Malicious code in koishi-plugin-yuan (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ca3069b86d0de573768e010f6ee414d10454b7aa241d17bfa056ca2d7665e533 koishi-plugin-yuan exposes an HTTP endpoint /api/bind-cookie that accepts Bilibili user cookies including SESSDATA and bilijct and forwards them via...

CVE-2026-39964

TypeBot (viewer at packages/embeds/js) before version 3.16.0 renders rich-text bubble links without filtering javascript: URIs. A bot author can set a link to javascript:PAYLOAD, which executes in the visitor’s browser context when clicked, allowing the attacker’s code to run with the host page’s...

CVE-2026-39328

ChurchCRM before 7.1.0 has a stored XSS in the person profile editing feature. Non-admin users with EditSelf can inject JavaScript into Facebook, LinkedIn, and X profile fields; due to a 50-character limit, payloads span all three fields and chain onfocus handlers to execute when a profile is vie...

CVE-2025-59542

Chamilo LMS prior to version 1.11.34 is affected by a stored XSS vulnerability in the course learning path Settings field. A low-privileged user (e.g., trainer) can inject JavaScript that executes in other users’ contexts (including admins), enabling exfiltration of session cookies or tokens and ...

CVE-2026-28468

OpenClaw versions 2026.1.29-beta.1 prior to 2026.2.14 contain a vulnerability in the sandbox browser bridge server in which it accepts requests without requiring gateway authentication, allowing local attackers to access browser control endpoints. A local attacker can enumerate tabs, retrieve...

CVE-2026-28468

OpenClaw versions 2026.1.29-beta.1 prior to 2026.2.14 contain a vulnerability in the sandbox browser bridge server in which it accepts requests without requiring gateway authentication, allowing local attackers to access browser control endpoints. A local attacker can enumerate tabs, retrieve...

CVE-2026-28468 OpenClaw 2026.1.29-beta.1 < 2026.2.14 - Authentication Bypass in Sandbox Browser Bridge Server

OpenClaw versions 2026.1.29-beta.1 prior to 2026.2.14 contain a vulnerability in the sandbox browser bridge server in which it accepts requests without requiring gateway authentication, allowing local attackers to access browser control endpoints. A local attacker can enumerate tabs, retrieve...

CVE-2026-28468

OpenClaw versions 2026.1.29-beta.1 prior to 2026.2.14 contain a vulnerability in the sandbox browser bridge server in which it accepts requests without requiring gateway authentication, allowing local attackers to access browser control endpoints. A local attacker can enumerate tabs, retrieve...

PT-2026-21020

Name of the Vulnerable Software and Affected Versions Sync-in Server versions prior to 1.9.3 Description A Stored Cross-Site Scripting XSS issue exists in Sync-in Server. An authenticated attacker can execute arbitrary JavaScript in a victim’s browser. This is achieved by uploading a crafted SVG...

PT-2026-23543

Name of the Vulnerable Software and Affected Versions OpenClaw versions 2026.1.29-beta.1 through 2026.2.13 Description The software contains a flaw in the sandbox browser bridge server that does not require gateway authentication, potentially allowing local attackers to access browser control...

CVE-2025-57145

A cross-site scripting XSS vulnerability exists in the search-autootaxi.php endpoint of the ATSMS web application. The application fails to properly sanitize user input submitted through a form field, allowing an attacker to inject arbitrary JavaScript code. The malicious payload is stored in the...

CVE-2025-52478 Stored XSS in n8n Form Trigger allows Account Takeover via injected iframe and video/source

n8n is a workflow automation platform. From 1.77.0 to before 1.98.2, a stored Cross-Site Scripting XSS vulnerability was identified in n8n, specifically in the Form Trigger node's HTML form element. An authenticated attacker can inject malicious HTML via an with a srcdoc payload that includes...

PT-2025-33750 · N8N · N8N

Name of the Vulnerable Software and Affected Versions: n8n versions 1.77.0 through 1.98.1 Description: n8n is a workflow automation platform. A stored Cross-Site Scripting XSS vulnerability exists in the Form Trigger node's HTML form element. An authenticated attacker can inject malicious HTML vi...

CVE-2023-22722

GLPI is a Free Asset and IT Management Software package. Versions 9.4.0 and above, prior to 10.0.6 are subject to Cross-site Scripting. An attacker can persuade a victim into opening a URL containing a payload exploiting this vulnerability. After exploited, the attacker can make actions as the...

Exfiltrates cookies to hardcoded IP address

Published in 2021, the colabrun package is a Python librarythat exfiltrates user cookies to a hardcoded IP address.The package was found to exfiltrate user data to a hardcoded server,which could be used for malicious purposes...

Exfiltrates user cookies to hardcoded server endpoint during normal operations

Published in 2020, the autodzee package is a Python librarythat bypasses Deezer API restrictions to download music.The package was found to exfiltrate user data to a hardcoded server,which could be used for malicious purposes...

Malicious code in assisting-threading (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 33605e5f943eacd5d5ab7a4c37625226e2ef072f2fd3dac068b169d58ba1c2c9 Infostealer exfiltrating cookies, history and passwords from the Google Chrome browser, as well as attempting to do a webcam photo. Data are sent to a Discord...

MAL-2024-12208 Malicious code in assistant-threader (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 6dba125172b57e6b24bcd2cc0df076483e1fe36d1969f37e533d611fb6f9d808 Infostealer exfiltrating cookies, history and passwords from the Google Chrome browser, as well as attempting to do a webcam photo. Data are sent to a Discord...

U.S. Dept Of Defense: Reflected XSS at https://█████ via "██████████" parameter

There is Reflected Cross site scripting issue at the following url: https://█████ Proof Of Concept https://████████?█████=%22onfocus%3d%22alertdocument.domain%22autofocus%3d%22&█████████████████████=Search ████ Best Regards @pelegn Impact Cookies Exfiltration SOAP Bypass CORS Bypass Executing...

U.S. Dept Of Defense: Reflected XSS at https://██████████/████████ via "███████" parameter

There is Reflected Cross site scripting issue at the following url: https://████████/█████ Proof Of Concept https://████/███?███=%22onfocus%3d%22alertdocument.domain%22autofocus%3d%22&submit=Search ███ Best Regards @pelegn Impact Cookies Exfiltration SOAP Bypass CORS Bypass Executing javascript o...