Malicious code in stablecoin-evm (npm)

This package is considered malicious because it communicates with a domain associated with malicious activity and the package executes one or more commands associated with malicious behavior. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware...

Malicious code in tec-docs (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 125ddb22e15354e2319586116faa892343d4a86c8f79c9d6ed274d9acfb5f20d The OpenSSF Package Analysis project identified 'tec-docs' @ 1.0.0 npm as malicious. It is considered malicious because: - The package...

PT-2024-40233 · Packagist · Silverstripe/Framework

Name of the Vulnerable Software and Affected Versions: No specific software or versions mentioned. Description: An authenticated user with page edit permission can craft HTML that, when rendered in a page history comparison, can execute client scripts. Recommendations: At the moment, there is no...

Malicious code in rich-relevance (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware d5443947e62cbe3633e1bc05cb45ee61214822d2115a1f87f6cf25a4c141d226 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in cst-web-chat (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f29459986483506a5bda069545676e4bfc990a37afd3dc286ba0e882cc4c8442 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in roblox.lua (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis e40a28a758bd57252f74153dd5b2a9b6358608bfa2ec08c301e3647a7721e35a The OpenSSF Package Analysis project identified 'roblox.lua' @ 1.0.0 npm as malicious. It is considered malicious because: - The package...

Malicious code in @assurantlabs/home-device-inventory (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis a9af4bb0451549784551651c28cdaaa58ba61dff221c8c9b2dced0075f92a10f The OpenSSF Package Analysis project identified '@assurantlabs/home-device-inventory' @ 999.100.1 npm as malicious. It is considered malicious...

Malicious code in @socialdeal/uikit-whitelabel (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis d53c0749d21786a6b7eeea319c37d26573f1ded671dc9cbed9e4508d9b65a2c0 The OpenSSF Package Analysis project identified '@socialdeal/uikit-whitelabel' @ 999.100.1 npm as malicious. It is considered malicious because:...

Malicious code in uidm-react-lib (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 46d06a0532602d59ada5b5296d3344ff79c9be233ff036127aad80ba624e6e95 The OpenSSF Package Analysis project identified 'uidm-react-lib' @ 99.99.1 npm as malicious. It is considered malicious because: - The package...

PDF-XChange Editor 安全漏洞

PDF-XChange Editor is a PDF-XChange company running on Microsoft Windows systems in the PDF file viewer software. A remote code execution vulnerability exists in PDF-XChange Editor, which can be exploited by an attacker to execute arbitrary code...

Malicious code in epc-notification-setting-web (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 7e2f6eb6b2d571a457c452301694f5e1f6da8ff1254c78f6837eaef6af78134e The OpenSSF Package Analysis project identified 'epc-notification-setting-web' @ 66.6.9 npm as malicious. It is considered malicious because: -...

Malicious code in scundev-pkg (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware d6b38dd087840ac0c2e03a22124c4b5eead12b96f0cc99579a07a8164172c516 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in not-exist-lykos-poc2 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 9fdf307a333300d88cdb5031c5f135a2fe51e2a01d4db763c2d1457111ce9fe4 The OpenSSF Package Analysis project identified 'not-exist-lykos-poc2' @ 66.6.9 npm as malicious. It is considered malicious because: - The...

Malicious code in ui-common-components-angular (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis c0d823ab954cd19f85bb933d25f8230386023a6a1fd15430efce0298f6a25aa9 The OpenSSF Package Analysis project identified 'ui-common-components-angular' @ 1.3.1 npm as malicious. It is considered malicious because: - T...

Malicious code in cz-ifood-conventional-changelog (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 65b5439bd3051d2315be6f4ae90f3235c5e41c2d9afa4a3c8f6ff3271c31cb9a The OpenSSF Package Analysis project identified 'cz-ifood-conventional-changelog' @ 1.0.101 npm as malicious. It is considered malicious because...

CVE-2024-28878

CVE-2024-28878 affects IO-1020 Micro ELD (IOSiX) prior to version 360. The issue is that the device downloads code from an adjacent location and executes it without adequately verifying origin or integrity, enabling potential code execution with high impact (confidentiality, integrity, availabili...

Malicious code in f3ngtest12345677 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 7c45841bc7c5a73373ee4764c017a128bb5dd286d34d5d4a2bf649338aa1644a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in lyft-core (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 2fa096ec56c6910a67c11cdb8b7ebb3bede054bf1ea7eb926fff07e2265c00dc The OpenSSF Package Analysis project identified 'lyft-core' @ 999.3.9 pypi as malicious. It is considered malicious because: - The package...

Malicious code in qlik-sense-dev (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 65fd03500a82dc6ac997cdeb7275cc6c67cae34d382b293886407c96166bc357 The OpenSSF Package Analysis project identified 'qlik-sense-dev' @ 5.9.991 npm as malicious. It is considered malicious because: - The package...

Backdoor.Win32.Agent.ju (PSYRAT) MVID-2024-0677 Bypass / Command Execution

Discovery / credits: Malvuln John Page aka hyp3rlinx c 2024 Original source: https://malvuln.com/advisory/0e6e40aad3e8d46e3c0c26ccc6ab94b3.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Agent.ju PSYRAT Vulnerability: Authentication Bypass RCE Family: PSYRAT Typ...