Malicious code in js-example (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware cc4563d5bd3e84486a04f455708e6480fadf633778880ca2710f2778aafad55c Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Firefox 135.0.1 Download Stresser

Firefox version 135.0.1 appears to suffer from a download looping issue that allows a malicious site to constantly download files to a user's browser. Exploit Title: Firefox 135.0.1 bypass Download protections PoC Date: 2025-02-28 Exploit Author: Emiliano Febbi Vendor Homepage:...

Cross-site Scripting (XSS)

Overview label-studio is a Label Studio annotation tool Affected versions of this package are vulnerable to Cross-site Scripting XSS through the /projects/upload-example endpoint due to improper sanitization of the input passed to the labelconfig query parameter. PoC Create a malicious label conf...

GHSA-WPQ5-3366-MQW4 Label Studio allows Cross-Site Scripting (XSS) via GET request to `/projects/upload-example` endpoint

Description Label Studio's /projects/upload-example endpoint allows injection of arbitrary HTML through a GET request with an appropriately crafted labelconfig query parameter. By crafting a specially formatted XML label config with inline task data containing malicious HTML/JavaScript, an attack...

ABB Cylon FLXeon 9.3.4 (app.js) Insecure CORS Configuration

Summary BACnet® Smart Building Controllers. ABB's BACnet portfolio features a series of BACnet® IP and BACnet MS/TP field controllers for ASPECT® and INTEGRA™ building management solutions. ABB BACnet controllers are designed for intelligent control of HVAC equipment such as central plant, boiler...

Malicious code in afip-example-api (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware af458f37f8afe450febaa14d76f15345bc5fe0f83c274593a481ac82dcc0bad1 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-1240 Malicious code in afip-example-api (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware af458f37f8afe450febaa14d76f15345bc5fe0f83c274593a481ac82dcc0bad1 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Astra Linux - уязвимость в runc

runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. A bug was found in runc prior to version 1.1.2 where runc exec --cap created processes with non-empty inheritable Linux process capabilities, creating an atypical Linux environment and enabling...

com.baidu.hugegraph:hugegraph-cassandra (>=0.7.4 <=0.11.2), com.baidu.hugegraph:hugegraph-dist (>=0.7.4 <=0.11.2) +97 more potentially affected by CVE-2025-23015 via org.apache.cassandra:cassandra-all (>=3.10 <=3.11.17)

org.apache.cassandra:cassandra-all MAVEN version =3.10, =0.7.4, =0.7.4, =0.7.4, =0.7.4, =0.7.4, =3.8.0-bv13, =3.8.0-bv13, =3.8.0-bv13, =3.8.0-bv13, =3.8.0-bv13, =3.8.0-bv13, =3.8.0-bv13, =3.8.0-bv13, =6.5.13, =6.5.13, =6.5.250 and more Source cves: CVE-2025-23015 Source advisory:...

Malicious code in example-advanced (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware fe22841f48a20657900f7b7c76268c6243981bb55e440bc22345c6b8831d42f6 Any computer that has this package installed or running should be considered...

MAL-2025-1217 Malicious code in example-advanced (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware fe22841f48a20657900f7b7c76268c6243981bb55e440bc22345c6b8831d42f6 Any computer that has this package installed or running should be considered...

Malicious code in ton-payment-channels-example (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware e9e7497de28b982ff9a30a2d494d34eca9c190bba81a330f16ca8cdf7955e20e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in lge-example (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 50473c9040c0e421b0ed196c99328de623d76a92ca2a5585abbb9e95c71e33c0 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in webhook-example-coinbase-commerce-node (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware caf969b51a297b05f640bf97cc7a17661d904a676086486f87b2d3241a30e431 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-1196 Malicious code in webhook-example-coinbase-commerce-node (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware caf969b51a297b05f640bf97cc7a17661d904a676086486f87b2d3241a30e431 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in deferred-example (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 38dc68c75cb202e1290f22eb1e64cef5c216402392a2e18f51514c56b50134de Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in paytm-blink-checkout-vue2-example (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 385d687658556da26e8a2d0bb6c9e941618705df2a677b38734b42ee715d7c5b Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-1108 Malicious code in deferred-example (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 38dc68c75cb202e1290f22eb1e64cef5c216402392a2e18f51514c56b50134de Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in flux-example-chat (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 25c56a7bd2b361d914ee94cd9ec12e8fe10e84358352b4cab6490131e216dbad Any computer that has this package installed or running should be considered...

MAL-2025-707 Malicious code in flux-example-chat (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 25c56a7bd2b361d914ee94cd9ec12e8fe10e84358352b4cab6490131e216dbad Any computer that has this package installed or running should be considered...