40 matches found
CVE-2019-25428 Comodo Dome Firewall 2.7.0 Cross-Site Scripting via openvpn_users
Comodo Dome Firewall 2.7.0 contains multiple reflected cross-site scripting vulnerabilities in the openvpnusers endpoint that allow attackers to inject malicious scripts through POST parameters. Attackers can submit crafted POST requests with script payloads in the username, remotenets,...
PT-2026-20831
Comodo Dome Firewall 2.7.0 contains multiple reflected cross-site scripting vulnerabilities in the openvpn users endpoint that allow attackers to inject malicious scripts through POST parameters. Attackers can submit crafted POST requests with script payloads in the username, remotenets,...
Malicious code in @raux/ra-react-big-calendar (npm)
--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security 2a212e56b9bc45f8e1a5ba0e12813f0d333c9d77c3d94b1ec81b8bdd42655580 This package installs a dependency hosted on a custom domain that runs an info stealer during installation. The info stealer focuses on...
Malicious code in dynamic-import-node (npm)
--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security e6f301178847664c047f34b5ce64b443f6162b3a0c5113fed22a3a9d1bfcd793 This package installs a dependency hosted on a custom domain that runs an info stealer during installation. The info stealer focuses on...
MAL-2025-49100 Malicious code in dynamic-import-node (npm)
--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security e6f301178847664c047f34b5ce64b443f6162b3a0c5113fed22a3a9d1bfcd793 This package installs a dependency hosted on a custom domain that runs an info stealer during installation. The info stealer focuses on...
MAL-2025-49098 Malicious code in @dealmgmt/grid (npm)
--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security 3f1e7bb02af2f24d6a057db349128269908eb7e771722c7cf8aa637d3974058a This package installs a dependency hosted on a custom domain that runs an info stealer during installation. The info stealer focuses on...
MAL-2025-49099 Malicious code in @raux/ra-react-big-calendar (npm)
--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security 2a212e56b9bc45f8e1a5ba0e12813f0d333c9d77c3d94b1ec81b8bdd42655580 This package installs a dependency hosted on a custom domain that runs an info stealer during installation. The info stealer focuses on...
MAL-2025-48970 Malicious code in @msdyn365-commerce-marketplace/address-extensions (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 528dbe993a884d4b4a7005f6f60fb635ad06a01ee31e8cf08c6435b8cfc1277b Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2025-49028 Malicious code in only-warn (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware bf31c0df9e000c5a762fa04ecbaf0f9dd09103bcf544ca0aaebd43193b096a5a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
EUVD-2018-11434
Malware in sbrugna...
Malicious code in @js-to-lua/lua-types (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 4ddfe717b22bb57e4e1887887c45646abfa625e1d566049a635b86193170cdf9 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in @dtpk-cc/components (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware e0b1e4b6fe7f3d42a2752aea1642dd9191f6afeb4dcca96ef97a65b5af5cb192 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in @i22/rocket (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 47748ea5218b5ee35bfc50b911a7a41d04d1e19a74832b73679c1c376133dc79 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in @js-to-lua/fast-follow-commands (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware df9453e1ee97636a2ab1a62d9eed556436a2d9c1cd5a551571468cbe3d4e4d93 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in @foryjs/hps (npm)
The package @foryjs/hps was found to contain malicious code. --- -= Per source details. Do not edit below this line.=- Source: google-open-source-security 0194b673bd924b4e8e007349e2af575df749db95449277785f569eb01e5b2005 This package installs a dependency hosted on a custom domain that runs an inf...
Malicious code in @foryjs/fory (npm)
The package @foryjs/fory was found to contain malicious code. --- -= Per source details. Do not edit below this line.=- Source: google-open-source-security 37cc85bd94dccf1460d716d3a603bad10397060a4aa5398b42882110d01cb85b This package installs a dependency hosted on a custom domain that runs an in...
Malicious code in google-jsdocless (npm)
The package google-jsdocless was found to contain malicious code. --- -= Per source details. Do not edit below this line.=- Source: google-open-source-security f373d78893327920491950970d76c5deb36859c2cbd890bbc815d16536840004 This package installs a dependency hosted on a custom domain that runs a...
MAL-2025-17150 Malicious code in closure-es6 (npm)
The package closure-es6 was found to contain malicious code. --- -= Per source details. Do not edit below this line.=- Source: google-open-source-security e0574a10de5b6d2bca40b32e3869d3a497db2729667e3523f97b8dde3f5846c7 This package installs a dependency hosted on a custom domain that runs an inf...
MAL-2025-14186 Malicious code in airbnb-bundle (npm)
The package airbnb-bundle was found to contain malicious code. --- -= Per source details. Do not edit below this line.=- Source: google-open-source-security ea6660cd54215b1f9c967e8522156e2728e7ebb64ce3d3052d49f3e41bbffd87 This package installs a dependency hosted on a custom domain that runs an...
MAL-2025-19830 Malicious code in eslint-config-googlejs-es6 (npm)
The package eslint-config-googlejs-es6 was found to contain malicious code. --- -= Per source details. Do not edit below this line.=- Source: google-open-source-security 8940b7796dc2789fa52ad6b2bff9f902eabc3c074e0146ffa0bf81789cc1d365 This package installs a dependency hosted on a custom domain...