Malicious code in wdpr-test-package (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis aa07fe623ed4f4dd2faf6053e7bdf936f13e8e3ee0dd7ffcc9af37cc778eef8c The OpenSSF Package Analysis project identified 'wdpr-test-package' @ 999.999.999 npm as malicious. It is considered malicious because: - The...

Malicious code in cros_infotest_1 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis d49ce8fd236e1053b560be3f562809f285f0a971956a6466386bb6be5df13de7 The OpenSSF Package Analysis project identified 'crosinfotest1' @ 1.0.0 npm as malicious. It is considered malicious because: - The package...

Malicious code in com.unity.2d.common (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 75a37bfaf17aed750692186fe017783457f38ab50f15f7a49ddb94033cb27443 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in @awan_7715/model-viewer-space-opera (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis e555e285993ff5179f3dad8424c83097053d02d6b4a91a72319eaabb6f1e6282 The OpenSSF Package Analysis project identified '@awan7715/model-viewer-space-opera' @ 1.1.1 npm as malicious. It is considered malicious becaus...

Tuned: `script_pre` and `script_post` options allow to pass arbitrary scripts executed by root

...

Malicious code in microsoft.applicationinsights.persistencechannel (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 0c6d541610ea02e1c898560a24798cf5ccb4c38d66f367bc6f205cc4fe5377dc The OpenSSF Package Analysis project identified 'microsoft.applicationinsights.persistencechannel' @ 99.99.99 npm as malicious. It is considered...

Malicious code in snap-kit-react-native (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 591274c196648c43d806cc38ac33a04319ff82c5c4c9b1028590552c1fe4a841 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2024-28141

CVE-2024-28141 describes a Cross-Site Request Forgery vulnerability in a web application used by Image Access Scan2Net. The issue allows an attacker to trick authenticated users into performing actions on the application (e.g., resetting an admin password or creating new users) when visiting a ma...

Malicious code in @aoflmkt/app-call (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 7ceabbeb0d20f6267c8883498e7c31aa52148eff458969a12d2397d930978d85 The OpenSSF Package Analysis project identified '@aoflmkt/app-call' @ 100.100.106 npm as malicious. It is considered malicious because: - The...

MAL-2024-11234 Malicious code in adminconsole (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 88480db379ccb5378aada30388162f00d8033acb86b62e8d2e490533646c4a4d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

LibreNMS stored cross-site scripting (XSS) vulnerability in the Device Settings section

A stored cross-site scripting XSS vulnerability in the Device Settings section of LibreNMS v24.9.0 to v24.10.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Display Name parameter...

Malicious code in finn-pulse-init (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 8556cda5df574e7c339a9e910f83692fefe384dd8c3c1107fafd270c8057a170 The OpenSSF Package Analysis project identified 'finn-pulse-init' @ 1.0.7 npm as malicious. It is considered malicious because: - The package...

postgresql: PostgreSQL row security below e.g. subqueries disregards user ID changes

A flaw was found in PostgreSQL. This vulnerability allows incorrect row-level security policies to be applied via subqueries, WITH queries, security invoker views, or SQL-language functions that reference tables with row-level security policies. This issue arises when a query is planned under one...

CVE-2024-38658

CVE-2024-38658 describes an out-of-bounds read in Fuji Electric V-Server and V-Server Lite (versions 4.0.19.0 and earlier). Opening a specially crafted file may disclose information and/or allow arbitrary code execution. Affected components include the remote monitoring software and its graphic e...

Malicious code in eth-based-p2p-e2e-latency (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 596b12335f8cd6e12055b2a8df2f4afb1a74c9275d3f22a0e21bc003956092ca Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2024-10740 Malicious code in spirvls (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware bba9fe6fc980865e5643c34c0726f1a0f4fddf0e445aa865036b6024d56026b7 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in arkoselabs (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 16b2091fae4c54db03b3115cf52717160432074803439f716332ff9c35482ba7 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in autolink-jira-issue (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware d899824dec6a9efaddf4482f495ca1b557fc0ec18d4371e0214c6397fd95ee71 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2024-51757 Fixes security vulnerability that allowed for server side code to be executed by a <script> tag

happy-dom is a JavaScript implementation of a web browser without its graphical user interface. Versions of happy-dom prior to 15.10.2 may execute code on the host via a script tag. This would execute code in the user context of happy-dom. Users are advised to upgrade to version 15.10.2. There ar...

CVE-2024-48059

gaizhenbiao/chuanhuchatgpt project, version =20240802 is vulnerable to stored Cross-Site Scripting XSS in WebSocket session transmission. An attacker can inject malicious content into a WebSocket message. When a victim accesses this session, the malicious JavaScript is executed in the victim's...