MAL-2025-75401 Malicious code in sari-nasisayur32-breki (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 665d01354f9146a565cbd07248c9024234866674b7053d622c30204395f66cf4 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-66287 Malicious code in yanti-lupis62-sluey (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f48f5bc630fd03fb157b413fff4793fe7c88063972dae6ca4aaa717aa89caa3d This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in successive_weasel_z3n (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 61bcd721fd295c6bb67a3d7e0c22b7d2694e3e4f4a64474c6b1a45bc307dfc2c This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-54520 Malicious code in qori-sambel42-ruro (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f479aae0072b93acc36f085fab906b40a1ca4bd5fddfd104f0e90dd00f4a8731 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in jaja-keripik62-sukiwir (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a4dd5cd9ae25b80fe7270907d51f42babf1aa6a2be8621ad8368d290eca8cddb This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-51240 Malicious code in candra-sasag4-miaww (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 640cf7b6dc72d186b23d59820716be614302f7dd4d1a2942c9113f96fe234638 The package candra-sasag4-miaww was found to contain malicious code. This package appears to be part of the tea.xyz token reward campaign that floode...

EUVD-2025-38343

The Simple Downloads List plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wpajaxneofixsdledit' AJAX endpoint along with many others in all versions up to, and including, 1.4.3. This makes it possible for authenticated attackers, wi...

CVE-2025-63639

The chat feature in the application Sourcecodester FAQ Bot with AI Assistant v1.0 is vulnerable to Cross-Site Scripting XSS due to improper handling of user-supplied input. An attacker can inject malicious HTML or JavaScript into chat messages, which executes in the browser of any user viewing th...

CVE-2025-12415

The MapMap plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1. This is due to missing or incorrect nonce validation on the adminshortcodesubmit, adminconfigurationsubmit, and adminshortcodedelete functions. This makes it possible for...

CVE-2025-12402

The LinkedIn Resume plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.00. This is due to missing or incorrect nonce validation on the linkedinresumeprintAdminPage function. This makes it possible for unauthenticated attackers to update settin...

PT-2025-44958

The Social Media WPCF7 Stop Words plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.3. This is due to missing or incorrect nonce validation on the smWpCfSwOptions function. This makes it possible for unauthenticated attackers to update the...

PT-2025-44792

Name of the Vulnerable Software and Affected Versions Grav CMS version 1.7.49.5 Description Grav CMS version 1.7.49.5 is susceptible to Cross Site Scripting XSS. This allows for the injection of malicious scripts into web pages viewed by other users. Recommendations At the moment, there is no...

Cross-site Scripting

dotnetnuke.core is vulnerable to Cross-site Scripting XSS. The vulnerability is due to improper encoding of user input in URL and template rendering, allowing attackers to inject malicious scripts that execute in victims’ browsers...

CVE-2025-11992

The Multi Item Responsive Slider plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing or incorrect nonce validation on the 'mioptions.php' page. This makes it possible for unauthenticated attackers to update settings an...

Cross-site Scripting (XSS)

org.apache.geode, geode-web-api is vulnerable to Cross-site Scripting XSS. The vulnerability is due to improper sanitization of user input in the web API REST interface, which allows an attacker to inject malicious scripts and execute arbitrary code on the returned page, potentially leading to...

Magento vulnerable to stored Cross-Site Scripting (XSS)

Magento versions 2.4.9-alpha2, 2.4.8-p2, 2.4.7-p7, 2.4.6-p12, 2.4.5-p14, 2.4.4-p15 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a high-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be...

PT-2025-42198

Name of the Vulnerable Software and Affected Versions Adobe Commerce versions 2.4.4 through 2.4.9-alpha2 Description A stored Cross-Site Scripting XSS issue exists in Adobe Commerce that could allow a high-privileged attacker to inject malicious scripts into vulnerable form fields. Successful...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via SVG files in diagram type products. An attacker can execute arbitrary web scripts or HTML in the context of a user's browser by uploading a specially crafted SVG file. Details Cross-site scripting or XSS is ...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the Name text field in the Terms and Conditions. An attacker can execute arbitrary web scripts or HTML in the context of another user by injecting crafted payloads. Details Cross-site scripting or XSS is a...

EUVD-2021-12806

Malware in sbrugna...