EUVD-2024-54368

Malicious code in bioql PyPI...

Malicious Package

Overview @dropbox-photo-viewer/electron-app is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and...

Malicious code in @dropbox-photo-viewer/electron-app (npm)

The package @dropbox-photo-viewer/electron-app was found to contain malicious code. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware c0e60f8bd38264b681d07237c310d98471fc7bfc1b9ab2bfabf4258bf01a9ea9 Any computer that has this package installed or running should be...

MAL-2025-47523 Malicious code in @dropbox-photo-viewer/electron-app (npm)

The package @dropbox-photo-viewer/electron-app was found to contain malicious code. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware c0e60f8bd38264b681d07237c310d98471fc7bfc1b9ab2bfabf4258bf01a9ea9 Any computer that has this package installed or running should be...

Linux Distros Unpatched Vulnerability : CVE-2018-12108

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in Dropbox Lepton 1.2.1. The validateAndCompress function in validation.cc allows remote attackers to cause a denial of service SIGFPE a...

Linux Distros Unpatched Vulnerability : CVE-2022-26181

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Dropbox Lepton v1.2.1-185-g2a08b77 was discovered to contain a heap-buffer-overflow in the function aligneddealloc:src/lepton/bitops.cc:108. CVE-2022-26181 Note...

Linux Distros Unpatched Vulnerability : CVE-2025-3641

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in Moodle. A remote code execution risk was identified in the Moodle LMS Dropbox repository. By default, this was only available to teachers an...

Linux Distros Unpatched Vulnerability : CVE-2024-58036

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Net::Dropbox::API 1.9 and earlier for Perl uses the rand function as the default source of entropy, which is not cryptographically secure, for cryptographic...

Fake Copyright Notices Drop New Noodlophile Stealer Variant

Morphisec warns of a new Noodlophile Stealer variant spread via fake copyright phishing emails, using Dropbox links and…...

Malicious code in dropbox-api-v2-explorer (npm)

The package dropbox-api-v2-explorer was found to contain malicious code...

MAL-2025-18832 Malicious code in dropbox-api-v2-explorer (npm)

The package dropbox-api-v2-explorer was found to contain malicious code...

PT-2025-26705 · Dropbox · Dropbox

Name of the Vulnerable Software and Affected Versions: Dropbox affected versions not specified Description: The issue concerns file decryption in Dropbox. No further details are provided about the nature of the issue or its potential impact. Recommendations: At the moment, there is no information...

perl-Net-Dropbox-API-1.900.0-2.1 on GA media (moderate)

perl-Net-Dropbox-API-1.900.0-2.1 on GA media Announcement ID: openSUSE-SU-2025:15187-1 Rating: moderate Cross-References: CVE-2024-58036 Affected Products: openSUSE Tumbleweed An update that solves one vulnerability can now be installed. Description: These are all security issues fixed in the...

OPENSUSE-SU-2025:15187-1 perl-Net-Dropbox-API-1.900.0-2.1 on GA media

These are all security issues fixed in the perl-Net-Dropbox-API-1.900.0-2.1 package on the GA media of openSUSE Tumbleweed...

PT-2025-23060 · Dropbox · Dropbox

Name of the Vulnerable Software and Affected Versions: Dropbox affected versions not specified Description: The issue concerns an unvalidated redirect in Dropbox. No further details are provided about the nature of the issue, affected devices, or real-world incidents. Recommendations: At the...

CVE-2024-52270

User Interface UI Misrepresentation of Critical Information vulnerability in DropBox SignHelloSign allows Content Spoofing. Displayed version does not show the layer flattened version, once download, If printed e.g. via Google Chrome - Examine the print preview: Will render the vulnerability only...

CVE-2023-4488

The Dropbox Folder Share for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 1.9.7 via the editor-view.php file. This allows unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. Thi...

CVE-2023-3025

The Dropbox Folder Share plugin for WordPress is vulnerable to Server-Side Request Forgery in versions up to, and including, 1.9.7 via the 'link' parameter. This can allow unauthenticated attackers to make web requests to arbitrary locations originating from the web application and can be used to...

CVE-2022-4768

A vulnerability was found in Dropbox merou. It has been classified as critical. Affected is the function addpublickey of the file grouper/publickey.py of the component SSH Public Key Handler. The manipulation of the argument publickeystr leads to injection. It is possible to launch the attack...

CVE-2022-26181

Dropbox Lepton v1.2.1-185-g2a08b77 was discovered to contain a heap-buffer-overflow in the function aligneddealloc:src/lepton/bitops.cc:108...