186 matches found
Malicious Package
Overview oci-console-plugin-registry is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code. Compromised versions of this package contain a file called bundle.js that exfiltrates secrets from the user's accounts, including credentials and API tokens. It also downloads malicious files and repackages them...
Malicious Package
Overview internallibv819 is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...
Malicious Package
Overview json-rules-engine-examples is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...
Malicious Package
Overview @navancorp/ta-travel is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...
Malicious Package
Overview @navancorp/ta-fe-components is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...
Malicious Package
Overview @exarad/verfuegbarkeitspruefung-vue2 is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization a...
Malicious Package
Overview vite-postcss-kit is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...
Embedded Malicious Code
Overview cdn-icon-fetcher-help is a Malicious package. Affected versions of this package are vulnerable to Embedded Malicious Code. Once this package is installed and executed, it downloads a Javascript file from a cdn-static-seven.vercel.app URL, which appears to be an image hosting site. Howeve...
PT-2025-5087 · Unknown · Wm Options Import Export
Name of the Vulnerable Software and Affected Versions: WM Options Import Export versions 1.0.1 and earlier Description: The issue allows for the retrieval of embedded sensitive data due to the insertion of sensitive information into sent data. This can potentially expose confidential information...
Malicious Package
Overview youreallydontwantthispackage2131 is a malicious package. This library contains malicious code and was removed from the package manager PyPi Remediation Avoid using all malicious instances of the youreallydontwantthispackage2131 package...
Malicious Package
Overview braintree.github.io is a malicious package. This package contains malicious code that collects sensitive information about the victim and sends it to the attacker's remote server. While this package might be attempting to impersonate a valid organization, there is no connection between...
PT-2024-12783 · Dell · Dell Esi
Name of the Vulnerable Software and Affected Versions: DELL ESI Enterprise Storage Integrator for SAP LAMA version 10.0 Description: The issue concerns an information disclosure vulnerability in the EHAC component of DELL ESI Enterprise Storage Integrator for SAP LAMA. A remote unauthenticated...
PT-2023-30064 · Fancms · Fancms
Name of the Vulnerable Software and Affected Versions: FanCMS version 1.0.0 Description: A Cross Site Scripting issue allows an attacker to execute arbitrary code via the content1 parameter in the "demo.php" file. Recommendations: For FanCMS version 1.0.0, avoid using the content1 parameter in th...
Electrolink FM/DAB/TV Transmitter (controlloLogin.js) Credential Disclosure
Electrolink FM/DAB/TV Transmitter controlloLogin.js Credentials Disclosure Vendor: Electrolink s.r.l. Product web page: https://www.electrolink.com Affected version: 10W, 100W, 250W, Compact DAB Transmitter 500W, 1kW, 2kW Medium DAB Transmitter 2.5kW, 3kW, 4kW, 5kW High Power DAB Transmitter 100W...
Malicious Package
Overview msfpath is a malicious package. It launches a reverse shell that connects back to a malicious host. Remediation Avoid using all malicious instances of the msfpath package. Credit: Raul Onitza-Klugman from Snyk Research Team...
PT-2022-6233 · Netcomm · Netcomm Nf20Mesh +2
Name of the Vulnerable Software and Affected Versions: Netcomm NF20MESH versions Netcomm NF20 versions Netcomm NL1902 versions Description: A stack-based buffer overflow issue affects the sessionKey parameter, allowing a remote attacker to potentially execute arbitrary code by providing a specifi...
PT-2022-24368 · Tenda · Tenda Ac18 Wifi Router +1
Name of the Vulnerable Software and Affected Versions: Tenda AC15 WiFi Router version V15.03.05.19 multi Tenda AC18 WiFi Router version V15.03.05.19 multi Description: A buffer overflow issue was discovered via the filePath parameter at the "/goform/expandDlnaFile" API endpoint. Recommendations:...
Malicious Package
Overview discordjs-lofy is a malicious package. This package injecting malicious Javascript code into the Discord client. Remediation Avoid using all malicious instances of the discordjs-lofy package...
Malicious Package
Overview active-modelserializerscancancan is a malicious package. Affected versions of this package were found to be a Malicious Package, as it utilised typosquatting to run Malicious 3rd party scripts. It replaced genuine packages using an and replaced it with - and vice versa Remediation Avoid...