119 matches found
EUVD-2025-7821
Malicious code in bioql PyPI...
FreeBSD : kanboard -- Password Reset Poisoning via Host Header Injection (e26608ff-5266-11f0-b522-b42e991fc52e)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the e26608ff-5266-11f0-b522-b42e991fc52e advisory. GitHub Security Advisories reports: Kanboard allows password reset emails to be sent with URLs derived...
MAL-2025-2227 Malicious code in nyc-config (npm)
This package runs commands in a pre-install script that exfils sensitive data to a attacker-controlled domain. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 83c7949463fd0e15f454229b42a3390cd388e5421cf90b12a13253be059b9792 Any computer that has this package install...
MAL-2025-3944 Malicious code in yxt-factor (npm)
This package runs commands in a pre-install script that exfils sensitive data to a attacker-controlled domain. --- -= Per source details. Do not edit below this line.=-...
MAL-2025-1541 Malicious code in charts-e2e (npm)
This package runs commands in a pre-install script that exfils sensitive data to a attacker-controlled domain...
MAL-2025-1542 Malicious code in com.adobe.cq.core.wcm.components.content (npm)
This package runs commands in a pre-install script that exfils sensitive data to a attacker-controlled domain...
MAL-2025-1544 Malicious code in sample-notes-application (npm)
This package runs commands in a pre-install script that exfils sensitive data to a attacker-controlled domain...
MAL-2025-1545 Malicious code in testing098765 (npm)
This package runs commands in a pre-install script that exfils sensitive data to a attacker-controlled domain...
MAL-2025-1535 Malicious code in archon1 (npm)
This package runs commands in a pre-install script that exfils sensitive data to a attacker-controlled domain. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware c7bb776dd2e73bc0826f47abfa61c8a0116dc3a78fd66b3924379c9971278e3b Any computer that has this package install...
MAL-2025-1537 Malicious code in archon6 (npm)
This package runs commands in a pre-install script that exfils sensitive data to a attacker-controlled domain. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 9926eff92492428efb3018691093b936b8924920a886240875a09cec72235ead Any computer that has this package install...
MAL-2025-1539 Malicious code in my-archon (npm)
This package runs commands in a pre-install script that exfils sensitive data to a attacker-controlled domain. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 8c7bbe8cfdc04ced4b0dff759d1be7c1edfc86383d562400758b12247002608f Any computer that has this package install...
MAL-2025-1551 Malicious code in explore-assistant (npm)
This package runs commands on import that exfils sensitive data to a attacker-controlled domain. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware d9e10cb387b2960187d5b207b5b8dd3c8e8583e0c91741a0c4506c05af801ed2 Any computer that has this package installed or running...
MAL-2025-1552 Malicious code in flow-inflation-client (npm)
This package runs commands on import that exfils sensitive data to a attacker-controlled domain. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 9e8b85d87e86c398459dbc07b5a2b235efca84f069f6656c40462a7c7783c7e2 Any computer that has this package installed or running...
MAL-2025-1554 Malicious code in honeybook-marketing-gatsby (npm)
This package runs commands on import that exfils sensitive data to a attacker-controlled domain. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f6a761d9d52123cbe6038ec3bf99541c0d74203f7a450e8149baf18d9ed8fb6b Any computer that has this package installed or running...
MAL-2025-1529 Malicious code in app_custom_pinterest (npm)
This package runs commands in a pre-install script that exfils sensitive data to a attacker-controlled domain. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b6eda30e8662c93eff9aaf1eab0b5e8b94ded5b54ef5e06511df7f16fe714aa9 Any computer that has this package install...
MAL-2025-1530 Malicious code in bm_pinterest (npm)
This package runs commands in a pre-install script that exfils sensitive data to a attacker-controlled domain. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware db53ad3a5da691f044a5de461b6045524d00aa3877c21a780694c922ede4c76a Any computer that has this package install...
MAL-2025-1531 Malicious code in cse-common-arch--long-running-app--create-vm-cf (npm)
This package runs commands in a pre-install script that exfils sensitive data to a attacker-controlled domain. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 0082d72cd8ecadc18bff535a47c4269d9f8ed6d91c6c4a68c6285abf1fe38320 Any computer that has this package install...
MAL-2025-1532 Malicious code in int_pinterest_sfra (npm)
This package runs commands in a pre-install script that exfils sensitive data to a attacker-controlled domain. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 5df2e57eea52ed8dde5d43556a1ba3cf1936fcf242455da6ded7ae795ce25a5c Any computer that has this package install...
MAL-2025-1534 Malicious code in zooplus (npm)
This package runs commands in a pre-install script that exfils sensitive data to a attacker-controlled domain. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 338ded2323b894429782cac281caf09ea97a7fdd7f43c23a4d058b8947d806cb Any computer that has this package install...
MAL-2025-1523 Malicious code in clubhouse-to-linear-exporter (npm)
This package runs commands in a pre-install script that exfils sensitive data to a attacker-controlled domain. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 763c04a1400336e5c62621aba4027b81dfb2b2ba0b01ec823e0f4f62703e0eed Any computer that has this package install...