Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. Compromised versions of this package contain a file called bundle.js that exfiltrates secrets from the user's accounts, including credentials and API tokens. It also downloads malicious files and repackages them...

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. Compromised versions of this package contain a file called bundle.js that exfiltrates secrets from the user's accounts, including credentials and API tokens. It also downloads malicious files and repackages them...

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. Compromised versions of this package contain a file called bundle.js that exfiltrates secrets from the user's accounts, including credentials and API tokens. It also downloads malicious files and repackages them...

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. Compromised versions of this package contain a file called bundle.js that exfiltrates secrets from the user's accounts, including credentials and API tokens. It also downloads malicious files and repackages them...

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. Compromised versions of this package contain a file called bundle.js that exfiltrates secrets from the user's accounts, including credentials and API tokens. It also downloads malicious files and repackages them...

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. Compromised versions of this package contain a file called bundle.js that exfiltrates secrets from the user's accounts, including credentials and API tokens. It also downloads malicious files and repackages them...

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. Compromised versions of this package contain a file called bundle.js that exfiltrates secrets from the user's accounts, including credentials and API tokens. It also downloads malicious files and repackages them...

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. Compromised versions of this package contain a file called bundle.js that exfiltrates secrets from the user's accounts, including credentials and API tokens. It also downloads malicious files and repackages them...

CVE-2025-58991

Cross-Site Request Forgery CSRF vulnerability in Cristiano Zanca WooCommerce Booking Bundle Hours allows Stored XSS. This issue affects WooCommerce Booking Bundle Hours: from n/a through 0.7.4...

CVE-2025-42918

creationtimestamp| type| source ---|---|--- 2025-09-11 13:37:23+00:00| seen| https://vulnerability.circl.lu/bundle/43ff9e04-da8f-45fe-a06a-e8f9b84a2d14...

CVE-2025-42925

creationtimestamp| type| source ---|---|--- 2025-09-11 13:37:23+00:00| seen| https://vulnerability.circl.lu/bundle/43ff9e04-da8f-45fe-a06a-e8f9b84a2d14...

CVE-2025-42923

creationtimestamp| type| source ---|---|--- 2025-09-11 13:37:23+00:00| seen| https://vulnerability.circl.lu/bundle/43ff9e04-da8f-45fe-a06a-e8f9b84a2d14...

CVE-2025-42915

creationtimestamp| type| source ---|---|--- 2025-09-11 13:37:23+00:00| seen| https://vulnerability.circl.lu/bundle/43ff9e04-da8f-45fe-a06a-e8f9b84a2d14...

Malicious code in @flashbotts/ethers-provider-bundle (npm)

The package @flashbotts/ethers-provider-bundle was found to contain malicious code. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 88980ba81c782cffc6fd3ec8404e5c34d79fe5ae04b08f979135e503c9b01c4f Any computer that has this package installed or running should be...

MAL-2025-47028 Malicious code in @flashbotts/ethers-provider-bundle (npm)

The package @flashbotts/ethers-provider-bundle was found to contain malicious code. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 88980ba81c782cffc6fd3ec8404e5c34d79fe5ae04b08f979135e503c9b01c4f Any computer that has this package installed or running should be...

Cisco IOS XR Software Image Verification Bypass Vulnerability

A vulnerability in the installation process of Cisco IOS XR Software could allow an authenticated, local attacker to bypass Cisco IOS XR Software image signature verification and load unsigned software on an affected device. To exploit this vulnerability, the attacker must have root-system...

Linux Distros Unpatched Vulnerability : CVE-2016-1000006

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - hhvm before 3.12.11 has a use-after-free in the serializememoizeparam and ResourceBundle::construct functions. CVE-2016-1000006 Note that Nessus relies on the...

Deserialization of Untrusted Data

Overview monai is an AI Toolkit for Healthcare Imaging Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the load function in the bundle/scripts.py file, which uses torch.load with weightsonly=True parameter. An attacker can execute arbitrary commands by...

CVE-2025-58991

Cross-Site Request Forgery CSRF vulnerability in Cristiano Zanca WooCommerce Booking Bundle Hours allows Stored XSS. This issue affects WooCommerce Booking Bundle Hours: from n/a through 0.7.4...

CVE-2025-58991

The CVE-2025-58991 entry documents a CSRF vulnerability in the WooCommerce Booking Bundle Hours WordPress plugin that can lead to Stored XSS. Affected software: WooCommerce Booking Bundle Hours (versions up to 0.7.4). Root cause: cross-site request forgery enabling stored XSS payloads. Impact is ...