1234 matches found
CVE-2025-10684 Construction Light < 1.6.8 - Subscriber+ Arbitrary Plugin Activation
The Construction Light WordPress theme before 1.6.8 does not have authorisation and CSRF when activating via an AJAX action, allowing any authenticated users, such as subscriber to activate arbitrary...
WordPress plugin Construction Light 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...
PT-2025-41: The Twinkly Light Tree 3D firmware uses a vulnerable Blufi library
The vulnerability was identified in the Twinkly Light Tree 3D firmware, 2.8.18. An attacker within Bluetooth range, with physical access to a device running firmware prior to 2.9.0 and provisioning mode manually re-enabled could, in an attack scenario, interfere with the provisioning exchange and...
AZL-70850 CVE-2025-65018 affecting package fltk 1.3.8-1
LIBPNG is a reference library for use in applications that read, create, and manipulate PNG Portable Network Graphics raster image files. From version 1.6.0 to before 1.6.51, there is a heap buffer overflow vulnerability in the libpng simplified API function pngimagefinishread when processing...
EUVD-2025-117267
Malicious code in light-amber-eel npm...
MAL-2025-138835 Malicious code in light-amber-eel (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8c95233b8c518f92b155ea0056d0b872fbece596329cb8f1af94691d20ed9cd6 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
EUVD-2025-104225
Malicious code in lightclownfishz3n npm...
MAL-2025-128180 Malicious code in light_clownfish_z3n (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 82e53b8ae19519928b5a837a004367ed305cc815ba2e5b930fbac535bb956b44 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
EUVD-2025-96848
Malicious code in lightferretz3n npm...
EUVD-2025-77581
Malicious code in lightbandicootolive-46 npm...
EUVD-2025-78901
Malicious code in lighttigerz3n npm...
EUVD-2025-81382
Malicious code in lightgalliform0xrequest npm...
EUVD-2025-71499
Malicious code in lightcatsharkz3n npm...
EUVD-2025-63308
Malicious code in lightlizardz3n npm...
Malicious code in light_ape_z3n (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 79742656839181f4a70422b0810bb556d61086ab17a0042dd1ae81bc39dc2da1 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
EUVD-2025-53504
Malicious code in light-fuchsia-possum npm...
EUVD-2025-53505
Malicious code in light-coffee-lizard npm...
EUVD-2025-53503
Malicious code in light-silver-crane npm...
EUVD-2025-49913
Malicious code in lightreptilez3n npm...
Light & Wonder Deck Mate 安全漏洞
Light & Wonder Deck Mate is an automated licensing device from Light & Wonder, UK. A security vulnerability exists in Light & Wonder Deck Mate that stems from a lack of secure boot chain validation and runtime integrity validation, which could allow a physically accessible attacker to modify or...