Malicious code in solana-dexco-basic (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3c85fd31c83f8c435f8ac1833cf404a39af10af647c6305eab6e8ff993eadf9a The package solana-dexco-basic was found to contain malicious code. Source: ghsa-malware...

Malicious Package

Overview solana-dexco-basic is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

MAL-2025-192374 Malicious code in solana-dexco-basic (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3c85fd31c83f8c435f8ac1833cf404a39af10af647c6305eab6e8ff993eadf9a The package solana-dexco-basic was found to contain malicious code. Source: ghsa-malware...

[SECURITY] Fedora 43 Update: ubertooth-2020.12.R1-24.fc43

Project Ubertooth is an open source wireless development platform suitable for Bluetooth experimentation. Ubertooth ships with a capable BLE Bluetooth Smart sniffer and can sniff some data from Basic Rate BR Bluetooth Classic connections...

CVE-2025-65900

Kalmia CMS version 0.2.0 contains an Incorrect Access Control vulnerability in the /kal-api/auth/users API endpoint. Due to insufficient permission validation and excessive data exposure in the backend, an authenticated user with basic read permissions can retrieve sensitive information for all...

Your Data Might Determine How Much You Pay for Eggs

A newly enacted New York law requires retailers to say whether your data influences the price of basic goods like a dozen eggs or toilet paper, but not how...

axios-basic-logger (=1.0.0), react-micromodal.js (=1.0.0) potentially affected by unknown CVE via pico-uid (=1.0.2)

pico-uid NPM version =1.0.2 is affected by a known vulnerability. The following packages have a transitive dependency on pico-uid and may be impacted: - axios-basic-logger =1.0.0 - react-micromodal.js =1.0.0 Source cves: unknown CVE Source advisory: SNYK:JS-PICOUID-14103684...

Flowise Custom MCP Remote Code Execution

This module exploits a remote code execution vulnerability in Flowise versions = 2.2.7-patch.1 and use exploit/multi/http/flowisecustommcprce msf exploitflowisecustommcprce show targets ...targets... msf exploitflowisecustommcprce set TARGET msf exploitflowisecustommcprce show options ...show and...

TencentOS Server 4: skopeo (TSSA-2025:0634)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2025:0634 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...

HSEC-2023-0005 tls-extra: certificate validation does not check Basic Constraints

tls-extra: certificate validation does not check Basic Constraints tls-extra does not check the Basic Constraints extension of a certificate in certificate chain processing. Any certificate is treated as a CA certificate. As a consequence, anyone who has a valid certificate can use it to sign...

We opened a fake invoice and fell down a retro XWorm-shaped wormhole

Somebody forwarded an “invoice” email and asked me to check the attachment because it looked suspicious. Good instinct—it was, and what we found inside was a surprisingly old trick hiding a modern threat. What it does If the recipient had opened the attached Visual Basic Script .vbs file, it woul...

EUVD-2025-117509

Malicious code in basic-green-mollusk npm...

MAL-2025-138593 Malicious code in basic-green-mollusk (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c27433f0fa6bf15c5f4060e5f50fb47748d2d2ccdf05579f278a8b6f6d3accb8 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

EulerOS 2.0 SP12 : cups (EulerOS-SA-2025-2350)

According to the versions of the cups package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.12 and earlier, when the AuthTyp...

EulerOS 2.0 SP12 : cups (EulerOS-SA-2025-2319)

According to the versions of the cups package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.12 and earlier, when the AuthTyp...

EUVD-2025-101211

Malicious code in basicotterz3n npm...

EUVD-2025-93075

Malicious code in basiclandfowlz3n npm...

EUVD-2025-93076

Malicious code in basicgalliformz3n npm...

EUVD-2025-74958

Malicious code in basicmarmot-appteadev npm...

Malicious code in basic_marmot-appteadev (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cb53d5664a8c6cf78a1356b5a065d3d3ef2ca9240d184de6a118f69d457689c7 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...