Malicious code in @oku-ui/toggle (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a0d0819bf4913c5aabf31547b239ee5407c6e581d71ef7d041451c7f162314c1 The package @oku-ui/toggle was found to contain malicious code. Source: google-open-source-security...

@oku-ui/primitives (>=0.4.0 <=0.6.1), @oku-ui/toolbar (>=0.4.0 <=0.6.1) potentially affected by unknown CVE via @oku-ui/toggle-group (=0.6.1)

@oku-ui/toggle-group NPM version =0.6.1 is affected by a known vulnerability. The following packages have a transitive dependency on @oku-ui/toggle-group and may be impacted: - @oku-ui/primitives =0.4.0, =0.4.0, =0.6.1 Source cves: unknown CVE Source advisory: OSV:MAL-2025-191279...

MAL-2025-191278 Malicious code in @oku-ui/toggle (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a0d0819bf4913c5aabf31547b239ee5407c6e581d71ef7d041451c7f162314c1 The package @oku-ui/toggle was found to contain malicious code. Source: google-open-source-security...

EUVD-2025-199461

Malicious code in @oku-ui/toggle npm...

@oku-ui/primitives (>=0.0.1 <=0.6.1), @oku-ui/toggle-group (>=0.4.0 <=0.6.1) +1 more potentially affected by unknown CVE via @oku-ui/toggle (=0.6.1)

@oku-ui/toggle NPM version =0.6.1 is affected by a known vulnerability. The following packages have a transitive dependency on @oku-ui/toggle and may be impacted: - @oku-ui/primitives =0.0.1, =0.4.0, =0.4.0, =0.6.1 Source cves: unknown CVE Source advisory: OSV:MAL-2025-191278...

@oku-ui/accordion (>=0.5.0 <=0.6.1), @oku-ui/menu (>=0.6.0 <=0.6.1) +5 more potentially affected by unknown CVE via @oku-ui/roving-focus (=0.6.1)

@oku-ui/roving-focus NPM version =0.6.1 is affected by a known vulnerability. The following packages have a transitive dependency on @oku-ui/roving-focus and may be impacted: - @oku-ui/accordion =0.5.0, =0.6.0, =0.4.0, =0.4.0, =0.4.0, =0.4.0, =0.4.0, =0.6.1 Source cves: unknown CVE Source advisor...

@oku-ui/accordion (>=0.5.0 <=0.6.1), @oku-ui/menu (>=0.6.0 <=0.6.1) +8 more potentially affected by unknown CVE via @oku-ui/direction (=0.6.1)

@oku-ui/direction NPM version =0.6.1 is affected by a known vulnerability. The following packages have a transitive dependency on @oku-ui/direction and may be impacted: - @oku-ui/accordion =0.5.0, =0.6.0, =0.4.0, =0.4.0, =0.4.0, =0.0.1, =0.4.0, =0.4.0, =0.4.0, =0.4.0, =0.6.1 Source cves: unknown...

MAL-2025-191279 Malicious code in @oku-ui/toggle-group (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bb7f999444c4458fefe9d248fe0eaf410814ecbb5343107fe992033a61d184f3 The package @oku-ui/toggle-group was found to contain malicious code. Source: google-open-source-security...

PT-2025-47999

The Conditional Maintenance Mode for WordPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.0. This is due to missing nonce validation when toggling the maintenance mode status. This makes it possible for unauthenticated attackers to...

Prototype Pollution

toggle-array is vulnerable to Prototype Pollution. The vulnerability is due to improper input validation in the enable and disable functions, which allows an attacker to supply a crafted payload and inject properties into the Object.prototype, potentially leading to denial of service DoS or...

EUVD-2025-37412

The SiteSEO – SEO Simplified plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 1.3.1. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with Author-level...

CVE-2025-12367 SiteSEO – SEO Simplified <= 1.3.1 - Missing Authorization to Authenticated (Author+) Plugin Settings Update

The SiteSEO – SEO Simplified plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 1.3.1. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with Author-level...

CVE-2025-12367 SiteSEO – SEO Simplified <= 1.3.1 - Missing Authorization to Authenticated (Author+) Plugin Settings Update

The SiteSEO – SEO Simplified plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 1.3.1. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with Author-level...

CVE-2025-12367

CVE-2025-12367 affects the WordPress SiteSEO – SEO Simplified plugin (versions up to and including 1.3.1). The vulnerability is Missing Authorization: authenticated attackers with Author-level access or higher can enable or disable arbitrary SiteSEO features due to insufficient permission checks....

SUSE-SU-2025:3716-1 Security update for the Linux Kernel

The SUSE Linux Enterprise 15 SP4 RT kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2022-49980: USB: gadget: fix use-after-free read in usbudcuevent bsc1245110. - CVE-2022-50233: Bluetooth: eir: Fix using strlen with hdev-devname,shortname...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: dde-daemon (UTSA-2025-986195)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-986195 advisory. desktop-toggle5.13.84-1x8664 3 Tenable has extracted the preceding description block directly from the Unity Linux security advisory. Note that Nessus has not tested...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: dde-daemon (UTSA-2025-986194)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-986194 advisory. desktop-toggle5.13.84-1x8664 1 Tenable has extracted the preceding description block directly from the Unity Linux security advisory. Note that Nessus has not tested...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: dde-daemon (UTSA-2025-986196)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-986196 advisory. desktop-toggle5.13.84-1aarch64 1 Tenable has extracted the preceding description block directly from the Unity Linux security advisory. Note that Nessus has not test...

EUVD-2019-5927

Malware in sbrugna...

EUVD-2016-6125

Malware in sbrugna...