MAL-2025-97115 Malicious code in underlying_turtle_z3n (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c8a9ea09378b252778c1b45f16d64342a064b81a760754563165f2100ab8a650 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

EUVD-2019-4639

Malware in sbrugna...

CVE-2024-32685 WordPress WP Ultimate Review plugin <= 2.2.5 - Review Score Manipulation vulnerability

Client-Side Enforcement of Server-Side Security vulnerability in Wpmet Wp Ultimate Review allows Functionality Bypass.This issue affects Wp Ultimate Review: from n/a through 2.2.5...

WordPress WP Ultimate Review plugin <= 2.2.5 - Review Score Manipulation vulnerability

Review Score Manipulation vulnerability discovered by Kyle Sanchez Patchstack Alliance in WordPress Plugin Wp Ultimate Review versions = 2.2.5...

A malicious user can avoid unfavorable score updates after alpha/multiplier changes, resulting in accrual of outsized rewards for the attacker at the expense of other users

Lines of code Vulnerability details Note All functions/properties referred to are in the Prime.sol contract. Impact A malicious user can accrue outsized rewards at the expense of other users after updateAlpha or updateMultipliers is called. Proof of Concept An attacker can prevent their score fro...

SUSE CVE-2007-3304

Apache httpd 1.3.37, 2.0.59, and 2.2.4 with the Prefork MPM module, allows local users to cause a denial of service by modifying the workerscore and processscore arrays to reference an arbitrary process ID, which is sent a SIGUSR1 signal from the master process, aka "SIGUSR1 killer."...

CVE-2022-45842 WordPress WP ULike Plugin <= 4.6.4 is vulnerable to Race Condition vulnerability

Unauth. Race Condition vulnerability in WP ULike Plugin = 4.6.4 on WordPress allows attackers to increase/decrease rating scores...

CVE-2019-13097

The application API of Cat Runner Decorate Home version 2.8.0 for Android does not sufficiently verify inputs that are assumed to be immutable but are actually externally controllable. Attackers can manipulate users' score parameters exchanged between client and server...

CVE-2019-13097

The application API of Cat Runner Decorate Home version 2.8.0 for Android does not sufficiently verify inputs that are assumed to be immutable but are actually externally controllable. Attackers can manipulate users' score parameters exchanged between client and server...

CVE-2019-13097

The application API of Cat Runner Decorate Home version 2.8.0 for Android does not sufficiently verify inputs that are assumed to be immutable but are actually externally controllable. Attackers can manipulate users' score parameters exchanged between client and server...

CVE-2005-3594

CVE-2005-3594 concerns the web app component game_score.php in the content management system e107 . The vulnerability allows remote attackers to insert high scores by sending HTTP POST data that supplies the variables $player_name , $player_score , and $game_name . The available sources describe ...