Malicious code in artyfact-storage (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 3e7943603e230dc9bc1cd9f5f44133fe1b4fee90cb69929ae4b0308b61400753 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-48536 Malicious code in reactify-utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 33fa7e90d4152416b1c914f2f869a4b26ea6afb25a672834b497be10bcea138a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in hash-script (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 797126e9eb0f67390ff12806c31b6cca28e65c31d1eb9b186dbb591b0db9c941 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in bcrypt-js-edge (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware bca5605febed4ebf8f03746e572ca1fb05186ff2714f0f1c34842fc4858f9fa7 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in stram-log (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 436c6121e283f5f6356fb575e1569411bd6123e6621dba3acec5df01273b5f70 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in package-f (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 1deec43d176fc23dbd4cb44b3e1d4e90821cb98e441004f83c872d49ca281ac9 Any computer that has this package installed or running should be considered...

CVE-2025-10581

CVE-2025-10581 describes a potential DLL hijacking vulnerability in Lenovo PC Manager that could allow a locally authenticated user to execute code with elevated privileges. The Red Hat, ENISA, NVD and other feeds align on the same description. Technical details in the connected sources specify t...

EUVD-2025-34616

A potential vulnerability was reported in PC Manager that could allow a local authenticated user to execute code with elevated privileges...

Malicious code in cryptocom-private-api (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 1c127979ce2c818c0baa9e2f6212dc73783686c797a35b3e63148a4815325de5 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-48415 Malicious code in scouthus921 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a2e34a89c347498d30a051b684807d976b3a5384c3f333621359e5a0fc90c8ff Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Computer Laboratory System SQL Injection Vulnerability

Computer Laboratory System is a computer laboratory system. The Computer Laboratory System suffers from a SQL injection vulnerability that originates from a lack of validation of an externally entered SQL statement in the password field of the login page, which can be exploited by an attacker to...

MAL-2025-48409 Malicious code in internal-greeter-utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware aba71c91c57a929f6d02d2775a1e431ee72be5d4e13215c18875202086b0c4e8 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-48411 Malicious code in private-callout-queue (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 7962ea070e8c6d0dc03b62736d3b83c52ac2367d2f5949252c86fa295aac63b2 Any computer that has this package installed or running should be considered...

Malicious code in debug-mj (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 9f60289f1a0f9296cf8aa9ed744c256c0963a95dc751ff52a708d2676d14825a Any computer that has this package installed or running should be considered...

HackWorld: Evaluating Computer-Use Agents on Exploiting Web Application Vulnerabilities

Web applications are prime targets for cyberattacks as gateways to critical services and sensitive data. Traditional penetration testing is costly and expertise-intensive, making it difficult to scale with the growing web ecosystem. While language model agents show promise in cybersecurity, moder...

MAL-2025-48326 Malicious code in internallib_v190 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 75787b9471cecb41a09915fbec6bf00bf40073c0f2da3ad342ee9fb1c83a366c Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in internallib_v838 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware d9a033080221d18397e6453d359fc3e59ebab68f195bd8faa9def63ff1426ca8 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in internallib_v190 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 75787b9471cecb41a09915fbec6bf00bf40073c0f2da3ad342ee9fb1c83a366c Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-48325 Malicious code in internallib_v14 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware fa0c771b7ba9e3bf9d3d6ed2cc6755d91123aa014ccfd52b1c6f3f02338ec32e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-48345 Malicious code in scr-theme-production (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 43b9b215ec9dee5723751b479575e1aacae2e38745b6504033b95b3da6f4f49e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...