MAL-2025-41352 Malicious code in @mz-codes/const (npm)

The package communicates with a domain associated with malicious activity...

DOM-Based Extension Clickjacking Exposes Popular Password Managers to Credential and Data Theft

Popular password manager plugins for web browsers have been found susceptible to clickjacking security vulnerabilities that could be exploited to steal account credentials, two-factor authentication 2FA codes, and credit card details under certain conditions. The technique has been dubbed Documen...

CVE-2025-30975

Improper Control of Generation of Code 'Code Injection' vulnerability in SaifuMak Add Custom Codes add-custom-codes allows Code Injection.This issue affects Add Custom Codes: from n/a through = 4.80...

CVE-2025-30975 WordPress Add Custom Codes <= 4.80 - Arbitrary Code Execution vulnerability

Improper Control of Generation of Code 'Code Injection' vulnerability in SaifuMak Add Custom Codes add-custom-codes allows Code Injection.This issue affects Add Custom Codes: from n/a through = 4.80...

CVE-2025-30975

CVE-2025-30975 affects the WordPress plugin Add Custom Codes (versions up to 4.80). The issue is described as Improper Control of Generation of Code (Code Injection) allowing Remote Code Execution for authenticated users (Contributor+). Documents confirm the vulnerability is still unpatched (Patc...

CVE-2025-30975 WordPress Add Custom Codes <= 4.80 - Arbitrary Code Execution vulnerability

Improper Control of Generation of Code 'Code Injection' vulnerability in SaifuMak Add Custom Codes add-custom-codes allows Code Injection.This issue affects Add Custom Codes: from n/a through = 4.80...

PT-2025-33908 · Unknown · Saifumak Add Custom Codes

Name of the Vulnerable Software and Affected Versions: SaifuMak Add Custom Codes versions through 4.80 Description: An improper control of generation of code 'Code Injection' issue exists in SaifuMak Add Custom Codes, allowing code injection. Recommendations: At the moment, there is no informatio...

WordPress plugin Add Custom Codes 代码注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...

CVE-2025-38585

In the Linux kernel, the following vulnerability has been resolved: staging: media: atomisp: Fix stack buffer overflow in gmingetvarint When gmingetconfigvar calls efi.getvariable and the EFI variable is larger than the expected buffer size, two behaviors combine to create a stack buffer overflow...

Medium: gstreamer1-plugins-base

Issue Overview: GStreamer is a library for constructing graphs of media-handling components. An OOB-write vulnerability has been identified in the gstssaparseremoveoverridecodes function of the gstssaparse.c file. This function is responsible for parsing and removing SSA SubStation Alpha style...

How to spot the latest fake Gmail security alerts

Security alerts from tech companies are supposed to warn us when something might be amiss—but what if the alerts themselves are the risk? Scammers have long impersonated tech companies' security and support staff as a way to sniff out users' login credentials, and reports suggest that they're doi...

Linux Distros Unpatched Vulnerability : CVE-2019-7629

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Stack-based buffer overflow in the stripvt102codes function in TinTin++ 2.01.6 and WinTin++ 2.01.6 allows remote attackers to execute arbitrary code by sending ...

OpenBao suffers from an unspecified vulnerability (CNVD-2025-18607)

OpenBao is OpenBao open source a sensitive data management software . A security vulnerability exists in OpenBao versions 0.1.0 through 2.3.1, which stems from the TOTP key engine being able to accept valid code multiple times, and no details of the vulnerability are provided at this time...

@alancastro06/coolsolelog (=22.14.0), albot (>=0.1.0 <=0.14.1) +43 more potentially affected by unknown CVE via ansi-codes (>=0.0.0 <=2.0.0)

ansi-codes NPM version =0.0.0, =0.1.0, =0.0.10, =7.1.0, =0.0.8, =0.0.0, =0.0.0, =0.0.0, =0.0.0, =1.0.0, =0.0.1, =0.0.0, =0.0.2 and more Source cves: unknown CVE Source advisory: OSV:MAL-2025-14554...

Malicious code in free-xbox-codes-app001 (npm)

The package free-xbox-codes-app001 was found to contain malicious code...

Malicious code in free-codes-fortnite-2023-for-free-updated-tricks (npm)

The package free-codes-fortnite-2023-for-free-updated-tricks was found to contain malicious code...

MAL-2025-23883 Malicious code in jp_postal_codes (npm)

The package jppostalcodes was found to contain malicious code...

MAL-2025-7036 Malicious code in 901free-xbox-ea-access-codes (npm)

The package 901free-xbox-ea-access-codes was found to contain malicious code...

MAL-2025-20933 Malicious code in free-codes-fortnite-2023-for-free-updated-tricks (npm)

The package free-codes-fortnite-2023-for-free-updated-tricks was found to contain malicious code...

Malicious code in paypal-codes-generator071 (npm)

The package paypal-codes-generator071 was found to contain malicious code...