339 matches found
CVE-2023-54352
WordPress Seotheme contains a remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary PHP code by uploading malicious files to the theme directory. Attackers can access the uploaded PHP shell at /wp-content/themes/seotheme/mar.php to execute system commands...
EUVD-2023-60583
WordPress Seotheme contains a remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary PHP code by uploading malicious files to the theme directory. Attackers can access the uploaded PHP shell at /wp-content/themes/seotheme/mar.php to execute system commands...
CVE-2023-54352
The CVE-2023-54352 entry concerns WordPress Seotheme, where unauthenticated attackers can trigger remote code execution by uploading malicious files to the theme directory. The attack enables access to a PHP shell at /wp-content/themes/seotheme/mar.php to run system commands and upload additional...
CVE-2026-41431 Zen Browser MAR updater ships with signature verification removed — unsigned updates accepted
Zen is a firefox-based browser. Prior to 1.19.9b, Zen Browser ships a Mozilla Application Resource MAR updater org.mozilla.updater that has had all MAR signature verification stripped from the Firefox codebase it was forked from. The MAR files served to users contain zero cryptographic signatures...
PT-2026-39659
Zen is a firefox-based browser. Prior to 1.19.9b, Zen Browser ships a Mozilla Application Resource MAR updater org.mozilla.updater that has had all MAR signature verification stripped from the Firefox codebase it was forked from. The MAR files served to users contain zero cryptographic signatures...
CVE-2026-21023
Insufficient verification of data authenticity in PackageManagerService prior to SMR Mar-2026 Release 1 allows local attackers to modify the installation restriction of specific application...
CVE-2026-28364
In OCaml before 4.14.3 and 5.x before 5.4.1, a buffer over-read in Marshal deserialization runtime/intern.c enables remote code execution through a multi-phase attack chain. The vulnerability stems from missing bounds validation in the readblock function, which performs unbounded memcpy operation...
CVE-2025-15555 Open5GS VoLTE Cx-Test hss-cx-path.c hss_ogs_diam_cx_mar_cb stack-based overflow
A security flaw has been discovered in Open5GS up to 2.7.6. Affected by this vulnerability is the function hssogsdiamcxmarcb of the file src/hss/hss-cx-path.c of the component VoLTE Cx-Test. The manipulation of the argument OGSKEYLEN results in stack-based buffer overflow. The attack may be...
Mozilla Firefox ESR < 60.2
The version of Firefox ESR installed on the remote macOS or Mac OS X host is prior to 60.2. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2018-21 advisory. - A use-after-free vulnerability can occur when an IndexedDB index is deleted while still in use by...
Malicious code in nuyar-mar-aiforx (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a00cad89bca29ca05edad38de0d804751f827d6d04c6e3b19e98058f9b1691ea This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
EUVD-2025-139060
Malicious code in nuyar-mar-aifo npm...
EUVD-2025-139057
Malicious code in nuyar-mar-aiforxa npm...
EUVD-2025-139067
Malicious code in nuyar-mar-afa npm...
EUVD-2025-139068
Malicious code in nuyar-mar-af npm...
EUVD-2025-139059
Malicious code in nuyar-mar-aifor npm...
Malicious code in nuyar-mar-afad (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector dbb265f7dde2b192e246d6023e4c6c8fec9cec781ecc92eb74957039582f95b6 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in nuyar-mar-aif (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5ab6ffa2bcaebe34ba11381ba48619f1c9b452408316f3deaef4893482302d27 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
EUVD-2025-139061
Malicious code in nuyar-mar-aif npm...
Malicious code in nuyar-mar-aiforxa (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 931a681e4cea9796131cada6e589b59326de1533d373aa1328de6f98d8d99e09 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
EUVD-2025-139058
Malicious code in nuyar-mar-aiforx npm...