14 matches found
MAL-2025-6300 Malicious code in player-component (npm)
The package communicates with a domain associated with malicious activity...
MAL-2025-5250 Malicious code in nstmrt-stf-api-poc (npm)
The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 29e69957371cd4fe181aa65e4f774a3c807e8ff11ebda5f2226dd881f89961ae The OpenSSF Package Analysis project identified 'nstmrt-stf-api-poc' ...
MAL-2025-2732 Malicious code in @johndeere-tech/helios-mat-styles (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 226a36baff3a45f171643849384a2b5ba6f9120f2a98d58b2589fc9381fc1c8a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2025-1567 Malicious code in morganstanley.github.io (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware da18628bae17a4b84b5818efb61d96bb37f0cddacea85240fbf4856ff0340353 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2025-37 Malicious code in shopify-ecommerce-shopping-cart (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 9a28c4bb6f1ccd57758357f7949eda10b66b8dcc6c7249a4b0756f28d5517369 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2024-12121 Malicious code in solidity-ibc (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware d1a13b5de5d7c8bba62c5cfaa0a0c0b7044cfee854154b9fa3db8c6cbdaf1361 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2024-10358 Malicious code in lightseeq (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 3d14d6932bfe1a879a7af0d37aa99c04a96678783d745e6587d5c95c39086e09 A campaign of probably pentest packages flooding PYPI. Installing the package or importing the module triggers reporting basic info like hostname, path and the...
MAL-2024-8840 Malicious code in @rev-mfe-temporary/notifications (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 2b3170fbfade03c948cc6c4c0277298ef23655213b9a5faa5212a02cbb80b465 The OpenSSF Package Analysis project identified '@rev-mfe-temporary/notifications' @ 99.50.55 npm as malicious. It is considered malicious...
MAL-2024-8023 Malicious code in artifact-lab-3-package-b6920ef4 (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 0239eb42a339ea04c20285cf4f4fd719e841f19d6e59a2cbb78f6e982fcea446 Packages showing simple variants of revshell with targets to ngrok. Most probably experiments. Later versions moved to use Burp Collaborator to exfiltrate simp...
MAL-2024-7502 Malicious code in sap-addfolder (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis af86db537f55f314e21a8c060650c331e5118a713a19e91daf36df8b5348b5ab The OpenSSF Package Analysis project identified 'sap-addfolder' @ 0.0.0 npm as malicious. It is considered malicious because: - The package...
openSUSE: Security Advisory for hostapd (openSUSE-SU-2020:0222-1)
The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
CVE-2009-4129
Race condition in Mozilla Firefox allows remote attackers to produce a JavaScript message with a spoofed domain association by writing the message in between the document request and document load for a web page in a different domain...
CVE-2009-4129
Technical details about CVE-2009-4129 are not publicly provided in the supplied documents. No concrete information on affected products, versions, impact, or fixes is present here. Monitor for updates from official advisories and vulnerability feeds.
CVE-2005-4685
Firefox and Mozilla can associate a cookie with multiple domains when the DNS resolver has a non-root domain in its search list, which allows remote attackers to trick a user into accepting a cookie for a hostname formed via search-list expansion of the hostname entered by the user, or steal a...