Deco Apps Library / MCP Servers 代码问题漏洞

Deco Apps Library / MCP Servers is a content management system from deco.cx open source. A code issue vulnerability exists in Deco Apps Library / MCP Servers version 0.120.1 and earlier, which stems from incorrect manipulation of the parameter url in the file website/loaders/analyticsScript.ts,...

CVE-2025-13796

CVE-2025-13796 affects deco-cx apps up to 0.120.1, specifically the AnalyticsScript function in website/loaders/analyticsScript.ts of the Parameter Handler component. The issue arises from improper handling of the url argument, enabling server-side request forgery (SSRF) and remote exploitation. ...

PT-2025-48399

A security vulnerability has been detected in deco-cx apps up to 0.120.1. Affected by this vulnerability is the function AnalyticsScript of the file website/loaders/analyticsScript.ts of the component Parameter Handler. Such manipulation of the argument url leads to server-side request forgery. T...

WordPress Analytics Germanized for Google Analytics plugin <= 1.6.2 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by zaim in WordPress Plugin Analytics Germanized for Google Analytics versions = 1.6.2...

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. The package was flagged as malicious during the Sha1-hulud supply chain attack. Although the Sha1-hulud IoCs are not present within the package, the contents of the affected version were removed from the officia...

@medusajs/medusa (>=2.10.0 <=2.11.4-preview-20251124032825), @medusajs/medusa-oas-cli (>=2.10.0 <=2.11.4-preview-20251124000311) potentially affected by unknown CVE via @medusajs/analytics-posthog (>=2.10.0-preview-20250818120145 <=2.11.4-preview-20251124032825)

@medusajs/analytics-posthog NPM version =2.10.0-preview-20250818120145, =2.10.0, =2.10.0, =2.11.4-preview-20251124000311 Source cves: unknown CVE Source advisory: SNYK:JS-MEDUSAJSANALYTICSPOSTHOG-14137959...

Adaptive Detection of Polymorphic Malware: Leveraging Mutation Engines and YARA Rules for Enhanced Security

Polymorphic malware continually alters its structure to evade signature-based defences, challenging both commercial antivirus AV and enterprise detection systems. This study introduces a reproducible framework for analysing eight polymorphic behaviours-junk code insertion, control-flow obfuscatio...

Malicious code in @medusajs/analytics-posthog (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a4bcda5a08e7631f3c8bdbfd1c6a827a23b4a2cadf1ca3ca3a1ae32674df5172 The package @medusajs/analytics-posthog was found to contain malicious code. Source: ghsa-malware...

MAL-2025-191456 Malicious code in @medusajs/analytics-posthog (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a4bcda5a08e7631f3c8bdbfd1c6a827a23b4a2cadf1ca3ca3a1ae32674df5172 The package @medusajs/analytics-posthog was found to contain malicious code. Source: ghsa-malware...

Malicious code in @everreal/web-analytics (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 77c0514435a2fcfbbc44b6691737ce9fa17b0397b9cbd490173d9dca9fa18adc The package @everreal/web-analytics was found to contain malicious code. Source: ghsa-malware...

EUVD-2025-199321

Malicious code in @everreal/web-analytics npm...

MAL-2025-191217 Malicious code in @everreal/web-analytics (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 77c0514435a2fcfbbc44b6691737ce9fa17b0397b9cbd490173d9dca9fa18adc The package @everreal/web-analytics was found to contain malicious code. Source: ghsa-malware...

EUVD-2025-199063

Malicious code in next-simple-google-analytics npm...

Malicious code in next-simple-google-analytics (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 65c0df29a06f4738e26d90f0418c197f39ad60e98981f43cff7baaa82a672ced The package next-simple-google-analytics was found to contain malicious code. Source: ghsa-malware...

MAL-2025-190980 Malicious code in next-simple-google-analytics (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 65c0df29a06f4738e26d90f0418c197f39ad60e98981f43cff7baaa82a672ced The package next-simple-google-analytics was found to contain malicious code. Source: ghsa-malware...

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Sha1-hulud supply chain attack, and its content was removed from the official package manager. The malware functions as a self-replicating worm capable of...

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Sha1-hulud supply chain attack, and its content was removed from the official package manager. The malware functions as a self-replicating worm capable of...

@everreal/react-charts (>=1.0.0 <=1.0.1-ff20697), @everreal/web-analytics (>=0.0.3 <=0.0.12) +1 more potentially affected by unknown CVE via undefsafe-typed (=1.0.2)

undefsafe-typed NPM version =1.0.2 is affected by a known vulnerability. The following packages have a transitive dependency on undefsafe-typed and may be impacted: - @everreal/react-charts =1.0.0, =0.0.3, =1.1.17, =1.2.5 Source cves: unknown CVE Source advisory: SNYK:JS-UNDEFSAFETYPED-14103745...

EUVD-2025-198866

Malicious code in @ensdomains/server-analytics npm...

Malicious code in @ensdomains/server-analytics (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 94dd4c8b8f01e631a4c2d9a19e272458d58a22a5a20c89b97603a94e2b68c4a3 The package @ensdomains/server-analytics was found to contain malicious code. Source: ghsa-malware...