MAL-2025-2319 Malicious code in ledger-node-example (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 7407ff449f6702424fde06ca2cab289054c649439e98f9b863029a985e8cfcf7 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in ledger-node-example (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 7407ff449f6702424fde06ca2cab289054c649439e98f9b863029a985e8cfcf7 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-2263 Malicious code in linear-file-upload-example (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware aef3f24b1e992b4ea2859eb439304d2d1ace859ae0cfd7581f2b0714bed88fab Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in psd2-registration-example-ts (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 25af145935a5862c0a59e1214fee5a5bac0c1a1a7dab55da992f29b8bfa68131 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in example-nodejs-express (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware cb2351b3777bfaea370237b22b5155a53e293162cb01bca791717b05107a4b7c Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in react-textfit-example (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware cd133ed4ff9a23964d050578a197c7d8d9a45ba07d60f2d3b031b350bae49370 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-2257 Malicious code in example-nodejs-express (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware cb2351b3777bfaea370237b22b5155a53e293162cb01bca791717b05107a4b7c Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

War-FTPD 1.65 Denial of Service

War-FTPD version 1.65 proof of concept denial of service exploit that leverages a vulnerability originally discovered in 2024 by Fernando Mengali. ============================================================================================================================================= | Title ...

Apache NiFi 0.0.2 Remote Code Execution

Apache NiFi version 0.0.2 proof of concept remote code execution exploit that takes advantage of a flaw from 2023. ============================================================================================================================================= | Title : Apache NiFi 0.0.2 RCE...

MAL-2025-1583 Malicious code in example-javascript (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f8f7b351d38960b71f0f51ada047da6ff08501cd8f58b679cbfd6e8c5cc7b032 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in js-example (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware cc4563d5bd3e84486a04f455708e6480fadf633778880ca2710f2778aafad55c Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Firefox 135.0.1 Download Stresser

Firefox version 135.0.1 appears to suffer from a download looping issue that allows a malicious site to constantly download files to a user's browser. Exploit Title: Firefox 135.0.1 bypass Download protections PoC Date: 2025-02-28 Exploit Author: Emiliano Febbi Vendor Homepage:...

Cross-site Scripting (XSS)

Overview label-studio is a Label Studio annotation tool Affected versions of this package are vulnerable to Cross-site Scripting XSS through the /projects/upload-example endpoint due to improper sanitization of the input passed to the labelconfig query parameter. PoC Create a malicious label conf...

GHSA-WPQ5-3366-MQW4 Label Studio allows Cross-Site Scripting (XSS) via GET request to `/projects/upload-example` endpoint

Description Label Studio's /projects/upload-example endpoint allows injection of arbitrary HTML through a GET request with an appropriately crafted labelconfig query parameter. By crafting a specially formatted XML label config with inline task data containing malicious HTML/JavaScript, an attack...

ABB Cylon FLXeon 9.3.4 (app.js) Insecure CORS Configuration

Summary BACnet® Smart Building Controllers. ABB's BACnet portfolio features a series of BACnet® IP and BACnet MS/TP field controllers for ASPECT® and INTEGRA™ building management solutions. ABB BACnet controllers are designed for intelligent control of HVAC equipment such as central plant, boiler...

MAL-2025-1240 Malicious code in afip-example-api (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware af458f37f8afe450febaa14d76f15345bc5fe0f83c274593a481ac82dcc0bad1 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in afip-example-api (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware af458f37f8afe450febaa14d76f15345bc5fe0f83c274593a481ac82dcc0bad1 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Astra Linux - уязвимость в runc

runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. A bug was found in runc prior to version 1.1.2 where runc exec --cap created processes with non-empty inheritable Linux process capabilities, creating an atypical Linux environment and enabling...

com.baidu.hugegraph:hugegraph-cassandra (>=0.7.4 <=0.11.2), com.baidu.hugegraph:hugegraph-dist (>=0.7.4 <=0.11.2) +97 more potentially affected by CVE-2025-23015 via org.apache.cassandra:cassandra-all (>=3.10 <=3.11.17)

org.apache.cassandra:cassandra-all MAVEN version =3.10, =0.7.4, =0.7.4, =0.7.4, =0.7.4, =0.7.4, =3.8.0-bv13, =3.8.0-bv13, =3.8.0-bv13, =3.8.0-bv13, =3.8.0-bv13, =3.8.0-bv13, =3.8.0-bv13, =3.8.0-bv13, =6.5.13, =6.5.13, =6.5.248 and more Source cves: CVE-2025-23015 Source advisory:...

Malicious code in example-advanced (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware fe22841f48a20657900f7b7c76268c6243981bb55e440bc22345c6b8831d42f6 Any computer that has this package installed or running should be considered...