CVE-2019-25428 Comodo Dome Firewall 2.7.0 Cross-Site Scripting via openvpn_users

Comodo Dome Firewall 2.7.0 contains multiple reflected cross-site scripting vulnerabilities in the openvpnusers endpoint that allow attackers to inject malicious scripts through POST parameters. Attackers can submit crafted POST requests with script payloads in the username, remotenets,...

PT-2026-20831

Comodo Dome Firewall 2.7.0 contains multiple reflected cross-site scripting vulnerabilities in the openvpn users endpoint that allow attackers to inject malicious scripts through POST parameters. Attackers can submit crafted POST requests with script payloads in the username, remotenets,...

MAL-2025-49099 Malicious code in @raux/ra-react-big-calendar (npm)

--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security 2a212e56b9bc45f8e1a5ba0e12813f0d333c9d77c3d94b1ec81b8bdd42655580 This package installs a dependency hosted on a custom domain that runs an info stealer during installation. The info stealer focuses on...

Malicious code in @raux/ra-react-big-calendar (npm)

--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security 2a212e56b9bc45f8e1a5ba0e12813f0d333c9d77c3d94b1ec81b8bdd42655580 This package installs a dependency hosted on a custom domain that runs an info stealer during installation. The info stealer focuses on...

MAL-2025-49100 Malicious code in dynamic-import-node (npm)

--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security e6f301178847664c047f34b5ce64b443f6162b3a0c5113fed22a3a9d1bfcd793 This package installs a dependency hosted on a custom domain that runs an info stealer during installation. The info stealer focuses on...

Malicious code in dynamic-import-node (npm)

--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security e6f301178847664c047f34b5ce64b443f6162b3a0c5113fed22a3a9d1bfcd793 This package installs a dependency hosted on a custom domain that runs an info stealer during installation. The info stealer focuses on...

MAL-2025-49098 Malicious code in @dealmgmt/grid (npm)

--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security 3f1e7bb02af2f24d6a057db349128269908eb7e771722c7cf8aa637d3974058a This package installs a dependency hosted on a custom domain that runs an info stealer during installation. The info stealer focuses on...

MAL-2025-48970 Malicious code in @msdyn365-commerce-marketplace/address-extensions (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 528dbe993a884d4b4a7005f6f60fb635ad06a01ee31e8cf08c6435b8cfc1277b Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-49028 Malicious code in only-warn (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware bf31c0df9e000c5a762fa04ecbaf0f9dd09103bcf544ca0aaebd43193b096a5a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

EUVD-2018-11434

Malware in sbrugna...

Malicious code in @js-to-lua/lua-types (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 4ddfe717b22bb57e4e1887887c45646abfa625e1d566049a635b86193170cdf9 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in @i22/rocket (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 47748ea5218b5ee35bfc50b911a7a41d04d1e19a74832b73679c1c376133dc79 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in @js-to-lua/fast-follow-commands (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware df9453e1ee97636a2ab1a62d9eed556436a2d9c1cd5a551571468cbe3d4e4d93 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in @dtpk-cc/components (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware e0b1e4b6fe7f3d42a2752aea1642dd9191f6afeb4dcca96ef97a65b5af5cb192 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in @foryjs/fory (npm)

The package @foryjs/fory was found to contain malicious code. --- -= Per source details. Do not edit below this line.=- Source: google-open-source-security 37cc85bd94dccf1460d716d3a603bad10397060a4aa5398b42882110d01cb85b This package installs a dependency hosted on a custom domain that runs an in...

Malicious code in @foryjs/hps (npm)

The package @foryjs/hps was found to contain malicious code. --- -= Per source details. Do not edit below this line.=- Source: google-open-source-security 0194b673bd924b4e8e007349e2af575df749db95449277785f569eb01e5b2005 This package installs a dependency hosted on a custom domain that runs an inf...

MAL-2025-14189 Malicious code in airbnb-flow (npm)

The package airbnb-flow was found to contain malicious code. --- -= Per source details. Do not edit below this line.=- Source: google-open-source-security cf721a7ab34d44cd6e6bd7fa345aa5926234cdaa069ab71e315ee5780227c2b2 This package installs a dependency hosted on a custom domain that runs an inf...

MAL-2025-19830 Malicious code in eslint-config-googlejs-es6 (npm)

The package eslint-config-googlejs-es6 was found to contain malicious code. --- -= Per source details. Do not edit below this line.=- Source: google-open-source-security 8940b7796dc2789fa52ad6b2bff9f902eabc3c074e0146ffa0bf81789cc1d365 This package installs a dependency hosted on a custom domain...

MAL-2025-14184 Malicious code in airbnb-angular (npm)

The package airbnb-angular was found to contain malicious code. --- -= Per source details. Do not edit below this line.=- Source: google-open-source-security 7fff1f5000c3707b881be6257856ad35d4e8c37a27f0219b0e380ee46fcae5ea This package installs a dependency hosted on a custom domain that runs an...

MAL-2025-14192 Malicious code in airbnb-hooks (npm)

The package airbnb-hooks was found to contain malicious code. --- -= Per source details. Do not edit below this line.=- Source: google-open-source-security 33c430dfd90c926bae8206a1ac92dcb5b15de7ef7b729c5bc8f88452c6793b44 This package installs a dependency hosted on a custom domain that runs an in...