213 matches found
CVE-2026-43942
electerm is an open-sourced terminal/ssh/sftp/telnet/serialport/RDP/VNC/Spice/ftp client. In versions 3.8.15 and prior, the getConstants IPC handler in src/app/lib/ipc-sync.js serialises the entire process.env object and sends it to the renderer. The data is stored as window.pre.env and is...
Malicious code in webmd-cookie (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6cea3e633de27fc446b20af035d103f0637ac73c9c5be185697d6c00e2329656 The package webmd-cookie was found to contain malicious code. Source: ghsa-malware 7c4d61d057a9a7c2e3ba6c1c54a58091ac030eff25b877dc80a22e0a804db962 A...
MAL-2025-191240 Malicious code in @kvytech/medusa-plugin-promotion (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f2a466e1f572169367ae23de09311bd07d68a2fb1a6b31c6e3347a8f7305f2e5 The package @kvytech/medusa-plugin-promotion was found to contain malicious code. Source: ghsa-malware...
Malicious code in @testcarrot/supply7 (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 6b3fc279837edb0be645020c30f0d706a43f965e28e6efef716e2283301fe06e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in reproduction-hardhat (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 5ff49260182fa6026d9c786cbe4327341440dc9cea5e33c43d1687ed1effe699 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2024-11125 Malicious code in wx-pocdev (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 14db1a8cc86e2cb9a45dc7eb659c498497224b3646918bfbfcf27f6bb34bd39a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2024-11057 Malicious code in node-pyt (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a4b2431b7afc4767a29701cf852758e5395e59146150977199f8b037405c6efa Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2024-11004 Malicious code in seller-webchat-ui (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 7ea4f9c784e3e3c7d5f98a2c973d3f87e15ae439cdd4fe1b46362551a22772cd Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2024-11020 Malicious code in xenoupdater (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a11b67eabd1e2cf8e087541746de507bf4086496e7f122ef544b0e1a91a2053e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2024-10431 Malicious code in ethgass-reporter (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 9e278f81839ea2e511d9b9d90880271f216f0694163070eb39cba33d0fd3e138 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2024-10280 Malicious code in xk6-toml (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 551700c0879f93238fce3b7ad7cdbad0c44f8e068838fb16e2078032e964835e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2024-9181 Malicious code in script-updated-gta-5-ragemp-spoofer-hwid-unban-zcnl0m (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 00fcb4f478bf592c6510a3d43d07dfc4d63123c22879dd45abe95f02e9b22006 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2024-9161 Malicious code in latest-update-my-restaurant-script-h-a-c-k-jd9nxv (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware afa259ca096e2da8913d7e73ec78a1a5d917a209e45c05883679b1b5ea2a1030 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2024-9183 Malicious code in sdk-integration-tests (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 03dafa3e57d86169a6645da2a922b01ee1da954a3b98e6cf5c31c63575cdd133 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2024-8968 Malicious code in com.sendbird.chat (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b4ab38916865b3515a3b2abac6563461d11ff5bbd7ccf48a1c05fddb8547ca28 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2024-8901 Malicious code in evm-oracle (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware e3c91e468e1cf1503476c51feda4ab0bfb701bc195a5b682801c9182256704b6 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2024-8880 Malicious code in noblox.js-middleware (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 3a99f8513da9b2441bf875b756b42f51b9291496d89c61382033c8f734c089a5 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2024-8867 Malicious code in node-integration-test (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 23d6de79c4bf861e69bfe8d180b460e32004ab2e37565da361ba8874d29c6a71 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2024-8757 Malicious code in dither-client (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 9f09cd477a0368ca1d03c2e29875affc6d0c4da2fd1a7251cebdbf40e872f363 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2024-8794 Malicious code in pdm-skeleton (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware c8ba9c7f0e8687739c6047f24241f9e715c735f096f38643dc9c818c09d6cab2 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...