353 matches found
Malicious code in safe-apps-react-sdk (npm)
This package runs commands in a pre-install script that exfils sensitive data to a attacker-controlled domain. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 4844f797621f2cd62b20851643278b7d27cfc2ca46fdd1485383cd7818d5c0a8 Any computer that has this package install...
Malicious code in payouts-banking-info (npm)
This package runs commands in a pre-install script that exfils sensitive data to a attacker-controlled domain. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware d795b5a9cc9952f39cd020e529f31f96f837544ae12bdb31f13d66970d9824d4 Any computer that has this package install...
Malicious code in safe-react-components (npm)
This package runs commands in a pre-install script that exfils sensitive data to a attacker-controlled domain. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware cb053fb51230ded6b594cc92293d5377c31b4b9fd8d47e14e46d824d7e672910 Any computer that has this package install...
Malicious code in babel-preset-app (npm)
This package runs commands in a pre-install script that exfils sensitive data to a attacker-controlled domain. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 0c7766597c4e69a6b6b08fb89e552f8cff845299eb1b612ef107e5f3fcb96156 Any computer that has this package install...
Malicious code in valid-package (npm)
This package runs commands in a pre-install script that exfils sensitive data to a attacker-controlled domain. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ccad71901dd807f11aedc2ca2f34c92319f90ccbf3fea758a765c78eb2ff6bdb Any computer that has this package install...
MAL-2024-12175 Malicious code in fider (npm)
This package runs commands in a pre-install script that exfils sensitive data to a attacker-controlled domain. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware e33a8112ebd5139a50734b023e3b935048b314e8fd783e73722625dd79241c69 Any computer that has this package install...
MAL-2024-12177 Malicious code in babel-preset-app (npm)
This package runs commands in a pre-install script that exfils sensitive data to a attacker-controlled domain. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 0c7766597c4e69a6b6b08fb89e552f8cff845299eb1b612ef107e5f3fcb96156 Any computer that has this package install...
MAL-2024-12176 Malicious code in valid-package (npm)
This package runs commands in a pre-install script that exfils sensitive data to a attacker-controlled domain. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ccad71901dd807f11aedc2ca2f34c92319f90ccbf3fea758a765c78eb2ff6bdb Any computer that has this package install...
Malicious code in crypto-buddies (npm)
This package runs commands in a pre-install script that exfils sensitive data to a attacker-controlled domain. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 87bd38c4e59327027fe55c21e59d50ddf6e0ecd5c9a488ed53932639fa8927fb Any computer that has this package install...
MAL-2025-8 Malicious code in 4m-clean-shopify-app (npm)
This package runs commands in a pre-install script that exfils sensitive data to a attacker-controlled domain. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ff1dc78c54862db7c3a030ea6817abc308fbdfe0d28be84a7203e062ab025963 Any computer that has this package install...
Malicious code in 4m-clean-shopify-app (npm)
This package runs commands in a pre-install script that exfils sensitive data to a attacker-controlled domain. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ff1dc78c54862db7c3a030ea6817abc308fbdfe0d28be84a7203e062ab025963 Any computer that has this package install...
PT-2024-12299 · Mlocate · Mlocate
Name of the Vulnerable Software and Affected Versions: mlocate affected versions not specified Description: The issue allows the RUN UPDATEDB AS user to make arbitrary files world readable by abusing insecure file operations that run with root privileges. This is due to mlocate's %post script...
Malicious code in lambda-sns-dynatrace-sdk (npm)
This package runs commands in a pre-install script that exfils sensitive data to a attacker-controlled domain. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 6846e2cf86562a1515400ba129d4fef5beb818c3002079e8bdd09c9e86f00fc5 Any computer that has this package install...
Malicious code in route-search (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 2c63ae8357166fc3afca468347faccce408b6ad59df7d33f958dc0b4f593b598 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...
Important: Red Hat Security Advisory: kpatch-patch security update
An update for kpatch-patch is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is availabl...
CVE-2024-31022
An issue was discovered in CandyCMS version 1.0.0, allows remote attackers to execute arbitrary code via the install.php component...
CandyCMS 安全漏洞
CandyCMS is a simple PHP CMS open-sourced by Stephen Radford. A security vulnerability exists in CandyCMS version 1.0.0. A remote attacker can exploit this vulnerability to execute arbitrary code via the install.php component...
Gentoo Security Vulnerabilities
Gentoo is an open source Linux system from the Gentoo Foundation. A security vulnerability exists in Gentoo ebuild for Slurm 22.05.3 and earlier versions, which stems from the fact that pkgpostinst can call chown to assign ownership of files in the root filesystem...
CVE-2024-0412
A vulnerability was found in DeShang DSShop up to 3.1.0. It has been declared as problematic. This vulnerability affects unknown code of the file public/install.php of the component HTTP GET Request Handler. The manipulation leads to improper access controls. The attack can be initiated remotely...
DeShang DSKMS Access Control Error Vulnerability
DeShang DSKMS is a professional content payment system from DeShang, China. An Access Control Error vulnerability exists in DeShang DSKMS prior to version 3.1.2, which stems from the file public/install.php that results in incorrect access control...