MAL-2026-5652 Malicious code in theta-sdk (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware bbfa69ed41fd4cfb88637f2f5765174105f8c4eb42d4f433fdd05d642e664fa9 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in @tanstack/router-devtools (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 0b5f287de4737a3fc1c486fabad70d3ad833e85ba2ebfa8d0712052da9fca9ed Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2026-822 Malicious code in react-svg-handler (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 63577e9faa19bf76dac1f171ee006ed6801a0726d5782ae1246bde01b508a7ad The package react-svg-handler was found to contain malicious code. Source: ghsa-malware...

MAL-2025-192967 Malicious code in eb-csr (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bde17b1e5e6a9e071d031714e31335d93e040635afe32c1cb655b8892e8e2d3b The package eb-csr was found to contain malicious code. Source: ghsa-malware 633a3693267851fd0c8eeee4cfc971fd7009c5c128d6a9ac0392d6ded3a8614f Any...

Malicious code in xvxx (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 049f454684721f33ed5708e112fc16145101616f1e86764d11c1768029a10902 The package xvxx was found to contain malicious code. Source: ghsa-malware 4aa766b9a17bf9902632fb988d91f1bf9e7bd4d3ef713fed70b0b3187f67d00b Any...

MAL-2025-49050 Malicious code in transform-react-jsx-source (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware fd1c3c75a248290b6685831711ef1fa1ec32244ea7ab218a36c42a6b5163e560 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-48576 Malicious code in mender-gateway (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 4a1362b58dc19a9ff29ea00a5ac5b634c3b6aa179242d6cfd3daf6efedfac50a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in tailwind-base-theme (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 8582e0acc5f7199f1f7af95aaad0689d758cd9b4cd7110c3d2291ff6751eb5da Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

PT-2025-25382 · WordPress · Wp Travel Engine

Name of the Vulnerable Software and Affected Versions: The WP Travel Engine – Tour Booking Plugin – Tour Operator Software plugin for WordPress versions up to, and including, 6.5.1 Description: The issue is related to a missing capability check on the delete package function, allowing...

CVE-2025-4488

A vulnerability was found in itsourcecode Gym Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /ajax.php?action=deletepackage. The manipulation of the argument ID leads to sql injection. The attack can be launched...

itsourcecode Gym Management System 注入漏洞

itsourcecode Gym Management System is an open source gym management system by itsourcecode. An injection vulnerability exists in itsourcecode Gym Management System version 1.0, which originates from an SQL injection caused by a parameter ID operation in the file /ajax.php?action=deletepackage...

Malicious code in podium-pride (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 5abcc917b2c3c387cbb0096d57ec3b264785aa5e13f0fd89e57133b7c30c820c Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in nayan-api-server (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 3aa649015a7b9b6a0c072dff43fa33c006eb20cdc5039c2ba526d686ec328223 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in svuv9u (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware d10f8dd67eadf279ea287de2957730d8a0e580934d01a44a23d868ab3534fdb4 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2024-7668

A vulnerability has been found in SourceCodester Car Driving School Management System 1.0 and classified as critical. This vulnerability affects the function deletepackage of the file Master.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The...

PT-2024-38496 · Sourcecodester · Sourcecodester Car Driving School Management System

Name of the Vulnerable Software and Affected Versions: SourceCodester Car Driving School Management System version 1.0 Description: A critical issue has been discovered, affecting the delete package function of the Master.php file. The manipulation of the id argument leads to SQL injection. This...

Malicious code in wlwz-2312-8008 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 3bc332f6f9feb05f866632a1d6c04a6167c381585faa7507662e4d6ba2de8398 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in wlwz-2312-4200 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 8aca3b5385fea043f992949ee07e3e691da47280b01692b37c3d28e1d6104326 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2023-5799

The WP Hotel Booking WordPress plugin before 2.0.8 does not have proper authorisation when deleting a package, allowing Contributor and above roles to delete posts that do no belong to them...

Malicious code in sample-app-typescript (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 4a7432b767dd8bf532a686b3a40add828170682af3dcfdcab09c7d7a012a83e1 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...