Malicious code in example-backend (npm)

The package example-backend was found to contain malicious code...

MAL-2025-41980 Malicious code in example-backend (npm)

The package example-backend was found to contain malicious code...

Malicious code in example-subscriptions (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 438b8c125fa1b14e319503e011ccb4ee92d7a6fd2c942d5edc6741d8ca3451aa The OpenSSF Package Analysis project identified 'example-subscriptions' @ 10.0.1 npm as malicious. It is considered malicious because: - The...

MAL-2025-41808 Malicious code in example-subscriptions (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 438b8c125fa1b14e319503e011ccb4ee92d7a6fd2c942d5edc6741d8ca3451aa The OpenSSF Package Analysis project identified 'example-subscriptions' @ 10.0.1 npm as malicious. It is considered malicious because: - The...

Malicious code in example-multipass (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis b8ecd17d835fed194bf6392aca9f2fe17844a455e585ae06161bb8a41ad9748d The OpenSSF Package Analysis project identified 'example-multipass' @ 10.0.1 npm as malicious. It is considered malicious because: - The package...

MAL-2025-41807 Malicious code in example-multipass (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis b8ecd17d835fed194bf6392aca9f2fe17844a455e585ae06161bb8a41ad9748d The OpenSSF Package Analysis project identified 'example-multipass' @ 10.0.1 npm as malicious. It is considered malicious because: - The package...

Malicious code in example-hydrogen-express (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 72ac17540d8cc94d193119aebd535f4becbc637bd1942a5b02a51550239e23c8 The OpenSSF Package Analysis project identified 'example-hydrogen-express' @ 10.0.1 npm as malicious. It is considered malicious because: - The...

MAL-2025-41806 Malicious code in example-hydrogen-express (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 72ac17540d8cc94d193119aebd535f4becbc637bd1942a5b02a51550239e23c8 The OpenSSF Package Analysis project identified 'example-hydrogen-express' @ 10.0.1 npm as malicious. It is considered malicious because: - The...

MAL-2025-41587 Malicious code in onnxruntime-reactnative-example (npm)

--- -= Per source details. Do not edit below this line.=-...

Malicious code in fluxible-router-example (npm)

--- -= Per source details. Do not edit below this line.=-...

MAL-2025-41566 Malicious code in fluxible-router-example (npm)

--- -= Per source details. Do not edit below this line.=-...

Malicious code in flux-example-todo (npm)

--- -= Per source details. Do not edit below this line.=-...

MAL-2025-41565 Malicious code in flux-example-todo (npm)

--- -= Per source details. Do not edit below this line.=-...

Malicious code in flux-example-routing (npm)

--- -= Per source details. Do not edit below this line.=-...

MAL-2025-41564 Malicious code in flux-example-routing (npm)

--- -= Per source details. Do not edit below this line.=-...

Exploit for CVE-2017-0144

Metasploit Framework Cheatsheet Introduction Metasploit i...

CVE-2025-30064 Possibility to generate a session for any user via the "ex:action" parameter after obtaining access to the JWT key

An insufficiently secured internal function allows session generation for arbitrary users. The decodeParam function checks the JWT but does not verify which signing algorithm was used. As a result, an attacker can use the "ex:action" parameter in the VerifyUserByThrustedService function to genera...

CVE-2025-30064

Technical details about CVE-2025-30064 are not publicly provided in the supplied connected documents. Monitor for updates from official advisories; current sources do not reveal affected products, versions, or remediation steps.

CVE-2025-30064 Possibility to generate a session for any user via the "ex:action" parameter after obtaining access to the JWT key

An insufficiently secured internal function allows session generation for arbitrary users. The decodeParam function checks the JWT but does not verify which signing algorithm was used. As a result, an attacker can use the "ex:action" parameter in the VerifyUserByThrustedService function to genera...

PT-2025-34858 · Unknown · Verifyuserbythrustedservice

Name of the Vulnerable Software and Affected Versions: versions prior to 2.3 Description: An insufficiently secured internal function allows session generation for arbitrary users. The decodeParam function checks the JWT but does not verify which signing algorithm was used. An attacker can use th...