PT-2025-43446

Name of the Vulnerable Software and Affected Versions affected versions not specified Description A serious authentication flaw allowed attackers with valid credentials to bypass multi-factor authentication under certain conditions, potentially compromising user accounts. Recommendations At the...

MAL-2025-46982 Malicious code in supports-hyperlinks (npm)

The package was compromised and malicious code added. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware e6b84cdad651002e1e7ef0c1095ad079307474d09b03369f3b025eba0188e377 Any computer that has this package installed or running should be considered fully compromised. All...

Malicious code in zd-cms (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 2cd4b6e5f904d9039529f697c3ca31c5d9f0076ffa83fe179d054059ae14df3e Any computer that has this package installed or running should be considered...

Malicious code in moment-encryption (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ff1ffe845cd41861606d3dc20d843dbe68a99b2db1e87c2e012b8a804a78c494 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in zzmaliciouspackage (npm)

This package runs commands in a pre-install script that exfils sensitive data to a attacker-controlled domain. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 5b6eee7714701896e6638dc9197f76de1edb7e14cb011d48717bfc516b793600 Any computer that has this package install...

Malicious code in apple-utils (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware e28a28424c3eb52b6465dc90e9a4baeb05ea21a773f02f424c581a09086337af Any computer that has this package installed or running should be considered...

Malicious code in mattermost-developer-documentation (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 8f5ce1bed6d6701617a1c4d5125a25fb8a534572644617c724fa576c1244ab4a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in symphony-markdown (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware d8ac47d747638835685ead66cf3fe6fc737f93e540093a4f94b0148b45db3c3e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2024-50350

LibreNMS exposes a Stored XSS in Port Settings when creating a Port Group via EditPortsController.php. An authenticated user can inject JavaScript into the name field, which executes when the Port Settings page is revisited after the Port Group is added to a device. Impact includes potential sess...

CVE-2024-51381

Cross-Site Request Forgery CSRF vulnerability in JATOS v3.9.3 that allows attackers to perform actions reserved for administrators, including creating admin accounts. This critical flaw can lead to unauthorized activities, compromising the security and integrity of the platform, especially if an...

MAL-2024-9307 Malicious code in 2mul1k (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware da2250b764463375588d49e82f6a7bc6ca0d1831d20fb9daacf172ecb998d267 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2024-47527

Summary (CVE-2024-47527, LibreNMS) A Stored Cross-Site Scripting (XSS) vulnerability exists in LibreNMS, affecting the Device Dependencies feature. The flaw allows an authenticated user to inject arbitrary JavaScript via the device hostname parameter, which can execute in other users’ sessions, p...

MAL-2024-8136 Malicious code in @diotoborg/aperiam-voluptatibus (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware e717e1f4318ce646f6ccb8e93e832be8a07e25b7d8f391723e75d2cfd7fe8b02 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2024-8638 Malicious code in @diotoborg/soluta-in (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 34af029a53a47bb437e077e1bf87055fb35966441d5d0c0c1fbf2d27ab324486 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2024-8400 Malicious code in @diotoborg/laudantium-itaque-esse (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 88fde04f430067b755b12e6033819aaaa035c46404ed98c443bfbc64f1f18d0a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2024-22116

CVE-2024-22116 affects Zabbix: an administrator with restricted permissions can abuse the Script Execution feature in the Monitoring Hosts section by exploiting the Ping script’s parameters, due to missing default escaping. This leads to arbitrary code execution and infrastructure compromise. Pub...

Remote code execution in Spring Cloud Data Flow

In Spring Cloud Data Flow versions prior to 2.11.4, a malicious user who has access to the Skipper server api can use a crafted upload request to write an arbitrary file to any location on the file system which could lead to compromising the server...

CVE-2024-21157

Vulnerability in the MySQL Server product of Oracle MySQL component: InnoDB. Supported versions that are affected are 8.0.36 and prior and 8.4.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server...

MAL-2024-7433 Malicious code in action-utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 31baa3db4424164fa3d7884ba12d4c44fdfe3bc4db9eb835121b5adbeb9485db Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2024-7186 Malicious code in @zitterorg/earum-harum (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 1d4c73a24d701e3e80887680652851ba5db6d157865b02478f59b852d05380b6 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...