Lucene search
K

863 matches found

OSSF Malicious Packages
OSSF Malicious Packages
added 2026/07/07 3:34 p.m.8 views

Malicious code in shopify-internel (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3eb1d4e4e70cff6efbfec48cbf205e071c73a70003863e2293dbf7035547f560 Package name 'shopify-internel' is a one-character misspelling of 'shopify-internal' and appears to squat on the Shopify namespace. The tarball...

6.1AI score
Exploits0References2
OSV
OSV
added 2026/07/07 3:34 p.m.8 views

MAL-2026-6941 Malicious code in shopify-internel (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3eb1d4e4e70cff6efbfec48cbf205e071c73a70003863e2293dbf7035547f560 Package name 'shopify-internel' is a one-character misspelling of 'shopify-internal' and appears to squat on the Shopify namespace. The tarball...

6.3AI score
Exploits0References2
NVD
NVD
added 2026/07/02 12:17 p.m.9 views

CVE-2026-57748

Contributor Local File Inclusion in Shopify = 1.0.0 versions...

7.5CVSS0.00284EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/07/02 11:15 a.m.35 views

CVE-2026-57748 WordPress Shopify plugin <= 1.0.0 - Local File Inclusion vulnerability

Contributor Local File Inclusion in Shopify = 1.0.0 versions...

7.5CVSS0.00284EPSS
Exploits0References1
CVE
CVE
added 2026/07/02 11:15 a.m.14 views

CVE-2026-57748

CVE-2026-57748 describes a Local File Inclusion vulnerability in the WordPress Shopify plugin for Shopify integrations, affecting versions up to 1.0.0. The available sources confirm the vulnerability class and affected product/version, but do not provide explicit root-cause details beyond LFI, ex...

7.5CVSS5.8AI score0.00284EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/07/02 8:8 a.m.6 views

WordPress Shopify plugin <= 1.0.0 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Rafie Muhammad in WordPress Plugin Shopify versions = 1.0.0...

7.5CVSS5.8AI score0.00284EPSS
Exploits0Affected Software1
Positive Technologies
Positive Technologies
added 2026/07/02 12:0 a.m.9 views

PT-2026-55036

Contributor Local File Inclusion in Shopify = 1.0.0 versions...

7.5CVSS5.8AI score0.00284EPSS
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/11 1:54 p.m.17 views

Malicious code in @tribe-digital/shopify-starter-theme (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 2d20022a66a46ee0bc6a944946691b3746c8e0262e00b90891bd6ef26519e8a9 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.5AI score
Exploits0References1
OSV
OSV
added 2026/06/11 1:54 p.m.9 views

MAL-2026-5664 Malicious code in @tribe-digital/shopify-starter-theme (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 2d20022a66a46ee0bc6a944946691b3746c8e0262e00b90891bd6ef26519e8a9 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.5AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/09 5:18 p.m.18 views

Malicious code in shopify-app-bridge-internal (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b21c63417fe3a82fd514d0af7c913fb3c1cd62915839dc8910483fb6484bbbd9 The package's preinstall lifecycle script in package.json runs unconditionally on npm install and issues an HTTPS GET to...

5.5AI score
Exploits0References2
OSV
OSV
added 2026/06/09 5:18 p.m.16 views

MAL-2026-5452 Malicious code in shopify-app-bridge-internal (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b21c63417fe3a82fd514d0af7c913fb3c1cd62915839dc8910483fb6484bbbd9 The package's preinstall lifecycle script in package.json runs unconditionally on npm install and issues an HTTPS GET to...

5.5AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/12 2:11 a.m.13 views

Malicious code in @tallyui/connector-shopify (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware d106ed4bb3649c216aa7b4a45dec994551171295f9a95aa27ed7e0561664e644 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.8AI score
Exploits0References6
OSV
OSV
added 2026/05/12 2:11 a.m.8 views

MAL-2026-3516 Malicious code in @tallyui/connector-shopify (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware d106ed4bb3649c216aa7b4a45dec994551171295f9a95aa27ed7e0561664e644 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.8AI score
Exploits0References6
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/04 1:43 a.m.22 views

Malicious code in edj-shopify-theme (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b0e23978c8bb0369f485f8c3e2384f10d9e649d13a3c198475ace4184c3757a5 The package edj-shopify-theme was found to contain malicious code. Source: ghsa-malware...

5.8AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/04 1:43 a.m.16 views

Malicious code in shopify-draggable (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f631da0153ed8da6498d0662d71d654389a24327b946635a3664d0de9d20b03f The package shopify-draggable was found to contain malicious code. Source: ghsa-malware...

5.8AI score
Exploits0References1
Snyk
Snyk
added 2026/05/04 1:43 a.m.6 views

Malicious Package

Overview shopify-draggable is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/05/04 1:43 a.m.8 views

Malicious Package

Overview edj-shopify-theme is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.8AI score
Exploits0References2
OSV
OSV
added 2026/05/04 1:43 a.m.6 views

MAL-2026-3277 Malicious code in edj-shopify-theme (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b0e23978c8bb0369f485f8c3e2384f10d9e649d13a3c198475ace4184c3757a5 The package edj-shopify-theme was found to contain malicious code. Source: ghsa-malware...

5.8AI score
Exploits0References1
OSV
OSV
added 2026/05/04 1:43 a.m.6 views

MAL-2026-3282 Malicious code in shopify-draggable (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f631da0153ed8da6498d0662d71d654389a24327b946635a3664d0de9d20b03f The package shopify-draggable was found to contain malicious code. Source: ghsa-malware...

5.8AI score
Exploits0References1
Hacker One
Hacker One
added 2026/04/26 10:35 p.m.30 views

Shopify: Missing HMAC validation on /uninstall webhook in Shopify/sample-django-app reference template

Repository: https://github.com/Shopify/sample-django-app Description The /uninstall webhook endpoint in sample-django-app processes incoming requests without verifying the X-Shopify-Hmac-Sha256 header. Shopify explicitly requires this validation as a mandatory security measure for all webhook...

5.8AI score
Exploits0
Rows per page
Query Builder