WordPress Hot Coffee theme <= 1.7 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Hot Coffee versions = 1.7...

CVE-2025-68538 WordPress Craft | Coffee Shop Cafe Restaurant WordPress theme <= 2.3.6 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ThemeGoods Craft craftcoffee allows DOM-Based XSS.This issue affects Craft: from n/a through = 2.3.6...

CVE-2025-68538 WordPress Craft | Coffee Shop Cafe Restaurant WordPress theme <= 2.3.6 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ThemeGoods Craft craftcoffee allows DOM-Based XSS.This issue affects Craft: from n/a through = 2.3.6...

CVE-2025-68538

CVE-2025-68538 affects ThemeGoods Craft craftcoffee (WordPress Theme Craft) with a DOM-Based XSS in the web page generation path due to improper input neutralization. Affected versions are

PT-2026-4081

Name of the Vulnerable Software and Affected Versions Craft versions prior to 2.3.7 Description A flaw exists in Craft that allows for DOM-Based Cross-site Scripting XSS. This issue occurs due to improper neutralization of input during web page generation. The vulnerability could potentially allo...

WordPress Craft | Coffee Shop Cafe Restaurant WordPress theme <= 2.3.6 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Theme Craft versions = 2.3.6...

CVE-2023-25030

Missing Authorization vulnerability in Buy Me a Coffee.This issue affects Buy Me a Coffee: from n/a through 3.7...

Intel® Smart Sound Technology Advisory

Summary: A potential security vulnerability in Intel® Smart Sound Technology may allow escalation of privilege. Intel is releasing software updates to mitigate this potential vulnerability. Vulnerability Details: CVEID: CVE-2020-0583 Description: Improper access control in the subsystem for Intel...

ch.reportingsoft.birt:birt-runtime-bundle (>=4.19.0 <=4.20.0), cloud.wondrify:coffee-asset-pipeline (>=5.0.10 <=5.1.0-M4) +163 more potentially affected by CVE-2025-66453 via org.mozilla:rhino (=1.8.0)

org.mozilla:rhino MAVEN version =1.8.0 is affected by a known vulnerability. The following packages have a transitive dependency on org.mozilla:rhino and may be impacted: - ch.reportingsoft.birt:birt-runtime-bundle =4.19.0, =5.0.10, =5.0.10, =5.0.10, =10.2.1, =8.0.0, =8.0.0, =5.0.6, =5.0.6, =5.0....

EUVD-2025-147858

Malicious code in tehah-coffee-brew npm...

EUVD-2025-120023

Malicious code in favourite-coffee-stork npm...

Malicious code in favourite-coffee-stork (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7b9ca0e2b4bc589d1779f36ab439cb7a963d9e4ffdccc1e2402235e183ddd9f6 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

EUVD-2025-120003

Malicious code in zoophagous-coffee-gull npm...

EUVD-2025-116991

Malicious code in well-coffee-goose npm...

EUVD-2025-117479

Malicious code in common-coffee-loon npm...

EUVD-2025-117217

Malicious code in nasty-coffee-lemming npm...

EUVD-2025-117489

Malicious code in clumsy-coffee-roadrunner npm...

EUVD-2025-117356

Malicious code in furious-coffee-weasel npm...

Malicious code in clumsy-coffee-roadrunner (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 97bff92247a9e6cb083fc07fcfdedf3b1a9ca205d45cc4370d9a15f7c874727d This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

EUVD-2025-117327

Malicious code in historical-coffee-quelea npm...