8 matches found
MAL-2026-6303 Malicious code in react-simple-utils-kit (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 038aa6bccd8008fec1f309d718e53dd4b89e4ca15a976c6a80652e0dd58a5b58 Package advertises itself as 'a simple date formatting utility for React projects' 3-function index.js, but ships a postinstall.js that runs on every...
Acer M6E 安全漏洞
The Acer M6E is a portable 5G mobile hotspot device produced by Acer of Taiwan, China. The Acer M6E has a security vulnerability, which stems from the IDOR vulnerability in the summary service endpoint. This vulnerability fails to verify the user’s ownership of the hardware serial number,...
vpn_exploitation_tool
AD + Citrix VPN Data Harvester Modular Java tool for testing...
Malicious code in solanacore (npm)
The package contains several malicious PowerShell and VBS scripts used to harvest browser data, take screenshots, log keystrokes, and establish startup persistence. It also bundles a password stealer and exfiltrates stolen data via Slack and Discord webhooks. --- -= Per source details. Do not edi...
PT-2024-40533 · Microsoft +2 · Windows +2
Name of the Vulnerable Software and Affected Versions: gratient version 0.5 Description: The issue concerns a user-facing library used for generating color gradients of text, which contained obfuscated, malicious code in version 0.5. This malicious code targets Windows platforms, harvesting...
PT-2024-40896 · Microsoft +2 · Windows +2
Name of the Vulnerable Software and Affected Versions: gratient version 0.5 Description: The issue concerns malicious code embedded in the library, which targets Windows platforms. This code is capable of harvesting information and credentials from the user's system and sending them to a remote...
Malicious PyPI Packages Using Cloudflare Tunnels to Sneak Through Firewalls
In yet another campaign targeting the Python Package Index PyPI repository, six malicious packages have been found deploying information stealers on developer systems. The now-removed packages, which were discovered by Phylum between December 22 and December 31, 2022, include pyrologin,...
data-harvest.co.uk XSS vulnerability
Open Bug Bounty ID: OBB-691655 Description| Value ---|--- Affected Website:| data-harvest.co.uk Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| hidden until disclosure Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| hidd...