22 matches found
EUVD-2025-202379
Malicious code in vue2-amis-custom-widget-pro npm...
Malicious code in vue2-amis-custom-widget-pro (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c676b8d3fdeb2773313404ba039b4e2162b5e516e6938db609188c352f319cc8 The package vue2-amis-custom-widget-pro was found to contain malicious code. Source: ghsa-malware...
MAL-2025-192423 Malicious code in vue2-amis-custom-widget-pro (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c676b8d3fdeb2773313404ba039b4e2162b5e516e6938db609188c352f319cc8 The package vue2-amis-custom-widget-pro was found to contain malicious code. Source: ghsa-malware...
EUVD-2025-202378
Malicious code in vue2-amis-custom-widget123 npm...
Malicious code in vue2-amis-custom-widget123 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 027b467c811b36f60dc7589ccd8251ffc56de7f40345d6a471a3a550a2a8df7e The package vue2-amis-custom-widget123 was found to contain malicious code. Source: ossf-package-analysis...
AWS VDP: Private AWS AMIs are temporarily being exposed publicly
Temporary public exposure of private AWS AMIs was discovered. Multiple AMIs with internal AWS-related content were found in the public AMI community catalog, but were quickly removed. An EC2 instance was successfully created using one of the exposed AMIs, revealing the presence of undocumented...
Malicious code in amis-widget333 (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 0f509676bdf1121ae9f9053091311b63ada66c411a1e791754de5bdda100eeb7 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in amis-widget77777 (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 6d942d0ef0acfd81130cbd80a7296143bb7e3fd2bd08430bdaeefddea85c72c7 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2025-2089 Malicious code in amis-widget77777 (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 6d942d0ef0acfd81130cbd80a7296143bb7e3fd2bd08430bdaeefddea85c72c7 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2025-2088 Malicious code in amis-widget333 (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 0f509676bdf1121ae9f9053091311b63ada66c411a1e791754de5bdda100eeb7 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in amis-test1 (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 907fed13cac56efe0df742c4ebb89e8e62fd4df5e4d284ebc7dd48a848a0647d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in vue2-amis-custom-widget-k (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 7995bc4ce2d3fd487e75baadf8d21d894607e1f79d0142c3aed2ed6c5bf88136 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2024-1310 Malicious code in vue2-amis-custom-widget-k (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 7995bc4ce2d3fd487e75baadf8d21d894607e1f79d0142c3aed2ed6c5bf88136 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2024-1311 Malicious code in vue2-amis-custom-widget-kk (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware de21054a3b5e13b8447bf6f0be9f2fe496ccdc7a29fd73162292d1373ed8437f Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
amis-saint-andre.com Cross Site Scripting vulnerability OBB-3898763
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
amis-talleyrand.org Cross Site Scripting vulnerability OBB-3860083
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
amis-gendarmerie.com Cross Site Scripting vulnerability OBB-3118657
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
Bamboo for Windows uses a version of Git LFS vulnerable to remote code execution (CVE-2021-21237)
Git LFS is vulnerable to remote code execution on Windows CVE-2021-21237: On Windows, if Git LFS operates on a malicious repository with a git.bat or git.exe file in the current directory, that program would be executed, permitting the attacker to execute arbitrary code. This does not affect Unix...
Bamboo for Windows uses a version of Git LFS vulnerable to remote code execution (CVE-2021-21237)
Git LFS is vulnerable to remote code execution on Windows CVE-2021-21237: On Windows, if Git LFS operates on a malicious repository with a git.bat or git.exe file in the current directory, that program would be executed, permitting the attacker to execute arbitrary code. This does not affect Unix...
Researchers Sound Alarm Over Malicious AWS Community AMIs
Researchers are sounding the alarm over what they say is a growing threat vector tied to Amazon Web Services and its marketplace of pre-configured virtual servers. The danger, according to researchers with Mitiga, is that threat actors can easily build malware-laced Community Amazon Machine Image...