36 matches found
Malicious code in @databus-service-ui/scroll-up-content (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 02414b019347c91f59a506d88dffc19306c7c287936df0d42327ad6b32eb0bf2 scripts/postinstall.js performs two independent attacker-benefit actions when npm install runs. First, it scrapes installer-side secrets — environmen...
Malicious code in @tailwind-core/oxide-linux-x64-gnu (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a107a0746f2f5159d661e4d332eac53f871b9d22f80caf5863bdd713e252ae00 The package name '@tailwind-core/oxide-linux-x64-gnu' impersonates the legitimate Tailwind CSS v4 oxide engine package...
Malicious code in zod-to-js (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 370d1632254cb5b5dbd394992054b6c0e943a6fb758ab70f470c059ee734b9c0 The package is published as 'zod-to-js' but ships a copy of pino's source tree main entry pino.js, lib/proto.js, lib/levels.js, pino docs/README with...
Exploit for Improper Input Validation in Siemens 6Bk1602-0Aa12-0Tp0_Firmware
🚀 Automated Log4Shell CVE-2021-44228 Play & Plug Lab An aut...
MAL-2026-3767 Malicious code in node-ci-utils (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1593e77b5e2763e7ace49c239accedfe30209faea11bc07cf3901a7253798444 On require'node-ci-utils', index.js runs a top-level init that, on Linux, creates a hidden directory /.local/share/.nodecache/, downloads an opaque...
WordPress SearchWiz plugin cross-site scripting vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists in the WordPress SearchWiz plugin that stems from the use of escattr instead of eschtml to output post titles in search results, whic...
EUVD-2019-9104
Malware in sbrugna...
EUVD-2020-21839
Malware in sbrugna...
EUVD-2017-5608
Malware in sbrugna...
EUVD-2020-23508
Malware in sbrugna...
EUVD-2022-27990
Malicious code in bioql PyPI...
EUVD-2025-13428
Malicious code in bioql PyPI...
EUVD-2025-6549
Malicious code in bioql PyPI...
EUVD-2022-5593
Malicious code in bioql PyPI...
form-data uses unsafe random function in form-data for choosing boundary
Summary form-data uses Math.random to select a boundary value for multipart form-encoded data. This can lead to a security issue if an attacker: 1. can observe other values produced by Math.random in the target application, and 2. can control one field of a request made using form-data Because th...
CVE-2025-45880
A cross-site scripting XSS vulnerability in the data resource management function of Miliaris Amigdala v2.2.6 allows attackers to execute arbitrary HTML in the context of a user's browser via a crafted payload...
CVE-2025-41365 Code injection vulnerability in IDF and ZLF
Code injection vulnerability in IDF v0.10.0-0C03-03 and ZLF v0.10.0-0C03-04. This vulnerability allows an attacker to store malicious payload in software that will run in the victim's browser. Exploiting this vulnerability requires authenticating to the device and executing certain commands that...
PT-2025-23906 · Crates.Io · Deno
Summary Static imports are exempted from the network permission check. An attacker could exploit this to leak the password file on the network. Details Static imports in Deno are exempted from the network permission check. This can be exploited by attackers in multiple ways, when third-party code...
CVE-2023-39707
A stored cross-site scripting XSS vulnerability in Free and Open Source Inventory Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Add Expense parameter under the Expense section...
CVE-2023-6367
In WhatsUp Gold versions released before 2023.1, a stored cross-site scripting XSS vulnerability has been identified. It is possible for an attacker to craft a XSS payload and store that value within Roles. If a WhatsUp Gold user interacts with the crafted payload, the attacker would be able to...