CVE-2025-12872

The CVE-2025-12872 entry describes aStored Cross‑Site Scripting vulnerability in aEnrich’s a+HRD and a+HCM (Red Hat/other linked advisories confirm these products). The vulnerability arises from stored XSS where an authenticated remote attacker can upload files containing malicious JavaScript cod...

Pack-A-Mal: A Malware Analysis Framework for Open-Source Packages

The increasingly sophisticated environment in which attackers operate makes software security an even greater challenge in open-source projects, where malicious packages are prevalent. Static analysis tools, such as Malcontent, are highly useful but are often incapable of dealing with obfuscated...

CVE-2025-64106

Cursor is a code editor built for programming with AI. In versions 1.7.28 and below, an input validation flaw in Cursor's MCP server installation enables specially crafted deep-links to bypass the standard security warnings and conceal executed commands from users if they choose to accept the...

PT-2025-44664

Name of the Vulnerable Software and Affected Versions ELOG versions prior to 3.1.5-20251014 Description ELOG allows an authenticated user to upload arbitrary HTML files. The HTML content is executed in the context of other users when they open the file. The application includes usernames and...

Malicious code in shopifyql-parser (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 22c1e659f820da451cb67b3bf646d2511ccc31118a06138dbe97687430e7bbb4 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-48401 Malicious code in supplychain-firewall-benchmark-hello (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 19af5203b034f6420f173bf6e45719afeb28ecfe359a8858cbe814fe3cd55d11 The OpenSSF Package Analysis project identified 'supplychain-firewall-benchmark-hello' @ 1.10.2 npm as malicious. It is considered malicious...

EUVD-2008-0792

Malware in sbrugna...

EUVD-2020-13482

Malware in sbrugna...

EUVD-2020-28391

Malware in sbrugna...

EUVD-2019-1950

Malware in sbrugna...

EUVD-2025-18082

Malicious code in bioql PyPI...

EUVD-2022-45207

Malicious code in bioql PyPI...

EUVD-2023-51115

Malicious code in bioql PyPI...

EUVD-2022-47933

Malicious code in bioql PyPI...

EUVD-2025-10010

Malicious code in bioql PyPI...

Malicious code in mahmoudtest (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 72d145d1c87ce8ee88e57350f32db7041f4a990fa68d1cba09cf285ef03959a8 Any computer that has this package installed or running should be considered...

MAL-2025-46924 Malicious code in advisory_db_toolkit (RubyGems)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 6f9757e1ad29ad430d32886a0fcfa47e48a29e5e4af901f48e305216133028e6 The OpenSSF Package Analysis project identified 'advisorydbtoolkit' @ 99.99.99 rubygems as malicious. It is considered malicious because: - The...

MAL-2025-46937 Malicious code in monolith-twirp-support-helphub (RubyGems)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 97a64bd75388afe20d55befa04ed845034b1a467cace9204788c98fd29240024 The OpenSSF Package Analysis project identified 'monolith-twirp-support-helphub' @ 1.48.0 rubygems as malicious. It is considered malicious...

MAL-2025-41432 Malicious code in rncalltestapp (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 6fc98db0c619f19a0f211657b4cb50fafbe8c2126e93956f356f5077b62d285d The OpenSSF Package Analysis project identified 'rncalltestapp' @ 5.0.1 npm as malicious. It is considered malicious because: - The package...

CVE-2025-36174 IBM Integrated Analytics System file upload

IBM Integrated Analytics System 1.0.0.0 through 1.0.30.0 could allow an authenticated user to upload a file with dangerous types that could be executed by another user if opened...