AlmaLinux 9 : nginx:1.24 (ALSA-2026:6923)

The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2026:6923 advisory. nginx: NGINX: Denial of Service or Code Execution via specially crafted MP4 files CVE-2026-32647 NGINX: NGINX: Denial of Service or file modification via...

CVE-2019-11617

doorGets 7.0 has a CSRF vulnerability in /doorgets/app/requests/user/configurationRequest.php. A remote attacker can exploit this vulnerability for "Google Analytics code" modification...

CVE-2025-12958

The Rankology SEO and Analytics Tool plugin for WordPress is vulnerable to unauthorized modification of data due to an incorrect capability check on the 'rankologycodeblock' page in all versions up to, and including, 2.0. This makes it possible for authenticated attackers, with Editor-level acces...

CVE-2025-51682

mJobtime 15.7.2 handles authorization on the client side, which allows an attacker to modify the client-side code and gain access to administrative features. Additionally, they can craft requests based on the client-side code to call these administrative functions directly...

CVE-2025-51682

mJobtime 15.7.2 handles authorization on the client side, which allows an attacker to modify the client-side code and gain access to administrative features. Additionally, they can craft requests based on the client-side code to call these administrative functions directly...

Malicious code in cosmology-geodynamo-blaze-perturbation (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3ba766eb5f32777db3374986c46fd236e4668d7897069846749971a67037b8c3 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-183278 Malicious code in kisut-diug-danugamicffoa (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 39d47cdd2474e71ab3f21729fab333fb2161e774dc9e3b27786de0fcad9175b2 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in riyanto-poke84 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c2da32924d8eccffe5de6f6d26e5c9f9f746f0ba606ca9957f5dc95f0c42c538 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in dotenv-blitz-gatsby-publish (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 30494edd46176223c947540db528ceecf7879aa472f791139f7645ad492e282b This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-134449 Malicious code in isolated_dinosaur_z3n (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d1164fd97ffca01c0ad315eed47fcd56cbb7ae79337a30fdea4b958f27e90a8b This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-89682 Malicious code in putri-kupang55-riris (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 881a509638e009409da7ac1300631b76499b8c0304bf0976d5338f56f4520a0d This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

EUVD-2019-2657

Malware in sbrugna...

EUVD-2020-6148

Malware in sbrugna...

EUVD-2024-25349

Malicious code in bioql PyPI...

EUVD-2022-34390

Malicious code in bioql PyPI...

EUVD-2022-26396

Malicious code in bioql PyPI...

EUVD-2025-27053

Malicious code in bioql PyPI...

CVE-2025-48809

Processor optimization removal or modification of security-critical code in Windows Kernel allows an authorized attacker to disclose information locally...

Windows Kernel Information Disclosure Vulnerability

Processor optimization removal or modification of security-critical code in Windows Kernel allows an authorized attacker to disclose information locally...

CVE-2022-50132

In the Linux kernel, the following vulnerability has been resolved: usb: cdns3: change place of 'privep' assignment in cdns3gadgetepdequeue, cdns3gadgetepenable If 'ep' is NULL, result of eptocdns3epep is invalid pointer and its dereference with privep-cdns3dev may cause panic. Found by Linux...