28731 matches found
CVE-2025-7342
A security issue was discovered in the Kubernetes Image Builder where default credentials are enabled during the Windows image build process when using the Nutanix or VMware OVA providers. These credentials, which allow root access, are disabled at the conclusion of the build. Kubernetes clusters...
MAL-2025-6895 Malicious code in commonweb-setup (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 0c019e3086bf1cec9b859c8fe048187fc7cf6dc866de93fbd0ff2182b3e4fc0a The OpenSSF Package Analysis project identified 'commonweb-setup' @ 10.11.0 npm as malicious. It is considered malicious because: - The package...
MAL-2025-6947 Malicious code in personalizationtrkserv (npm)
The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 4e171fa4d76ea31b32b21ec8efae81c75a65d7adcc42a621c06cfd5406110131 The OpenSSF Package Analysis project identified...
Malicious code in project-bounty (npm)
The package communicates with a domain associated with malicious activity...
MAL-2025-6949 Malicious code in project-bounty (npm)
The package communicates with a domain associated with malicious activity...
MAL-2025-6950 Malicious code in project-luck (npm)
The package communicates with a domain associated with malicious activity...
Malicious code in project-luck (npm)
The package communicates with a domain associated with malicious activity...
Malicious code in vite-plugin-netx-project (npm)
The package communicates with a domain associated with malicious activity...
MAL-2025-6967 Malicious code in vite-plugin-netx-project (npm)
The package communicates with a domain associated with malicious activity...
CVE-2025-55203
Plane is open-source project management software. Prior to version 0.28.0, a stored cross-site scripting XSS vulnerability exists in the descriptionhtml field of Plane. This flaw allows an attacker to inject malicious JavaScript code that is stored and later executed in other users’ browsers. The...
CVE-2025-55203 Plane Stored XSS in Add Work Item Functionality
Plane is open-source project management software. Prior to version 0.28.0, a stored cross-site scripting XSS vulnerability exists in the descriptionhtml field of Plane. This flaw allows an attacker to inject malicious JavaScript code that is stored and later executed in other users’ browsers. The...
CVE-2025-55203
Plane is an open‑source project management tool. A stored XSS vulnerability exists in the description_html field prior to version 0.28.0, where unsanitized/uncleaned input allows attacker‑provided JavaScript to be saved in the database and executed in other users’ browsers. Impacts include potent...
CVE-2025-55203 Plane Stored XSS in Add Work Item Functionality
Plane is open-source project management software. Prior to version 0.28.0, a stored cross-site scripting XSS vulnerability exists in the descriptionhtml field of Plane. This flaw allows an attacker to inject malicious JavaScript code that is stored and later executed in other users’ browsers. The...
CVE-2025-9012 PHPGurukul Online Shopping Portal Project bill-ship-addresses.php sql injection
A vulnerability was identified in PHPGurukul Online Shopping Portal Project 2.0. This affects an unknown part of the file shopping/bill-ship-addresses.php. The manipulation of the argument billingpincode leads to sql injection. It is possible to initiate the attack remotely. The exploit has been...
MAL-2025-6879 Malicious code in @yaqiguo/dnstest (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis d10a6c69fefe74572e208680a6e74fa93be7f549ac4f033a0dbbfc6ddb656b43 The OpenSSF Package Analysis project identified '@yaqiguo/dnstest' @ 1.0.0 npm as malicious. It is considered malicious because: - The package...
PHPGurukul Online Shopping Portal Project 注入漏洞
Online Shopping Portal Project is an online shopping portal project. Online Shopping Portal Project suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter billingpincode in the file...
PT-2025-34582 · Git · Libwebp
OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=438294044 Crash type: Null-dereference READ Crash state: enc [email protected]...
Malicious code in cliff-yak-pes843-project (npm)
The package cliff-yak-pes843-project was found to contain malicious code...
Malicious code in horizon-fern-syz975-project (npm)
The package horizon-fern-syz975-project was found to contain malicious code...
Malicious code in lilypad-jungle-smt429-project (npm)
The package lilypad-jungle-smt429-project was found to contain malicious code...