327 matches found
Malicious code in @lir-portal/web-components (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f6cc9f2fe6ad0219df5db208b736cb45305b7e7062ec9d66a3316427e050989f Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2026-3964 Malicious code in @antv/g-web-components (npm)
Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...
Malicious code in @antv/g-web-components (npm)
Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...
@antv/g-mobile-webgl (>=1.0.0 <=1.1.1), @antv/g-plugin-3d (>=2.0.0 <=2.1.1) +7 more potentially affected by unknown CVE via @antv/g-shader-components (>=2.0.0 <=2.0.1-beta.0)
@antv/g-shader-components NPM version =2.0.0, =1.0.0, =2.0.0, =2.0.0, =2.0.0, =2.0.0, =2.0.0, =0.2.0, =0.1.0, =1.0.2, =1.0.8 Source cves: unknown CVE Source advisory: OSV:MAL-2026-3961...
Malicious code in mimecast-web-components (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 31248312aa36cca999d7f40ba478d484be495b350e0858850baf3a9a6bf15630 The OpenSSF Package Analysis project identified 'mimecast-web-components' @ 2.0.0 npm as malicious. It is considered malicious because: - The...
MAL-2026-3618 Malicious code in mimecast-web-components (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 31248312aa36cca999d7f40ba478d484be495b350e0858850baf3a9a6bf15630 The OpenSSF Package Analysis project identified 'mimecast-web-components' @ 2.0.0 npm as malicious. It is considered malicious because: - The...
CVE-2026-42224
ipl/web is a set of common web components for php projects. Prior to version 0.13.1, the vulnerability allows an attacker to inject malicious Javascript into a victim's browser to run it in the context of Icinga Web. The victim needs to visit a specifically prepared website and may have no...
CVE-2026-42224
ipl/web is a set of common web components for php projects. Prior to version 0.13.1, the vulnerability allows an attacker to inject malicious Javascript into a victim's browser to run it in the context of Icinga Web. The victim needs to visit a specifically prepared website and may have no...
CVE-2026-42224 ipl/web is vulnerable to reflected XSS by malformed search requests
ipl/web is a set of common web components for php projects. Prior to version 0.13.1, the vulnerability allows an attacker to inject malicious Javascript into a victim's browser to run it in the context of Icinga Web. The victim needs to visit a specifically prepared website and may have no...
PT-2026-24486
Name of the Vulnerable Software and Affected Versions Umbraco versions 16.2.0 through 16.5.0 Umbraco version 17.2.2 Description Umbraco is an ASP.NET CMS. An authenticated backoffice user with access to Settings can inject malicious HTML into property type descriptions. The issue stems from an...
EUVD-2021-23769
Malware in sbrugna...
EUVD-2019-14918
Malware in sbrugna...
EUVD-2021-23770
Malware in sbrugna...
EUVD-2021-23771
Malware in sbrugna...
EUVD-2021-23772
Malware in sbrugna...
EUVD-2021-23768
Malware in sbrugna...
EUVD-2002-0853
Malware in sbrugna...
EUVD-2002-0719
Malware in sbrugna...
EUVD-2024-2675
Malicious code in bioql PyPI...
EUVD-2022-4061
Malicious code in bioql PyPI...