157 matches found
Viral Signup <= 2.1 - SQL Injection
The Viral Signup limited opt-in with viral referral sharing plugin for WordPress is vulnerable to SQL Injection in all versions up to, and including, 2.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possibl...
Agentic AI As a Cybersecurity Attack Surface: Threats, Exploits, and Defenses in Runtime Supply Chains
Agentic systems built on large language models LLMs extend beyond text generation to autonomously retrieve information and invoke tools. This runtime execution model shifts the attack surface from build-time artifacts to inference-time dependencies, exposing agents to manipulation through untrust...
Malicious code in n8n-nodes-viral-app (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b674c80512825238bef8f46f867856034796bf31343fa3c9e20f4b74e9b6da8f The package n8n-nodes-viral-app was found to contain malicious code. Source: google-open-source-security...
EUVD-2025-199363
Malicious code in n8n-nodes-viral-app npm...
MAL-2025-64744 Malicious code in organisational_cicada_z3n (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9959e38113f772211dd5b3b902d9b51438a731c4e19d047bfc244c5530ebb611 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in udin-lontong47-breki (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7ce0856581fc21c748ac7d25d0a6f25cf8f469f3e2fbda9a5e73460492436ce0 The package udin-lontong47-breki was found to contain malicious code. This package appears to be part of the tea.xyz token reward campaign that flood...
EUVD-2014-4455
Malware in sbrugna...
EUVD-2019-5476
Malware in sbrugna...
EUVD-2008-2860
Malware in sbrugna...
WordPress Ultimate Viral Quiz plugin <= 1.0 - Cross-Site Request Forgery to Settings Update vulnerability
Cross-Site Request Forgery to Settings Update vulnerability discovered by Nabil Irawan in WordPress Plugin Ultimate Viral Quiz versions = 1.0...
EUVD-2025-17179
Malicious code in bioql PyPI...
EUVD-2025-9182
Malicious code in bioql PyPI...
EUVD-2025-17180
Malicious code in bioql PyPI...
EUVD-2023-38073
Malicious code in bioql PyPI...
EUVD-2023-32608
Malicious code in bioql PyPI...
CVE-2025-10302 Ultimate Viral Quiz <= 1.0 - Cross-Site Request Forgery to Settings Update
The Ultimate Viral Quiz plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing or incorrect nonce validation on thesaveoptions function. This makes it possible for unauthenticated attackers to update the plugin's settings...
CVE-2025-10302
CVE-2025-10302 affects the WordPress plugin Ultimate Viral Quiz (versions ≤ 1.0). The vulnerability is a Cross-Site Request Forgery due to missing/incorrect nonce validation in the save_options() function, allowing unauthenticated attackers to update plugin settings if a site administrator is tri...
WordPress plugin The Ultimate Viral Quiz 跨站请求伪造漏洞
WordPress and WordPress plugin are products of the WordPress Foundation, a blogging platform developed in PHP. WordPress is a blogging platform developed using the PHP language, which provides the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an applicatio...
PT-2025-40470
Name of the Vulnerable Software and Affected Versions The Ultimate Viral Quiz plugin for WordPress versions prior to 1.0 Description The Ultimate Viral Quiz plugin for WordPress is susceptible to Cross-Site Request Forgery due to inadequate nonce validation within the save options function. This...
CVE-2025-28994
Missing Authorization vulnerability in viralloops Viral Loops WP Integration viral-loops-wp-integration allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Viral Loops WP Integration: from n/a through = 3.8.1...