Malicious code in example-app-node (npm)

The package communicates with a domain associated with malicious activity...

Malicious code in example-yarn (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=-...

MAL-2025-655 Malicious code in example-yarn (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=-...

MAL-2025-654 Malicious code in example-app-node (npm)

The package communicates with a domain associated with malicious activity...

NEXT-EMP 1.0 Shell Upload Vulnerability

Titles: NEXT-EMP v1.0-Copyright © 2024. All rights reserved. File Upload-FU and Remote Code Execution-RCE Vulnerabilities Author: nu11secur1ty Date: 01/29/2025 Vendor: https://www.mayurik.com/ Software:...

kube-audit-rest's example logging configuration could disclose secret values in the audit log

Impact What kind of vulnerability is it? Who is impacted? If the "full-elastic-stack" example vector configuration was used for a real cluster, the previous values of kubernetes secrets would have been disclosed in the audit messages. Patches Has the problem been patched? What versions should use...

GHSA-HCR5-WV4P-H2G2 kube-audit-rest's example logging configuration could disclose secret values in the audit log

Impact What kind of vulnerability is it? Who is impacted? If the "full-elastic-stack" example vector configuration was used for a real cluster, the previous values of kubernetes secrets would have been disclosed in the audit messages. Patches Has the problem been patched? What versions should use...

DFG JIT Use-After-Free

DFG's doesGC is incorrect about the HasIndexedProperty operation's behavior on StringObjects. This can lead to a use-after-free condition. See also https://bugs.chromium.org/p/project-zero/issues/detail?id=1699 for a similar issue. The DFG JIT compiler attempts to determine whether a DFG IR...

Exploit for Server-Side Request Forgery in Havocframework Havoc

CVE-2024-41570 | Havoc C2 SSRF with RCE | Automated Reverse Sh...

Malicious code in core-example (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 5ef412a8312b13b80beb12231488912f1488467e51c76b84f58deacd8e57488c Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-176 Malicious code in core-example (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 5ef412a8312b13b80beb12231488912f1488467e51c76b84f58deacd8e57488c Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2025-23808

Cross-Site Request Forgery CSRF vulnerability in Dutch van Andel Custom List Table Example custom-list-table-example allows Reflected XSS.This issue affects Custom List Table Example: from n/a through = 1.4.1...

CVE-2025-23808

CVE-2025-23808 affects the WordPress plugin Custom List Table Example. The issue is described as CSRF leading to a reflected XSS, with a CVSS v3.1 base score of 7.1 (HIGH). Exploitation details, affected versions (from n/a through 1.4.1), and the reported status indicate this is a CSRF-to-reflect...

WordPress plugin Custom List Table Example 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation, a blogging platform developed in PHP. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. A cross-site request forgery vulnerability exists in WordPress plugin Custom Li...

Malicious code in example-app-next (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 2be5a6457ed09a44d55d954a5176fe895a1cd866bf1ca6f3b6e20a105121f0ff Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-87 Malicious code in example-app-next (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 2be5a6457ed09a44d55d954a5176fe895a1cd866bf1ca6f3b6e20a105121f0ff Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

PT-2025-4774 · Unknown · Next-Forge

Name of the Vulnerable Software and Affected Versions: next-forge affected versions not specified Description: The issue concerns a Next.js project boilerplate for modern web applications. A BASEHUB TOKEN is committed in the apps/web/.env.example file. Users are advised to avoid using this token...

[SECURITY] Fedora 40 Update: mupdf-1.24.6-2.fc40

MuPDF is a lightweight PDF viewer and toolkit written in portable C. The renderer in MuPDF is tailored for high quality anti-aliased graphics. MuPDF renders text with metrics and spacing accurate to within fractions of a pixel for the highest fidelity in reproducing the look of a printed page on...

Tsinghua Unigroup Archives Management System 安全漏洞

Tsinghua Unigroup Archives Management System is an electronic archives management system software from Tsinghua Unigroup China. A security vulnerability exists in Tsinghua Unigroup Archives Management System version 3.2.21080262532, which originates from a path traversal caused by the parameter...

Malicious code in byted-example (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 601d1b950741fa25c188fd49b91f64f95cd11170ccea1ac1e731ba8dee490ef6 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...