Malicious code in example-vue2-micro (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1cda06e9583d6e3b61afb6f1134f4d867559022d5844de0fbb5781312b8d5abc The package example-vue2-micro was found to contain malicious code. Source: ghsa-malware...

MAL-2025-192590 Malicious code in example-vue2-micro (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1cda06e9583d6e3b61afb6f1134f4d867559022d5844de0fbb5781312b8d5abc The package example-vue2-micro was found to contain malicious code. Source: ghsa-malware...

CVE-2025-59788

Cross-site scripting XSS vulnerability in a reachable filespdfviewer example directory in Nextcloud with versions before 22.2.10.33, 23.0.12.29, 24.0.12.28, 25.0.13.23, 26.0.13.20, 27.1.11.20, 28.0.14.11, 29.0.16.8, 30.0.17, 31.0.10, and 32.0.1 allows attackers to execute arbitrary JavaScript in...

Command Injection in example_xcom.py via XCom race condition

This report is not public...

CVE-2025-59788

Cross-site scripting XSS vulnerability in a reachable filespdfviewer example directory in Nextcloud with versions before 22.2.10.33, 23.0.12.29, 24.0.12.28, 25.0.13.23, 26.0.13.20, 27.1.11.20, 28.0.14.11, 29.0.16.8, 30.0.17, 31.0.10, and 32.0.1 allows attackers to execute arbitrary JavaScript in...

Nextcloud 安全漏洞

Nextcloud is an open source suite of self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. A security vulnerability exists in Nextcloud that stems from the presence of cross-site scripting in the filespdfviewer example directory, which could lead...

EUVD-2025-201106

An excluded subdomain constraint in a certificate chain does not restrict the usage of wildcard SANs in the leaf certificate. For example a constraint that excludes the subdomain test.example.com does not prevent a leaf certificate from claiming the SAN .example.com...

📄 MobileDetect 2.8.31 Cross Site Scripting

MobileDetect version 2.8.31 suffers from a cross site scripting vulnerability. Exploit Title: MobileDetect 2.8.31 - Cross-Site Scripting XSS Date: 2025-11-25 Exploit Author: CodeSecLab Vendor Homepage: https://github.com/serbanghita/Mobile-Detect/ Software Link:...

Malicious code in transparent-example-request99 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b6678163799dc68caa6452a201456bd093435349d000df2dd5895fbf7b0067b5 The package transparent-example-request99 was found to contain malicious code. Source: ossf-package-analysis...

EUVD-2025-197875

Malicious code in transparent-example-request99 npm...

MAL-2025-190550 Malicious code in transparent-example-request99 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b6678163799dc68caa6452a201456bd093435349d000df2dd5895fbf7b0067b5 The package transparent-example-request99 was found to contain malicious code. Source: ossf-package-analysis...

BIT-AIRFLOW-2025-54941 Apache Airflow: Command injection in "example_dag_decorator"

An example dag exampledagdecorator had non-validated parameter that allowed the UI user to redirect the example to a malicious server and execute code on worker. This however required that the example dags are enabled in production not default or the example dag code copied to build your own...

CVE-2025-54941

An example dag exampledagdecorator had non-validated parameter that allowed the UI user to redirect the example to a malicious server and execute code on worker. This however required that the example dags are enabled in production not default or the example dag code copied to build your own...

Command Injection

Overview Affected versions of this package are vulnerable to Command Injection via the exampledagdecorator function. An attacker can execute arbitrary commands on the worker by supplying a crafted parameter through the UI. Note: This is only exploitable if example DAGs are enabled in production o...

GHSA-V3C9-J6H9-66V4 Apache Airflow has a command injection vulnerability in "example_dag_decorator"

An example dag exampledagdecorator had non-validated parameter that allowed the UI user to redirect the example to a malicious server and execute code on worker. This however required that the example dags are enabled in production not default or the example dag code copied to build your own...

Apache Airflow has a command injection vulnerability in "example_dag_decorator"

An example dag exampledagdecorator had non-validated parameter that allowed the UI user to redirect the example to a malicious server and execute code on worker. This however required that the example dags are enabled in production not default or the example dag code copied to build your own...

CVE-2025-54941

An example dag exampledagdecorator had non-validated parameter that allowed the UI user to redirect the example to a malicious server and execute code on worker. This however required that the example dags are enabled in production not default or the example dag code copied to build your own...

CVE-2025-54941

An example dag exampledagdecorator had non-validated parameter that allowed the UI user to redirect the example to a malicious server and execute code on worker. This however required that the example dags are enabled in production not default or the example dag code copied to build your own...

CVE-2025-54941

The CVE-2025-54941 issue affects Apache Airflow, specifically the example_dag_decorator parameter handling. A non-validated parameter in the example DAG allowed a UI user to redirect to a malicious server and execute code on a worker, but exploitation requires that example DAGs are enabled in pro...

CVE-2025-54941 Apache Airflow: Command injection in "example_dag_decorator"

An example dag exampledagdecorator had non-validated parameter that allowed the UI user to redirect the example to a malicious server and execute code on worker. This however required that the example dags are enabled in production not default or the example dag code copied to build your own...