EUVD-2025-35772

Malicious code in deviceconnect npm...

Malicious Package

Overview deviceconnect is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

MAL-2025-48564 Malicious code in deviceconnect (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware d6c1a3984e1cb71a8f8426b3963787a49a096ce770bcabde9e63ca51fa5007e8 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in deviceconnect (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware d6c1a3984e1cb71a8f8426b3963787a49a096ce770bcabde9e63ca51fa5007e8 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

EUVD-2022-33890

Malicious code in bioql PyPI...

CVE-2022-29555

The Deviceconnect microservice through 1.3.0 in Northern.tech Mender Enterprise before 3.2.2. allows Cross-Origin Websocket Hijacking...

CVE-2022-29555

The Deviceconnect microservice through 1.3.0 in Northern.tech Mender Enterprise before 3.2.2. allows Cross-Origin Websocket Hijacking...

CVE-2022-29555

The Deviceconnect microservice through 1.3.0 in Northern.tech Mender Enterprise before 3.2.2. allows Cross-Origin Websocket Hijacking...

CVE-2022-29555

The Deviceconnect microservice through 1.3.0 in Northern.tech Mender Enterprise before 3.2.2. allows Cross-Origin Websocket Hijacking...

Cross site scripting

The Deviceconnect microservice through 1.3.0 in Northern.tech Mender Enterprise before 3.2.2. allows Cross-Origin Websocket Hijacking...

CVE-2022-29555

The Deviceconnect microservice through 1.3.0 in Northern.tech Mender Enterprise before 3.2.2. allows Cross-Origin Websocket Hijacking...

CVE-2022-29555

CVE-2022-29555 affects the Deviceconnect microservice (Northern.tech Mender Enterprise) up to version 1.3.0, prior to 3.2.2, enabling Cross-Origin Websocket Hijacking. Attack vector is network; CVSSv3 base score 8.8 (HIGH) with UI required. Remediation: upgrade to Mender Enterprise 3.2.2 or later...

Northern.tech Mender Enterprise 跨站请求伪造漏洞

Northern.tech Mender Enterprise is a wireless update manager for IoT devices from Northern.tech. A security vulnerability exists in Northern.tech Mender Enterprise prior to version 3.2.2, which stems from a cross-domain websocket hijacking allowed via the Deviceconnect microservice from 1.3.0...