Malicious code in recaptcha-cors (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 79037ac310e3ba605ade8d6657ea9fd4d8261583079397795e7afccbf432a4fd The package recaptcha-cors was found to contain malicious code. Source: ghsa-malware 4936a94d5d7ed5509cecba8ba4b13b5d37ff1f114318c83e868dc6e5627818be...

MAL-2025-141780 Malicious code in dotenv-safe-ultra-lacerta-cors (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 89439455b16a6902882a174b59f5147a826966cbf4cc56cdf6db7f191b9fa72f This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Linux Distros Unpatched Vulnerability : CVE-2024-6866

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - corydolphin/flask-cors version 4.01 contains a vulnerability where the request path matching is case- insensitive due to the use of the trymatch function, which...

MAL-2025-29313 Malicious code in pipe-cors-public-figures (npm)

The package pipe-cors-public-figures was found to contain malicious code...

MAL-2025-38687 Malicious code in vuetify-proteomics-biohacking-cors (npm)

The package vuetify-proteomics-biohacking-cors was found to contain malicious code...

Debian: Security Advisory (DLA-4197-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Linux Distros Unpatched Vulnerability : CVE-2024-6221

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability in corydolphin/flask-cors version 4.0.1 allows the Access-Control-Allow-Private-Network CORS header to be set to true by default. This behavior...

Linux Distros Unpatched Vulnerability : CVE-2024-1681

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - corydolphin/flask-cors is vulnerable to log injection when the log level is set to debug. An attacker can inject fake log entries into the log file by sending a...

Malicious code in cors-2.8.5 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 6d3ac76cc6d4732cf46e90544d65c4e016ecfe5b8fe92361e1586d61b16a6e26 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...