23 matches found
CVE-2025-48617
In overrideConfig of CarrierConfigLoader.java, there is a possible way to bypass UID check due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...
Fulcrum-OSINT-monitor
FULCRUM — Architecture Technique v3.1 Vue d'ensemble FULC...
Malicious Package
Overview web3-config-loader is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...
Malicious code in web3-config-loader (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware dc426e6e28603268949be1817881f2269e7b0464c0fd513690f2f77b6637a719 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2026-5085 Malicious code in web3-config-loader (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware dc426e6e28603268949be1817881f2269e7b0464c0fd513690f2f77b6637a719 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious Package
Overview workspace-config-loader is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this packa...
Malicious code in workspace-config-loader (npm)
Ten packages published by npm user asdxzxc at version 1.0.10 target developers working on AI and LLM tooling. Each package masquerades as a developer utility while executing a two-stage payload triggered via postinstall: package.json → lib/setup.js → lib/worker.js. Credential harvesting:...
MAL-2026-4284 Malicious code in workspace-config-loader (npm)
Ten packages published by npm user asdxzxc at version 1.0.10 target developers working on AI and LLM tooling. Each package masquerades as a developer utility while executing a two-stage payload triggered via postinstall: package.json → lib/setup.js → lib/worker.js. Credential harvesting:...
Malicious Package
Overview github.com/BufferZoneCorp/config-loader is a malicious package. This package contains malicious code designed to compromise developer systems and CI environments, specifically targeting GitHub Actions. The threat actor, operating under the GitHub account BufferZoneCorp, published a clust...
MAL-2026-3620 Malicious code in github.com/BufferZoneCorp/config-loader (Go)
--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security a4e4f74e90479d472a307d311d48214827e21cf93ecf9b0b62ff2cb72adb2c9e This package is a malicious packages part of the Go BufferZoneCorp and RubyGems knot-theory clusters. The packages in this cluster steal...
Malicious code in github.com/BufferZoneCorp/config-loader (Go)
--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security a4e4f74e90479d472a307d311d48214827e21cf93ecf9b0b62ff2cb72adb2c9e This package is a malicious packages part of the Go BufferZoneCorp and RubyGems knot-theory clusters. The packages in this cluster steal...
EUVD-2025-176856
Malicious code in quark-eslint-config-materialize-css-loader npm...
Malicious code in cs-config-loader (npm)
The package cs-config-loader was found to contain malicious code...
MAL-2025-17771 Malicious code in cs-config-loader (npm)
The package cs-config-loader was found to contain malicious code...
Malicious Package
Overview grafana-internal-config-loader is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and thi...
Malicious code in zora-config-loader (npm)
The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 90bb43834ca3c2d8ed358c803284c55ac5cbc2a41e43dca36415cde5e63907fa Any computer that has this package installed or running should be considered...
MAL-2025-5069 Malicious code in zora-config-loader (npm)
The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 90bb43834ca3c2d8ed358c803284c55ac5cbc2a41e43dca36415cde5e63907fa Any computer that has this package installed or running should be considered...
PYSEC-2020-341
An exploitable vulnerability exists in the configuration-loading functionality of the jw.util package before 2.3 for Python. When loading a configuration with FromString or FromStream with YAML, one can execute arbitrary Python code, resulting in OS command execution, because safeload is not used...
IdeaCMS microstore config_loader.asp has SQL injection vulnerability
IdeaCMS Micro Mall Management System is a PC+Mobile+WeChat integrated mall system developed by Sampi Network Technology Co. A SQL injection vulnerability exists in IdeaCMS Micro Mall configloader.asp. An attacker can exploit this vulnerability to obtain sensitive information from the database...
Puzzle Apps CMS 3.2 - Local File Inclusion
No description provided by source. ------------------------------------------------------------------------ Software................ Puzzle Apps CMS 3.2 Vulnerability........... Local File Inclusion Site.................... http://www.puzzleapps.org/ Download Link...