1058 matches found
EUVD-2022-5930
Malicious code in bioql PyPI...
EUVD-2022-6244
Malicious code in bioql PyPI...
EUVD-2024-29930
Malicious code in bioql PyPI...
EUVD-2022-39140
Malicious code in bioql PyPI...
corosync security update
An update is available for corosync. This update affects Rocky Linux 10. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The corosync packages provide the Corosync Cluster Engine and C APIs for...
CLSA-2025-1759413150 openexr: Fix of CVE-2024-31047
CVE-2024-31047: fix denial of service issue in convert function of exrmultipart.cpp...
WordPress Rock Convert plugin <= 3.0.1 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Rock Convert versions = 3.0.1...
ncurses: segfaulting OOB read
A segmentation fault vulnerability was found in ncurses's convertstrings function of tinfo/readentry.c file. This flaw occurs due to corrupted terminfo data, triggering an out-of-bounds read error...
SUSE SLES12 Security Update : openjpeg2 (SUSE-SU-2025:03353-1)
The remote SUSE Linux SLES12 host has a package installed that is affected by a vulnerability as referenced in the SUSE- SU-2025:03353-1 advisory. - CVE-2018-18088: Fixed NULL pointer dereference in the imagetopnm function of jp2/convert.c bsc1111638. Tenable has extracted the preceding descripti...
SUSE-SU-2025:03353-1 Security update for openjpeg2
This update for openjpeg2 fixes the following issues: - CVE-2018-18088: Fixed NULL pointer dereference in the imagetopnm function of jp2/convert.c bsc1111638...
CVE-2025-59162
color-convert provides plain color conversion functions in JavaScript. On 8 September 2025, the npm publishing account for color-convert was taken over after a phishing attack. Version 3.1.1 was published, functionally identical to the previous patch version, but with a malware payload added...
[email protected] contains malware after npm account takeover
Impact On 8 September 2025, the npm publishing account for color-convert was taken over after a phishing attack. Version 3.1.1 was published, functionally identical to the previous patch version, but with a malware payload added attempting to redirect cryptocurrency transactions to the attacker's...
GHSA-PXX3-G568-HXR4 [email protected] contains malware after npm account takeover
Impact On 8 September 2025, the npm publishing account for color-convert was taken over after a phishing attack. Version 3.1.1 was published, functionally identical to the previous patch version, but with a malware payload added attempting to redirect cryptocurrency transactions to the attacker's...
CVE-2025-59162
color-convert provides plain color conversion functions in JavaScript. On 8 September 2025, the npm publishing account for color-convert was taken over after a phishing attack. Version 3.1.1 was published, functionally identical to the previous patch version, but with a malware payload added...
Embedded Malicious Code
Overview color-convert is a malicious package. This package version contains malicious code that monitors network traffic when run in a browser and targets crypto transactions. The injected malicious code activates a hook whenever a Web3 wallet is present. Once triggered, it intercepts and alters...
CVE-2025-59162 [email protected] contains malware after npm account takeover
color-convert provides plain color conversion functions in JavaScript. On 8 September 2025, the npm publishing account for color-convert was taken over after a phishing attack. Version 3.1.1 was published, functionally identical to the previous patch version, but with a malware payload added...
CVE-2025-59162
CVE-2025-59162 affects color-convert.js (package color-convert) with version 3.1.1, where a malware payload was introduced after an npm account takeover. The malicious code targets browser contexts (e.g., direct script tags or bundlers like Babel/Rollup/Vite/Next.js) to redirect cryptocurrency tr...
CVE-2025-59162 [email protected] contains malware after npm account takeover
color-convert provides plain color conversion functions in JavaScript. On 8 September 2025, the npm publishing account for color-convert was taken over after a phishing attack. Version 3.1.1 was published, functionally identical to the previous patch version, but with a malware payload added...
color-convert 安全漏洞
color-convert is a color conversion function in JavaScript by Josh Junon Personal Developer. A security vulnerability exists in color-convert version 3.1.1, which stems from malicious code implanted after a phishing attack on an account, and could lead to the redirection of cryptocurrency...
Malicious Package
Overview @js-to-lua/convert is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...