Malicious code in @antv/x6-plugin-dnd (npm)

Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...

@aidps/canvas-flow (>=1.0.0 <=1.0.1), @antv/x6-plugin-stencil (>=2.1.4 <=2.1.5) +102 more potentially affected by unknown CVE via @antv/x6-plugin-dnd (>=2.0.4 <=2.1.1)

@antv/x6-plugin-dnd NPM version =2.0.4, =1.0.0, =2.1.4, =2.0.1, =0.0.1, =0.0.2, =0.0.4, =0.7.0, =0.0.3, =2.0.4, =0.0.27, =0.0.3, =0.3.24 and more Source cves: unknown CVE Source advisory: OSV:MAL-2026-4102...

Malicious code in react-dnd-14 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3fa1ee45bae09f53b3ad9f05448438098f0561c4b694a22360be9d4fa4e86b3d The package react-dnd-14 was found to contain malicious code. Source: ossf-package-analysis...

MAL-2026-3196 Malicious code in react-dnd-14 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3fa1ee45bae09f53b3ad9f05448438098f0561c4b694a22360be9d4fa4e86b3d The package react-dnd-14 was found to contain malicious code. Source: ossf-package-analysis...

Malicious Package

Overview react-dnd-legacy-html5-backend is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and thi...

MAL-2026-657 Malicious code in react-dnd-legacy-html5-backend (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d549162491e3ef2900daafc0bb49291caef1538d4406a75ec4b80e12ac18fc26 The package react-dnd-legacy-html5-backend was found to contain malicious code. Source: ghsa-malware...

Malicious code in react-dnd-legacy-html5-backend (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d549162491e3ef2900daafc0bb49291caef1538d4406a75ec4b80e12ac18fc26 The package react-dnd-legacy-html5-backend was found to contain malicious code. Source: ghsa-malware...

CVE-2022-0595

The Drag and Drop Multiple File Upload WordPress plugin before 1.3.6.3 allows SVG files to be uploaded by default via the dndcodedropzupload AJAX action, which could lead to Stored Cross-Site Scripting issue...

Malicious Package

Overview react-dnd-html5-backend-14 is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...

MAL-2025-48394 Malicious code in react-dnd-html5-backend-14 (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware af5cd4573cfbc13b9582d1e56e4560f4e7582760f20173d068752a8d25b97c91 Any computer that has this package installed or running should be considered...

Malicious code in react-dnd-examples-decorators (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b335bf9dc6443f555a9a3ebeeadd7bebecedee805e6bf3c7d0eb551895a34647 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in react-dnd-examples-hooks (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f27f948b94d42e5b3e647bbd7de8b0de5848226545b127edd6d08740ec8384aa Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2022-5639 Malicious code in react-dnd-examples-decorators (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b335bf9dc6443f555a9a3ebeeadd7bebecedee805e6bf3c7d0eb551895a34647 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in cross.project.dnd (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware dff9d9c3f7ecfa58a798c74faa13cee022940ba6fa48a4aa293b870efe8de57c Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2022-0595

The Drag and Drop Multiple File Upload WordPress plugin before 1.3.6.3 allows SVG files to be uploaded by default via the dndcodedropzupload AJAX action, which could lead to Stored Cross-Site Scripting issue...

WordPress plugin Drag and Drop Multiple File Upload 跨站脚本漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports the hosting of personal blog sites on PHP and MySQL servers. WordPress plugin is a WordPress open source application plugin. WordPress Drag and Drop Multiple File Upload plugi...

SUSE SLED15 / SLES15 Security Update : java-11-openjdk (SUSE-SU-2020:2143-1)

This update for java-11-openjdk fixes the following issues : Update to upstream tag jdk-11.0.8+10 July 2020 CPU, bsc1174157 - Security fixes : + JDK-8230613: Better ASCII conversions + JDK-8231800: Better listing of arrays + JDK-8232014: Expand DTD support + JDK-8233234: Better Zip Naming +...

CVE-2017-4901

The drag-and-drop DnD function in VMware Workstation 12.x before version 12.5.4 and Fusion 8.x before version 8.5.5 has an out-of-bounds memory access vulnerability. This may allow a guest to execute code on the operating system that runs Workstation or Fusion...

CVE-2017-4901

The CVE-2017-4901 entry relates to VMware Workstation 12.x (before 12.5.4) and VMware Fusion 8.x (before 8.5.5), where the drag-and-drop (DnD) function has an out-of-bounds memory access vulnerability. The cited sources describe a potential for a guest operating system to execute code on the host...

CVE-2017-4901

The drag-and-drop DnD function in VMware Workstation 12.x before version 12.5.4 and Fusion 8.x before version 8.5.5 has an out-of-bounds memory access vulnerability. This may allow a guest to execute code on the operating system that runs Workstation or Fusion...