141 matches found
CVE-2024-14037
Redsea Cloud eHR contains an arbitrary file upload vulnerability that allows unauthenticated attackers to achieve remote code execution by uploading malicious files through the PtFjk.mob servlet endpoint. Attackers can submit a multipart POST request with a JSP webshell disguised using a spoofed...
Malicious code in ts-einkle (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fa992a8f9afcf95d3c0e35b6abc290ff565b450663f6d43511467cd370eefce8 [email protected] ships a comprehensive installer-side stealer in its main module peer-math.js. On require, syncSession runs a chain packProjectBundle,...
MAL-2026-6504 Malicious code in openblox (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cdd874a78973f84b5373fc03a48472c338ca82ef0a258b7614f81a8359da1201 setup.py invokes GetGitCommitHash unconditionally at module top level, so it runs on pip install openblox and any setuptools invocation. On Windows t...
MAL-2026-6357 Malicious code in theme-color-picker (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f7a4ba7e8664b9e1d99c4018963a4731d591653d7f2a9b879ba090e7a7f6e7bd Although the package presents itself as a 'theme color picker', package.json identifies the publisher as analysis-chart.io with repository...
Malicious code in new-eslint-1 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7752e7f074edbf8521da2ee0b7c68c28a2f76d86576138df8f18e08aaa3a5c38 Package is published as 'new-eslint-1' but its package.json description, README, repository URL MikeMcl/big.js, and source are a verbatim copy of...
MAL-2026-6225 Malicious code in new-eslint-1 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7752e7f074edbf8521da2ee0b7c68c28a2f76d86576138df8f18e08aaa3a5c38 Package is published as 'new-eslint-1' but its package.json description, README, repository URL MikeMcl/big.js, and source are a verbatim copy of...
Malicious code in vite-config-field (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8e5dabbc9cf746e153391fbe76f4dc54f9bccb9f7fd467d5b80d07c84ab1fb58 [email protected] impersonates the legitimate vite-plugin-pwa package README copies its banner/badges, funding field points at antfu's GitHub...
Malicious Package
Overview ratelimitsucks1 is a malicious package. This package is part of a malicious npm campaign that abused the registry to distribute ad-supported web proxy applications disguised as educational websites. The package contains web assets intended to bypass network restrictions and generate...
Malicious Package
Overview ishowfeet13 is a malicious package. This package is part of a malicious npm campaign that abused the registry to distribute ad-supported web proxy applications disguised as educational websites. The package contains web assets intended to bypass network restrictions and generate...
Malicious Package
Overview nottuff22 is a malicious package. This package is part of a malicious npm campaign that abused the registry to distribute ad-supported web proxy applications disguised as educational websites. The package contains web assets intended to bypass network restrictions and generate advertisin...
Malicious Package
Overview abuden22 is a malicious package. This package is part of a malicious npm campaign that abused the registry to distribute ad-supported web proxy applications disguised as educational websites. The package contains web assets intended to bypass network restrictions and generate advertising...
Malicious Package
Overview abuden221 is a malicious package. This package is part of a malicious npm campaign that abused the registry to distribute ad-supported web proxy applications disguised as educational websites. The package contains web assets intended to bypass network restrictions and generate advertisin...
Malicious Package
Overview nottuff18 is a malicious package. This package is part of a malicious npm campaign that abused the registry to distribute ad-supported web proxy applications disguised as educational websites. The package contains web assets intended to bypass network restrictions and generate advertisin...
Malicious Package
Overview abuden28 is a malicious package. This package is part of a malicious npm campaign that abused the registry to distribute ad-supported web proxy applications disguised as educational websites. The package contains web assets intended to bypass network restrictions and generate advertising...
Malicious Package
Overview ratelimitsucks4 is a malicious package. This package is part of a malicious npm campaign that abused the registry to distribute ad-supported web proxy applications disguised as educational websites. The package contains web assets intended to bypass network restrictions and generate...
Malicious Package
Overview nottuff21 is a malicious package. This package is part of a malicious npm campaign that abused the registry to distribute ad-supported web proxy applications disguised as educational websites. The package contains web assets intended to bypass network restrictions and generate advertisin...
Malicious Package
Overview speed3 is a malicious package. This package is part of a malicious npm campaign that abused the registry to distribute ad-supported web proxy applications disguised as educational websites. The package contains web assets intended to bypass network restrictions and generate advertising...
Malicious Package
Overview omgyesyesyes is a malicious package. This package is part of a malicious npm campaign that abused the registry to distribute ad-supported web proxy applications disguised as educational websites. The package contains web assets intended to bypass network restrictions and generate...
Malicious Package
Overview nottuff13 is a malicious package. This package is part of a malicious npm campaign that abused the registry to distribute ad-supported web proxy applications disguised as educational websites. The package contains web assets intended to bypass network restrictions and generate advertisin...
Malicious Package
Overview ratelimitsucks9 is a malicious package. This package is part of a malicious npm campaign that abused the registry to distribute ad-supported web proxy applications disguised as educational websites. The package contains web assets intended to bypass network restrictions and generate...