1270 matches found
Malicious code in docusaurus-plugin-vanilla-extract (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2659e389b89fcdf1fe723b544962764d4f2881cae9694dc4107fbbb4ec077328 The package docusaurus-plugin-vanilla-extract was found to contain malicious code. Source: ghsa-malware...
EUVD-2025-199087
Malicious code in docusaurus-plugin-vanilla-extract npm...
MAL-2025-190956 Malicious code in docusaurus-plugin-vanilla-extract (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2659e389b89fcdf1fe723b544962764d4f2881cae9694dc4107fbbb4ec077328 The package docusaurus-plugin-vanilla-extract was found to contain malicious code. Source: ghsa-malware...
Cinnamon kotaemon 安全漏洞
Cinnamon kotaemon is a RAG-based open source tool from Cinnamon Open Source. A security vulnerability exists in Cinnamon kotaemon version 0.11.0, which stems from a failure of the mayextractzip function to check the contents of a ZIP file, which could lead to resource exhaustion...
Directory Traversal
Overview Affected versions of this package are vulnerable to Directory Traversal in the extractPackageTarball function. An attacker can write arbitrary files to unintended locations on the server by supplying a malicious tarball with crafted file paths and leveraging the X-Npmrc header to specify...
CVE-2025-13035 Code Snippets <= 3.9.1 - Authenticated (Contributor+) PHP Code Injection via extract() and PHP Filter Chains
The Code Snippets plugin for WordPress is vulnerable to PHP Code Injection in all versions up to, and including, 3.9.1. This is due to the plugin's use of extract on attacker-controlled shortcode attributes within the evaluateshortcodefromflatfile method, which can be used to overwrite the...
WordPress Code Snippets plugin <= 3.9.1 - Authenticated (Contributor+) PHP Code Injection via extract() and PHP Filter Chains vulnerability
Authenticated Contributor+ PHP Code Injection via extract and PHP Filter Chains vulnerability discovered by mikemyers in WordPress Plugin Code Snippets versions = 3.9.1...
EUVD-2025-197914
Observable Timing Discrepancy CWE-208 in HBUS devices may allow an attacker with physical access to the device to extract device-specific keys, potentially compromising further site security. This issue affects Command Centre Server: 9.30 prior to vCR9.30.251028a distributed in 9.30.2881 MR3, 9.2...
CVE-2025-52457
Observable Timing Discrepancy CWE-208 in HBUS devices may allow an attacker with physical access to the device to extract device-specific keys, potentially compromising further site security. This issue affects Command Centre Server: 9.30 prior to vCR9.30.251028a distributed in 9.30.2881 MR3, 9.2...
CVE-2025-52457
Observable Timing Discrepancy CWE-208 in HBUS devices may allow an attacker with physical access to the device to extract device-specific keys, potentially compromising further site security. This issue affects Command Centre Server: 9.30 prior to vCR9.30.251028a distributed in 9.30.2881 MR3, 9.2...
PT-2025-47240
Observable Timing Discrepancy CWE-208 in HBUS devices may allow an attacker with physical access to the device to extract device-specific keys, potentially compromising further site security. This issue affects Command Centre Server: 9.30 prior to vCR9.30.251028a distributed in 9.30.2881 MR3, 9.2...
HSEC-2023-0014 Arbitrary file write is possible when using PDF output or --extract-media with untrusted input
Arbitrary file write is possible when using PDF output or --extract-media with untrusted input Pandoc is susceptible to an arbitrary file write vulnerability, which can be triggered by providing a specially crafted image element in the input when generating files using the --extract-media option ...
EUVD-2025-176450
Malicious code in seismology-jabbah-exosphere-mini-css-extract-plugin npm...
EUVD-2025-177834
Malicious code in mini-css-extract-plugin-nova-titan-duplex npm...
Malicious code in apex-electron-protractor-mini-css-extract-plugin (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 779cc6c8c43d7168deaf2cb7d9acad1a4f866432756bf35644ea6160de97ecfd This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in cors-relay-mini-css-extract-plugin-winston (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 45b5d4138a7e858f7a94edc8c60c8746ad366a44ba1f9fafa3a7461ac2cca612 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in hydrogeology-chariklo-pulsar-mini-css-extract-plugin (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d514e86e9a193b5e01631ae67c92d3d0e92c33b1e9cb062f76dee9edaf4a7576 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
EUVD-2025-175468
Malicious code in xo-mini-css-extract-plugin-vega-koa npm...
EUVD-2025-176265
Malicious code in spectron-mini-css-extract-plugin-enif-commitizen npm...
EUVD-2025-175648
Malicious code in wasat-betelgeuse-mini-css-extract-plugin-cosmos npm...