treua npm...

EUVD-2025-138439

Malicious code in polymer-arash-erddg npm...

EUVD-2025-138434

Malicious code in polymer-arash-verst npm...

Malicious code in polymer-arash-erddg (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9b437e88376d79809879ef3d451393ecf6068efbd22ec1ce772272dd11217997 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-177789 Malicious code in polymer-arash-erddg (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9b437e88376d79809879ef3d451393ecf6068efbd22ec1ce772272dd11217997 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

EUVD-2024-45676

Malicious code in bioql PyPI...

CVE-2024-51879

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Arash Heidari Text Advertisements text-advertisements allows Stored XSS.This issue affects Text Advertisements: from n/a through = 2.1...

CVE-2024-51879

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Arash Heidari Text Advertisements text-advertisements allows Stored XSS.This issue affects Text Advertisements: from n/a through = 2.1...

CVE-2024-51879

CVE-2024-51879 is a Stored XSS in the WordPress Text Advertisements plugin by Arash Heidari, affecting versions n/a through 2.1. The vulnerability arises from improper input neutralization during web page generation. CVSS 3.1 base score 6.5 (Medium); exploitation status not indicated in the provi...

CVE-2024-51879 WordPress Text Advertisements plugin <= 2.1 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Arash Heidari Text Advertisements text-advertisements allows Stored XSS.This issue affects Text Advertisements: from n/a through = 2.1...

PT-2024-35009 · Unknown · Arash Heidari Text Advertisements

Name of the Vulnerable Software and Affected Versions: Arash Heidari Text Advertisements versions n/a through 2.1 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting. This allows for Stored XSS attacks...

WordPress Thumbnail carousel slider plugin <= 1.0 - Authenticated Shell Upload and Cross-Site Request Forgery (CSRF) vulnerabilities

Authenticated Shell Upload and Cross-Site Request Forgery CSRF vulnerabilities found by Arash Khazaei in WordPress Thumbnail carousel slider plugin versions = 1.0. Solution Update the WordPress Thumbnail carousel slider plugin to the latest available version at least 1.0.1...

Zapya Desktop 1.803 - &#039;ZapyaService.exe&#039; Local Privilege Escalation

Exploit Title: Zapya Desktop Version 'ZapyaService.exe' Privilege Escalation Date: 2016/9/12 Exploit Author: Arash Khazaei Vendor Homepage: http://www.izapya.com/ Software Link: http://binaries.izapya.com/Izapya/WindowsPC/ZapyaSetup1803en.exe Version: 1.803 Latest Tested on: Windows 7 Professiona...

WordPress Gallery Master 1.0.22 Cross Site Scripting

Exploit : For Exploiting This Vulnerability Install Testimonial Slider Plugin Then Create New SGallery In Gallery Title Input And Gallery Description Place Your JavaScript Code After Creating Gallery JavaScript Code Will Be Executed . Plugin Is Accessable By Authors , Administartors , Editors...

WordPress Easy Media Gallery 1.3.47 Cross Site Scripting

Exploit : For Exploiting This Vulnerability Install Easy Media Gallery Plugin Then Create New Media In Media Title Input : "/alert'Exploit' Then In Media Subtitle Like Media Title Input : "/alert'Exploit1' After Creating New JavaScript Code Will Be Executed . Video Poc : http://youtu.be/5nMQUgP6n...