Malicious code in npm-builderio-qwik-poc (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 11a743cdce28dd141d636ff13baaee44df53fbaaed17efdc5a7380281b7097e1 The package's main entry index.js is a working browser exploit, not a library. When loaded in a DOM context, it creates a hidden iframe pointing at...

📄 WebRemoteControl Unauthenticated Remote Filesystem Access

WebRemoteControl suffers from an unauthenticated remote filesystem access vulnerability. This proof of concept exploit lets you browse directory contents and access files. Exploit Title: WebRemoteControl - Unauthenticated Remote Filesystem Access Date: 2026-04-14 Exploit Author: Chokri Hammedi...

SUSE CVE-2025-64443

MCP Gateway allows easy and secure running and deployment of MCP servers. In versions 0.27.0 and earlier, when MCP Gateway runs in sse or streaming transport mode, it is vulnerable to DNS rebinding. An attacker who can get a victim to visit a malicious website or be served a malicious advertiseme...

New ChatGPT Atlas Browser Exploit Lets Attackers Plant Persistent Hidden Commands

Cybersecurity researchers have discovered a new vulnerability in OpenAI's ChatGPT Atlas web browser that could allow malicious actors to inject nefarious instructions into the artificial intelligence AI-powered assistant's memory and run arbitrary code. "This exploit can allow attackers to infect...

EUVD-2016-6112

Malware in sbrugna...

EUVD-2016-3865

Malware in sbrugna...

EUVD-2019-3890

Malware in sbrugna...

EUVD-2018-10222

Malware in sbrugna...

EUVD-2021-13394

Malware in sbrugna...

EUVD-2002-0889

Malware in sbrugna...

EUVD-2024-51566

Malicious code in bioql PyPI...

EUVD-2022-41717

Malicious code in bioql PyPI...

EUVD-2024-30954

Malicious code in bioql PyPI...

EUVD-2024-23348

Malicious code in bioql PyPI...

naughty-images

This repository contains a collection of SVG images that exploit the SVG vulnerability in various browsers, allowing for cross-site scripting XSS attacks. The images are designed to trigger the vulnerability when loaded in a browser, potentially allowing an attacker to execute malicious code on t...

browsersploit

This is an advanced browser exploit pack for internal and external pentesting, aiming to gain access to internal computers. The tool is not for script kiddies or non-advanced coders, as it contains bugs and is intended for experienced users. The pack includes various techniques to bypass antiviru...

PT-2025-34300 · Unknown · Millenium Mp3 Studio

Name of the Vulnerable Software and Affected Versions: Millenium MP3 Studio versions through 2.0 Description: Millenium MP3 Studio versions up to and including 2.0 are vulnerable to a stack-based buffer overflow when parsing .pls playlist files. The application does not properly validate the leng...

CVE-2025-41391

Stored cross-site scripting vulnerability exists in multiple versions of PowerCMS. If a product user accesses a malicious page, an arbitrary script may be executed on the browser...

CVE-2025-54423 copyparty has a DOM-Based XSS vulnerability when displaying multimedia metadata

copyparty is a portable file server. In versions up to and including versions 1.18.4, an unauthenticated attacker is able to execute arbitrary JavaScript code in a victim's browser due to improper sanitization of multimedia tags in music files, including m3u files. This is fixed in version 1.18.5...

CVE-2025-53923

Emlog is an open source website building system. A cross-site scripting XSS vulnerability in emlog up to and including pro-2.5.17 allows remote attackers to inject arbitrary web script or HTML via the keyword parameter. Due to lack of sanitization it is possible to inject HTML/JS code into keywor...