MAL-2025-16701 Malicious code in cedrus-example-loader (npm)

The package cedrus-example-loader was found to contain malicious code...

MAL-2025-20032 Malicious code in example-ethers-v4 (npm)

The package example-ethers-v4 was found to contain malicious code...

MAL-2025-7111 Malicious code in @bazel-example/vue-library (npm)

The package @bazel-example/vue-library was found to contain malicious code...

MAL-2025-19824 Malicious code in eslint-config-colourbox-example (npm)

The package eslint-config-colourbox-example was found to contain malicious code...

MAL-2025-30999 Malicious code in qdrant-node-js-basic-example (npm)

The package qdrant-node-js-basic-example was found to contain malicious code...

MAL-2025-15689 Malicious code in binary-install-example (npm)

The package binary-install-example was found to contain malicious code...

MAL-2025-32502 Malicious code in rso-example-app (npm)

The package rso-example-app was found to contain malicious code...

Malicious code in geospatial-example (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 74393d640797f18f4e110cfb20f3f2be681c867e2383cfa386f78a3fad2065f8 The OpenSSF Package Analysis project identified 'geospatial-example' @ 2.0.0 npm as malicious. It is considered malicious because: - The package...

MAL-2025-6874 Malicious code in geospatial-example (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 74393d640797f18f4e110cfb20f3f2be681c867e2383cfa386f78a3fad2065f8 The OpenSSF Package Analysis project identified 'geospatial-example' @ 2.0.0 npm as malicious. It is considered malicious because: - The package...

PT-2025-34323 · Pypi · Litestar

Summary Litestar does not escape url paths when logging exceptions. This makes logger vulnerable to CRLF injection if logging level is configured to debug or log exceptions is set to "always", which allows attackers to inject newlines and forge log entries. Details Litestar directly formats...

Onion Site Template 信任管理问题漏洞

Onion Site Template is a self-hosted example from Vessel9817 Individual Developer. Onion Site Template suffers from a trust management issue vulnerability that stems from the inclusion of a fixed tor mirror, which could lead to a compromised website...

br.net.woodstock.rockframework:rockframework-struts (>=2.0.0 <=2.0.8), br.net.woodstock.rockframework:rockframework-web (>=1.2.1 <=3.0.1) +25 more potentially affected by CVE-2025-54656 via org.apache.struts:struts-extras (>=1.3.10 <=1.3.8)

org.apache.struts:struts-extras MAVEN version =1.3.10, =2.0.0, =1.2.1, =0.4.5, =0.4.5, =0.4.5, =0.4.5, =0.4.5, =0.4.5, =0.4.5, =0.4.5, =0.4.5, =2.1.1, =3.0-beta-1, =3.0.0 and more Source cves: CVE-2025-54656 Source advisory: SNYK:JAVA-ORGAPACHESTRUTS-11502096...

CVE-2025-43240

A logic issue was addressed with improved checks. This issue is fixed in Safari 18.6, macOS Sequoia 15.6. A download's origin may be incorrectly associated...

Malicious code in ethical-ping-example (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=-...

MAL-2025-6720 Malicious code in ethical-ping-example (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=-...

JavaDeserH2HC

This repository contains sample codes for the Hackers to Hackers Conference magazine 2017 H2HC. The codes are designed to demonstrate various exploitation techniques, specifically focusing on Java deserialization vulnerabilities. The primary vulnerability class/vector targeted is Java...

TelegAI Cross Site Scripting

TelegAI, a web application for constructing and chatting with AI Characters, is vulnerable to persistent cross site scripting vulnerabilities in its chat component and character container component. An attacker can achieve arbitrary client-side script execution by crafting an AI Character with SV...

Malicious code in pxsceneui-example-03 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f7a2056080eb99ee23c3a6b2689ac55d696a6b788fb2030a60415a006ee3ab16 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-5950 Malicious code in pxsceneui-example-03 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f7a2056080eb99ee23c3a6b2689ac55d696a6b788fb2030a60415a006ee3ab16 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

HASSLE: a Self-Supervised Learning Enhanced Hijacking Attack on Vertical Federated Learning

Vertical Federated Learning VFL enables an orchestrating active party to perform a machine learning task by cooperating with passive parties that provide additional task-related features for the same training data entities. While prior research has leveraged the privacy vulnerability of VFL to...