3242 matches found
CVE-2025-13621
The dream gallery plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing or incorrect nonce validation on the 'dreampluginsmain' AJAX action. This makes it possible for unauthenticated attackers to update the plugin's...
CVE-2025-13362
CVE-2025-13362 describes a CSRF vulnerability in the Norby AI WordPress plugin (versions up to and including 1.0.3) caused by missing nonce validation on the settings update function. This could allow unauthenticated attackers to trigger admin actions and inject malicious scripts via forged reque...
WordPress AuthorSure plugin cross-site request forgery vulnerability
WordPress AuthorSure plugin is an open source plugin designed for the WordPress platform, mainly used to manage the submission process of multi-author sites. WordPress AuthorSure plugin has a cross-site request forgery vulnerability, the vulnerability stems from the lack of random number validati...
CVE-2025-41087
Cross-Site Scripting XSS vulnerability stored in tha Taclia web application, where the uploaded SVG images are not properly sanitized. This allows to the attackers to embed malicious scripts in SVG files such as image profiles, which are then stored on the server and executed in the context of an...
PT-2025-47899
Cross-Site Scripting XSS vulnerability stored in tha Taclia web application, where the uploaded SVG images are not properly sanitized. This allows to the attackers to embed malicious scripts in SVG files such as image profiles, which are then stored on the server and executed in the context of an...
Automated Logic WebCTRL Premium Server
RISK EVALUATION Successful exploitation of these vulnerabilities could allow a remote attacker to deceive a legitimate user into running malicious scripts or redirecting them to malicious websites. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of...
EUVD-2025-197808
Cross-Site Scripting XSS vulnerability exists in SourceCodester AI Font Matcher nid=18425, 2025-10-10 that allows remote attackers to execute arbitrary JavaScript in victims' browsers. The vulnerability occurs in the webfonts API handling mechanism where font family names are not properly...
PT-2025-47180
Name of the Vulnerable Software and Affected Versions affected versions not specified Description The software is susceptible to a cross-site scripting issue due to improper input neutralization during web page generation. This allows for the injection of malicious scripts into web pages...
Malicious code in io-cordelia-meteor-filament (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 37bb443e8b535dc59175b1ef8d7eb72d284f31f0b56ff72943312cddcb025736 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in native-galaxy-antares-global (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 11b8bcfdfe7849b90d3c380667f517122a332cc8b4bb07a54ce638d98f18e1f7 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in kapvino-socvni-famabapvcavnvai (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0d0f4dbc147a4943a198b3d1af431d8d1effeadc359b8bde9a20d2bf19147736 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in poglymer-ogih-gaghuagoaaga (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 33982ff18c7e2d839043ee5d9dfcc129987de58f250a6a54ae83eb2888c8e083 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in chiragsharma (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 91c72f0fe7f6bdc39dfca2d497be8039639640ca37812e1477badecc5fbdc5fd This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in uinsu-loti-nalu (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ffb5465227fdf421121f61e3f8234b9197ac9876abd78c3089b7a5ce86b44bbd This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-166247 Malicious code in sunden-diak-itarukinyukia1 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f6e2ec17baaa8f02e262a4dd450b142cbb38ad4bc1215657101bd8561be48f8e This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-167885 Malicious code in teagood-yakuna28 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5e588f5f9f566a97667a1bf9869f24c063e370454331d1f87ce24956a64c6a23 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in aether-nebula-sequelize-readable (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0094de2b5d9b566517b29185064674e61f7198e886fd9ff5e9bedf51bd2d6f3c This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-141532 Malicious code in deneb-astro-xenon-hugo (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c30df2abcf22f557c7023e22a337b453c8f6233b50a59cb850d624a11cabd466 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in altair-scripts-dagda-sedna (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ed3a83b3d29fadebfc93ee31ec22b2fba479781dbec590684f1877f0b2d8f572 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in scripts-semantic-release-galaxy-apollo (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8dc373eff89a8346915f7e86bdbe978bb844ddf27580d6e384ee21fd6bf5e29d This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...