352 matches found
EUVD-2005-0885
Malware in sbrugna...
EUVD-2005-1395
Malware in sbrugna...
EUVD-2014-0124
Malware in sbrugna...
EUVD-2022-2795
Malicious code in bioql PyPI...
Malicious code in napi-postinstall (npm)
This package installs a windows based malware file node-gyp.dll via install.js...
Malicious code in got-fetch (npm)
This package installs a windows based malware file node-gyp.dll via install.js...
Malicious code in eslint-plugin-prettier (npm)
This package installs a windows based malware file node-gyp.dll via install.js...
Malicious code in synckit (npm)
This package installs a windows based malware file node-gyp.dll via install.js...
CVE-2025-7099
A vulnerability has been found in BoyunCMS up to 1.21 on PHP7 and classified as critical. Affected by this vulnerability is an unknown functionality of the file install/install2.php of the component Installation Handler. The manipulation of the argument dbhost leads to deserialization. The attack...
Malicious code in @evg-ui/lib (npm)
Malicious package. Executes hidden script during install to exfiltrate local IP, hostname, and homedir to an OAST server. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ee183b500af41035df15810e8e96ba76cf5a758c7d6d647678a1c3930ded627e Any computer that has this...
CVE-2023-24114
typecho 1.1/17.10.30 was discovered to contain a remote code execution RCE vulnerability via install.php...
Malicious code in concurrent-hashmap (npm)
This package runs a post-install script that exfils sensitive data to a attacker-controlled server. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b043630941c12131f7d10fdb97608a15c397c2cf21e74116aa2fd89a1840a58e Any computer that has this package installed or runni...
Malicious code in slf4j-api-js (npm)
This package runs a post-install script that exfils sensitive data to a attacker-controlled server. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b3bf0cf1724507eaf1d28ec976793772cc682047cc52a74438224fb96d61884b Any computer that has this package installed or runni...
WBCE-v1.6.3-Authenticated-RCE
WBCE CMS printerror$MESSAGE'GENERICINVALIDADDONFILE';...
Malicious code in @supera/share (npm)
This package runs commands in a pre-install script that exfils sensitive data to a attacker-controlled domain. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware c348a3e52ca7aa30cd6b9bd7234d6385f1305e8c0f04c400ff236df303f06628 Any computer that has this package install...
Malicious code in @supera/asjnakwndlja (npm)
This package runs commands in a pre-install script that exfils sensitive data to a attacker-controlled domain. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware fe6ab5a3ff2b2c90cfb7b31837f77cab7b08963f47908e8f5f34e9280b20fe2e Any computer that has this package install...
Malicious code in supera (npm)
This package runs commands in a pre-install script that exfils sensitive data to a attacker-controlled domain...
Malicious code in @supera/aaaaaaaaaaa (npm)
This package runs commands in a pre-install script that exfils sensitive data to a attacker-controlled domain. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware d347fb8b1e6f331c8dc5ba623c0b5f80932085711d95fd7e3f209c5180b5f79e Any computer that has this package install...
Malicious code in @isimplelab/ng2-charts (npm)
This package runs commands in a pre-install script that exfils sensitive data to a attacker-controlled domain. --- -= Per source details. Do not edit below this line.=-...
Malicious code in sample-notes-application (npm)
This package runs commands in a pre-install script that exfils sensitive data to a attacker-controlled domain...