Malicious code in bui-react-10components (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3fd97accb94b52913accc33671fd34134afa96fd92bc09e5d0c440eef9b1a8c6 The package bui-react-10components was found to contain malicious code. Source: ossf-package-analysis...

MAL-2026-3804 Malicious code in bui-react-10components (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3fd97accb94b52913accc33671fd34134afa96fd92bc09e5d0c440eef9b1a8c6 The package bui-react-10components was found to contain malicious code. Source: ossf-package-analysis...

EUVD-2025-30706

Malicious code in bioql PyPI...

EUVD-2023-29443

Malicious code in bioql PyPI...

CVE-2025-57946

Cross-Site Request Forgery CSRF vulnerability in Loc Bui payOS payos allows Cross Site Request Forgery.This issue affects payOS: from n/a through = 1.0.73...

CVE-2025-57946

Cross-Site Request Forgery CSRF vulnerability in Loc Bui payOS payos allows Cross Site Request Forgery.This issue affects payOS: from n/a through = 1.0.73...

PT-2025-38796

Name of the Vulnerable Software and Affected Versions payOS versions through 1.0.61 Description A Cross-Site Request Forgery CSRF issue exists in Loc Bui payOS. This allows an attacker to perform actions on behalf of a user without their knowledge. The issue affects payOS versions through 1.0.61...

MAL-2025-3875 Malicious code in bui-react-10 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 7efb9896b372501d00ef7c23655b29a8eed7ffe274410cb4d2748ec4aa96eda7 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in bui-react-10 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 7efb9896b372501d00ef7c23655b29a8eed7ffe274410cb4d2748ec4aa96eda7 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2023-25488 WordPress WP Default Feature Image Plugin <= 1.0.1.1 is vulnerable to Cross Site Scripting (XSS)

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Duc Bui Quang WP Default Feature Image plugin = 1.0.1.1 versions...

CVE-2023-25488

CVE-2023-25488 applies to the WordPress plugin WP Default Feature Image . The connected sources describe a Stored Cross-Site Scripting (XSS) vulnerability that affects versions up to and including 1.0.1.1 . The root cause is an input/processing flaw in the plugin’s default feature image handling ...

CVE-2023-25488 WordPress WP Default Feature Image Plugin <= 1.0.1.1 is vulnerable to Cross Site Scripting (XSS)

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Duc Bui Quang WP Default Feature Image plugin = 1.0.1.1 versions...

PT-2023-20106 · WordPress · Duc Bui Quang Wp Default Feature Image

Name of the Vulnerable Software and Affected Versions: Duc Bui Quang WP Default Feature Image plugin versions 1.0.1.1 and earlier Description: The issue is related to a Stored Cross-Site Scripting XSS vulnerability that requires authentication with admin+ privileges. This vulnerability affects th...

MAL-2023-280 Malicious code in dow-load-the-best-we-could-do-by-thi-bui-on-ipad-new-format- (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware cbe34371c86eb25d33028fc43131c1b1b281f7e57986816c88163b17125302b1 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in @tinkoff-react-bui/input (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 8f3abba81dd7afefb444eaea1ecbf7340da688924bfac3688c7eb968144bb090 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2022-655 Malicious code in @tinkoff-react-bui/input (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 8f3abba81dd7afefb444eaea1ecbf7340da688924bfac3688c7eb968144bb090 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2022-650 Malicious code in @tinkoff-react-bui/checkbox-boxed (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware eaeb0cc30dd0ebe2f291e5f8800e5e239c91df14eb22ca8ce4140697249acadb Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2022-647 Malicious code in @tinkoff-react-bui/animation (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware c8a585bbe295ae8c576090635a2562eb4ca85c55846e2fe6f9b499117dda47cd Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in @tinkoff-react-bui/context-menu (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 2f239b4e149956ae7fcbe368e6040942fc96e8fd6a13a332a4c1e64cffb9747d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2022-651 Malicious code in @tinkoff-react-bui/click-outside (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 2d6fd8d87a4337f42d814472a9379a3e44a7a9fa8d60e4957c396d580e0d85dc Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...