366 matches found
MAL-2025-41431 Malicious code in my-first-npm-package-1337 (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 622f63f2210c8958193f9ce9c83001c67fc6cf798441e7235c0aa4c7f1efa82f The OpenSSF Package Analysis project identified 'my-first-npm-package-1337' @ 1.0.2 npm as malicious. It is considered malicious because: - The...
Malicious code in theme-rushstack-suite-nav (npm)
The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 074f653dbf45333a4bcc8de28235ca35817a8f8c9e06e26b07010a325b039aa7 The OpenSSF Package Analysis project identified...
Malicious code in eslint-oldest (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis f80ac33a577e9ac06744364bddec668b736dd3e0f4a48d532c2dbdcb368e21b0 The OpenSSF Package Analysis project identified 'eslint-oldest' @ 99.0.9 npm as malicious. It is considered malicious because: - The package...
Malicious code in sdp-transform-writer (npm)
The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 5a7fe67cbf547a37aaa2286e629788d404dbcc306a63bd6edbd4101513e27138 The OpenSSF Package Analysis project identified 'sdp-transform-writer...
Malicious code in @navancorp/ta-travel (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 475cb3266e9f473c951bb35f87e31b76f08d312ee1916977eb7a125f339f7b7a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in google-webfonts-helper (npm)
The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis ba7d8c4c4151033fdccecb7ed439075f6c8eb39490462dd7b25aac68d2a22482 The OpenSSF Package Analysis project identified...
Malicious code in newrelic-scheduler (npm)
The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 283d0b11edc13929f769d9072e403ef35901c2c26167edbfadb2573cbadaa850 The OpenSSF Package Analysis project identified 'newrelic-scheduler' ...
Malicious code in formatjs-internal-intl (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 93108c8da3931417e2009ddb17d45ffd86062e129a805a7ff62f3361780fd2d6 The OpenSSF Package Analysis project identified 'formatjs-internal-intl' @ 1.0.0 npm as malicious. It is considered malicious because: - The...
CVE-2025-49534
Adobe Experience Manager versions FP11.4 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they brow...
MAL-2025-5249 Malicious code in nstmrt-stf-api (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 0da052c315a64ad23ddcebd853a91fc2f81597d0cd587326b5f7554911cc9d73 The OpenSSF Package Analysis project identified 'nstmrt-stf-api' @ 1.0.10 npm as malicious. It is considered malicious because: - The package...
Malicious code in raise-http-server (npm)
The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ec0703ba285b347d94b33a68fa9cf671e9118ede49585fc79f8716d46574e04a Any computer that has this package installed or running should be considered...
MAL-2025-4664 Malicious code in new-presentation-api (npm)
The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 542a173ba956753bc3d1570cb407b09ae92c7d5690bfacf0aa1bc2aa01f94990 Any computer that has this package installed or running should be considered...
CVE-2023-20114
A vulnerability in the file download feature of Cisco Firepower Management Center FMC Software could allow an authenticated, remote attacker to download arbitrary files from an affected system. This vulnerability is due to a lack of input sanitation. An attacker could exploit this vulnerability b...
Malicious code in ort-web-template (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 3e179ffca16c7ee28162f57656f14612c34005f447e5f557edc742a4dd9120e6 The OpenSSF Package Analysis project identified 'ort-web-template' @ 100.100.1337 npm as malicious. It is considered malicious because: - The...
Malicious code in gear-idea-common (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 7a66acd20e2061aa436f304d41c80567e858c74d563f53fcd774df5bce17c47b Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in document-inference (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 0519099776ddb5cbd1778fa5f043a1cad34d94d5116ae895120aba38608e7eb0 Packages that seem to be created by a legit bug bounty hunter. Designed to look like created by different organisations, they contain a couple of data...
CVE-2025-44866
Tenda W20E V15.11.0.6 was found to contain a command injection vulnerability in the formSetDebugCfg function via the level parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request...
MAL-2025-2585 Malicious code in vulnerable-dependency (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 39aee709a198819a063291a6ebb8c985b0335af324647cdc6492671701bfb294 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in n11-chatbot (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 1a368f528c1eb4b3da0f52628aed3b3e5ca54083842086c30a70a91d1110a3cf Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
ESRI ArcGIS AllSource Untrusted Search Path Vulnerability
ESRI ArcGIS AllSource is a Intelligence Analyzer software developed by ESRI. An untrustworthy search path vulnerability exists in ESRI ArcGIS AllSource, which can be exploited by an attacker to execute malicious commands...