851 matches found
MAL-2025-73965 Malicious code in kurnia-moci48-breki (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 67d0e41efb2fac829e71d39a65a8aecbe8084ae77f7c18bd75398c667ca6b186 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
WordPress The Events Calendar plugin <= 6.15.9 - Sysinfo Key Incorrect Comparison to Unauthenticated Sensitive Information Exposure vulnerability
Sysinfo Key Incorrect Comparison to Unauthenticated Sensitive Information Exposure vulnerability discovered by mikemyers in WordPress Plugin The Events Calendar versions = 6.15.9...
GHSA-CRVM-XJHM-9H29 OctoPrint vulnerable to XSS in Action Commands Notification and Prompt
Impact OctoPrint versions up to and including 1.11.3 are affected by a vulnerability that allows injection of arbitrary HTML and JavaScript into Action Command notification and prompt popups generated by the printer. An attacker who successfully convinces a victim to print a specially crafted fil...
Exploit for Code Injection in Flowiseai Flowise
CVE-2025-59528.yaml Flowise is a drag & drop user interface to...
Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: poppler (UTSA-2025-988622)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-988622 advisory. Poppler ia a library for rendering PDF files, and examining or modifying their structure. A use-after-free write vulnerability has been detected in versions Poppler...
CVE-2025-62169 OctoPrint-SpoolManager Plugin APIs do not enforce authentication
OctoPrint-SpoolManager is a plugin for managing spools and all their usage metadata. In versions 1.8.0a2 and older of the testing branch and versions 1.7.7 and older of the stable branch, the APIs of the OctoPrint-SpoolManager plugin do not correctly enforce authentication or authorization checks...
GHSA-W476-P2H3-79G9 uv has differential in tar extraction with PAX headers
Impact In versions 0.9.4 and earlier of uv, tar archives containing PAX headers with file size overrides were not handled properly. As a result, an attacker could contrive a source distribution as a tar archive that would extract differently when installed via uv versus other Python package...
WordPress Gutenberg Essential Blocks – Page Builder for Gutenberg Blocks & Patterns plugin <= 5.7.1 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Rafshanzani Suhada in WordPress Plugin Essential Blocks for Gutenberg versions = 5.7.1...
EUVD-2025-34454
FreePBX Endpoint Manager is a module for managing telephony endpoints in FreePBX systems. In versions prior to 16.0.92 for FreePBX 16 and versions prior to 17.0.6 for FreePBX 17, the Endpoint Manager module contains authenticated SQL injection vulnerabilities affecting multiple parameters in the...
EUVD-2025-33585
New API is a large language mode LLM gateway and artificial intelligence AI asset management system. An authenticated Server-Side Request Forgery SSRF vulnerability exists in versions prior to 0.9.0.5. A feature within the application allows authenticated users to submit a URL for the server to...
EUVD-2021-16078
Malware in sbrugna...
EUVD-2021-2093
Malware in sbrugna...
EUVD-2021-1058
Malware in sbrugna...
EUVD-2021-2423
Malware in sbrugna...
EUVD-2020-0474
Malware in sbrugna...
EUVD-2021-24182
Malware in sbrugna...
EUVD-2021-10071
Malware in sbrugna...
EUVD-2021-1962
Malware in sbrugna...
EUVD-2020-18855
Malware in sbrugna...
EUVD-2021-0326
Malware in sbrugna...