MAL-2026-5085 Malicious code in web3-config-loader (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware dc426e6e28603268949be1817881f2269e7b0464c0fd513690f2f77b6637a719 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious Package

Overview web3-config-loader is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

Malicious code in web3-config-loader (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware dc426e6e28603268949be1817881f2269e7b0464c0fd513690f2f77b6637a719 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious Package

Overview workspace-config-loader is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this packa...

MAL-2026-4284 Malicious code in workspace-config-loader (npm)

Ten packages published by npm user asdxzxc at version 1.0.10 target developers working on AI and LLM tooling. Each package masquerades as a developer utility while executing a two-stage payload triggered via postinstall: package.json → lib/setup.js → lib/worker.js. Credential harvesting:...

Malicious code in workspace-config-loader (npm)

Ten packages published by npm user asdxzxc at version 1.0.10 target developers working on AI and LLM tooling. Each package masquerades as a developer utility while executing a two-stage payload triggered via postinstall: package.json → lib/setup.js → lib/worker.js. Credential harvesting:...

Malicious Package

Overview github.com/BufferZoneCorp/config-loader is a malicious package. This package contains malicious code designed to compromise developer systems and CI environments, specifically targeting GitHub Actions. The threat actor, operating under the GitHub account BufferZoneCorp, published a clust...

MAL-2026-3620 Malicious code in github.com/BufferZoneCorp/config-loader (Go)

--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security a4e4f74e90479d472a307d311d48214827e21cf93ecf9b0b62ff2cb72adb2c9e This package is a malicious packages part of the Go BufferZoneCorp and RubyGems knot-theory clusters. The packages in this cluster steal...

Malicious code in github.com/BufferZoneCorp/config-loader (Go)

--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security a4e4f74e90479d472a307d311d48214827e21cf93ecf9b0b62ff2cb72adb2c9e This package is a malicious packages part of the Go BufferZoneCorp and RubyGems knot-theory clusters. The packages in this cluster steal...

EUVD-2025-176856

Malicious code in quark-eslint-config-materialize-css-loader npm...

MAL-2025-17771 Malicious code in cs-config-loader (npm)

The package cs-config-loader was found to contain malicious code...

Malicious code in cs-config-loader (npm)

The package cs-config-loader was found to contain malicious code...

Malicious Package

Overview grafana-internal-config-loader is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and thi...

Malicious code in zora-config-loader (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 90bb43834ca3c2d8ed358c803284c55ac5cbc2a41e43dca36415cde5e63907fa Any computer that has this package installed or running should be considered...

MAL-2025-5069 Malicious code in zora-config-loader (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 90bb43834ca3c2d8ed358c803284c55ac5cbc2a41e43dca36415cde5e63907fa Any computer that has this package installed or running should be considered...

PYSEC-2020-341

An exploitable vulnerability exists in the configuration-loading functionality of the jw.util package before 2.3 for Python. When loading a configuration with FromString or FromStream with YAML, one can execute arbitrary Python code, resulting in OS command execution, because safeload is not used...

IdeaCMS microstore config_loader.asp has SQL injection vulnerability

IdeaCMS Micro Mall Management System is a PC+Mobile+WeChat integrated mall system developed by Sampi Network Technology Co. A SQL injection vulnerability exists in IdeaCMS Micro Mall configloader.asp. An attacker can exploit this vulnerability to obtain sensitive information from the database...

Puzzle Apps CMS 3.2 - Local File Inclusion

No description provided by source. ------------------------------------------------------------------------ Software................ Puzzle Apps CMS 3.2 Vulnerability........... Local File Inclusion Site.................... http://www.puzzleapps.org/ Download Link...

CVE-2013-2086

The CVE-2013-2086 issue affects ownCloud 5.0.x prior to 5.0.6, where the configuration loader writes CSRF tokens (and other private data) into an accessible JavaScript file. This leakage enables remote attackers to obtain CSRF tokens and other sensitive information, per the official advisory and ...

Puzzle Apps CMS 3.2 Local File Inclusion

------------------------------------------------------------------------ Software................ Puzzle Apps CMS 3.2 Vulnerability........... Local File Inclusion Site.................... http://www.puzzleapps.org/ Download Link...