MAL-2026-5459 Malicious code in @dktunited/anly-tracker-v2 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8a8893b914c3ba3139a3c8cede191521742237aa7c1c5d64f7ee45dbc5f636a6 scripts/postinstall.js runs unconditionally during npm install and exfiltrates installer-side identifiers to an attacker-controlled out-of-band...

MAL-2026-5443 Malicious code in exodus-wallet-core (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 53bf93b626689e980ef2e9c4ba33fd95e81d6a04c665f85908c8cf07b8b36e14 Package name impersonates the Exodus cryptocurrency wallet brand. package.json declares "postinstall": "node src/canary.js", and src/canary.js perfor...

MAL-2026-5445 Malicious code in grateful-payments (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1a7a07a0a09ed8037058353b9b9b067e25e3cbe783eaab8d54276d490f823471 On npm install, the package's postinstall script src/canary.js performs a DNS lookup and HTTPS GET to the hardcoded host...

Malicious code in exodus-solana-sdk (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ecffe98bff5e1c4655631cf8f92b1b1ccb534e0eeaa7043fab0d5fa1fbfabc35 Package name impersonates the Exodus cryptocurrency wallet brand exodus-solana-sdk. package.json declares a postinstall hook node src/canary.js that...

Malicious code in exodus-ethereum-sdk (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b4e52a42f8980da0a9df361ef772ca31bbdaec85eb3fc7a73dbcfc8b5ca6894a Package name impersonates the Exodus cryptocurrency wallet brand and ships no real functionality src/index.js exports an empty object; package.json...

Cisco Unity Connection Arbitrary File Download (cisco-sa-unity-file-download-RmKEVWPx)

According to its self-reported version, Cisco Unity Connection is affected by multiple arbitrary file download vulnerabilities: - Multiple vulnerabilities in Cisco Unity Connection could allow an authenticated, remote attacker to download arbitrary files from an affected system. To exploit these...

Improper Certificate Validation

Overview jxm is an Incredibly fast messaging backend Affected versions of this package are vulnerable to Improper Certificate Validation in the HTTPS request due to the use of 'rejectUnauthorized': false when 'jxobj.IsSecure' is true. An attacker can intercept or manipulate encrypted traffic by...

EUVD-2014-4602

Malware in sbrugna...

EUVD-2009-1167

Malware in sbrugna...

EUVD-2021-21412

Malware in sbrugna...

EUVD-2021-21354

Malware in sbrugna...

EUVD-2007-5545

Malware in sbrugna...

EUVD-2000-0734

Malware in sbrugna...

EUVD-2013-1263

Malware in sbrugna...

EUVD-2009-1166

Malware in sbrugna...

EUVD-2014-8777

Malware in sbrugna...

EUVD-2025-17645

Malicious code in bioql PyPI...

EUVD-2025-17633

Malicious code in bioql PyPI...

EUVD-2021-6912

Malicious code in bioql PyPI...

EUVD-2024-18213

Malicious code in bioql PyPI...