EUVD-2025-80625

Malicious code in selectroundworm0xrequest npm...

MAL-2025-81275 Malicious code in select_shrew_z3n (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 80df1cb4f21a03aa6d36413009ae75d8c86539a593b9b822bee2ae92f66f2ba7 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

EUVD-2025-52143

Malicious code in select-blush-mouse npm...

EUVD-2025-52142

Malicious code in select-emerald-python npm...

EUVD-2025-52141

Malicious code in select-lavender-kiwi npm...

MAL-2025-70506 Malicious code in select-blush-mouse (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b671135ecbebe6e7cf26a80b8cbb062accab3fed19f57ca57c0584bf36871539 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in select-blush-mouse (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b671135ecbebe6e7cf26a80b8cbb062accab3fed19f57ca57c0584bf36871539 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-70507 Malicious code in select-emerald-python (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9f3d611d388443b093a0de8bb945cdc0478a3907b902cf5bfffea3be36d7c593 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in select-lavender-kiwi (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3ae591d8b12718b5c1b31022d64f8259285cee722fc11710e99468418e93b24f This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-61247 Malicious code in select_beaver_z3n (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 460f84d4d25d427e5df768d6c6265b8f6f03169fb10dd6fad8abdf69ca296ef9 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Fedora 42 : bpfman (2025-0753bddd6c)

The remote Fedora 42 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2025-0753bddd6c advisory. This update fixes CVE-2025-0977 RUSTSEC-2025-0004, a use-after-free vulnerability in the Rust openssl crate's ssl::selectnextproto function. The openssl crat...

CVE-2025-39463

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Select-Themes Dessau dessau allows PHP Local File Inclusion.This issue affects Dessau: from n/a through 1.9...

EUVD-2025-38030

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Select-Themes Dessau dessau allows PHP Local File Inclusion.This issue affects Dessau: from n/a through 1.9...

PT-2025-45191

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Select-Themes Dessau dessau allows PHP Local File Inclusion.This issue affects Dessau: from n/a through 1.9...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-989262)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-989262 advisory. In the Linux kernel, the following vulnerability has been resolved: scsi: scsidebug: Sanity check block descriptor length in respmodeselect In respmodeselect sanity...

CVE-2025-10487

The Advanced Ads – Ad Manager & AdSense plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 2.0.12 via the selectone function. This is due to the endpoint not properly restricting access to the AJAX endpoint or limiting the functions that can be calle...

CVE-2025-10487

The CVE-2025-10487 vulnerability affects the WordPress plugin Advanced Ads – Ad Manager & AdSense. Public details confirm an unauthenticated remote code execution flaw in versions up to 2.0.12 via the select_one() AJAX endpoint, caused by insufficient access restrictions and allowing function cal...

CVE-2025-10487 Advanced Ads <= 2.0.12 - Unauthenticated Limited Code Execution

The Advanced Ads – Ad Manager & AdSense plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 2.0.12 via the selectone function. This is due to the endpoint not properly restricting access to the AJAX endpoint or limiting the functions that can be calle...

Liferay Portal and DXP affected by multiple cross-site scripting (XSS) vulnerabilities in web content template’s select structure page

Multiple cross-site scripting XSS vulnerabilities in web content template’s select structure page in Liferay Portal 7.4.3.35 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.10, 2023.Q3.1 through 2023.Q3.10, 7.4 update 35 through update 92 allow remote attackers to inject arbitrary we...

GHSA-Q285-WFPG-93HR Liferay Portal and DXP affected by multiple cross-site scripting (XSS) vulnerabilities in web content template’s select structure page

Multiple cross-site scripting XSS vulnerabilities in web content template’s select structure page in Liferay Portal 7.4.3.35 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.10, 2023.Q3.1 through 2023.Q3.10, 7.4 update 35 through update 92 allow remote attackers to inject arbitrary we...