MAL-2024-7049 Malicious code in @yu-life/yulife-bdd-framework (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 8dfe091de922cc251578223955b74b56ade98fa67b719bcaa584d3403602f992 The OpenSSF Package Analysis project identified '@yu-life/yulife-bdd-framework' @ 0.0.72 npm as malicious. It is considered malicious because: -...

Malicious code in example-arc-server (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 313fe2f7f49471a9351eff38bafe5bf3968444661867230198924b55a3e94909 The OpenSSF Package Analysis project identified 'example-arc-server' @ 100.0.2 npm as malicious. It is considered malicious because: - The packa...

Malicious code in business-kpi-manager (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis d40c2ea693da70760733dd3ec3fd7dd594c8c49c6e937ec9699b9ec831cc960e The OpenSSF Package Analysis project identified 'business-kpi-manager' @ 4.0.4 npm as malicious. It is considered malicious because: - The packa...

CVE-2024-2637 Insecure Loading of Code in B&R Products

An Uncontrolled Search Path Element vulnerability in B&R Industrial Automation Scene Viewer, B&R Industrial Automation Automation Runtime, B&R Industrial Automation mapp Vision, B&R Industrial Automation mapp View, B&R Industrial Automation mapp Cockpit, B&R Industrial Automation mapp Safety, B&R...

CVE-2023-46714

A stack-based buffer overflow CWE-121 vulnerability in Fortinet FortiOS version 7.2.1 through 7.2.6 and version 7.4.0 through 7.4.1 allows a privileged attacker over the administrative interface to execute arbitrary code or commands via crafted HTTP or HTTPs requests...

MAL-2024-1357 Malicious code in by-fetch (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware bbe17032deb287c69fb57c7e240590cb829a046c49e904b65d01686694636d5b Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in epc-primer-ui-tags (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis cfb923577e57629ff06e092f23f6da4b29067756b213c6e923154649d8f93aca The OpenSSF Package Analysis project identified 'epc-primer-ui-tags' @ 66.6.9 npm as malicious. It is considered malicious because: - The packag...

MAL-2024-1317 Malicious code in epc-primer-ui-tags (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis cfb923577e57629ff06e092f23f6da4b29067756b213c6e923154649d8f93aca The OpenSSF Package Analysis project identified 'epc-primer-ui-tags' @ 66.6.9 npm as malicious. It is considered malicious because: - The packag...

CVE-2024-25708

There is a stored Cross-site Scripting vulnerability in Esri Portal for ArcGIS Enterprise Web App Builder versions 10.9.1 and below that may allow a remote, authenticated attacker to create a crafted link which when clicked could potentially execute arbitrary JavaScript code in the victim’s...

MAL-2024-1169 Malicious code in qlik-sense-dev (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 65fd03500a82dc6ac997cdeb7275cc6c67cae34d382b293886407c96166bc357 The OpenSSF Package Analysis project identified 'qlik-sense-dev' @ 5.9.991 npm as malicious. It is considered malicious because: - The package...

MAL-2024-1168 Malicious code in qlik-sense-poc (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis e3ca1728f46e0ecfd22305ab1dd8de7134e1d067e7c76f5d9e4871424fbf9148 The OpenSSF Package Analysis project identified 'qlik-sense-poc' @ 5.5.991 npm as malicious. It is considered malicious because: - The package...

MAL-2024-1176 Malicious code in optus-sport-ctv (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 7e77d4e5b4d39f3120c7742b9d7a7e79b69f2d5a5ed122b1f57add9d3564a752 The OpenSSF Package Analysis project identified 'optus-sport-ctv' @ 99.3.0 npm as malicious. It is considered malicious because: - The package...

Malicious code in amcharts-accessibility-plugin (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 3d8c46b66a30d5f77349bdbe5c55b3412346a1b9ee26009a3ee535cdcf1e1677 The OpenSSF Package Analysis project identified 'amcharts-accessibility-plugin' @ 99.3.0 npm as malicious. It is considered malicious because: -...

MAL-2024-1156 Malicious code in commandlib (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 64d4a50bf3fdea05ae20a06941d278f50e75d47cacc332a89a31934b2cdef5c0 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2024-1129 Malicious code in espn-react-oneid (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 4692f32d575cbdbf797aea5aabd0d50c4015884bfac1ce7b40006443bd8759f6 The OpenSSF Package Analysis project identified 'espn-react-oneid' @ 1.0.0 npm as malicious. It is considered malicious because: - The package...

MAL-2024-1105 Malicious code in lyft-settings (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 11c2890ec2321b818585ae36669c7c7b9b8b88d0b0b4c7b47679988a9908c569 The OpenSSF Package Analysis project identified 'lyft-settings' @ 5.9.1 pypi as malicious. It is considered malicious because: - The package...

CVE-2024-1723 SiteOrigin Widgets Bundle <= 1.58.7 - Authenticated (Contributor+) Stored Cross-Site Scripting

The SiteOrigin Widgets Bundle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several parameters in all versions up to, and including, 1.58.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor acce...

Malicious code in ycs (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 8fcf222dfcf6f0f36588b0c11a3e0fd28bac1b86cccc3eac8afb5f9243afffb7 The OpenSSF Package Analysis project identified 'ycs' @ 3.9.9 npm as malicious. It is considered malicious because: - The package communicates...

Malicious code in testien1 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis dfd0b0e3c7d3359aa58759eee0924f42ff5a20aedc9be9bfcffe246fd5de6eda The OpenSSF Package Analysis project identified 'testien1' @ 1.0.0 npm as malicious. It is considered malicious because: - The package executes...

Malicious code in crumpet (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 42425457cf6a4b96a2353dfbbab52426f6a871b0db230861f31e6b68513b37da The OpenSSF Package Analysis project identified 'crumpet' @ 1.0.4 npm as malicious. It is considered malicious because: - The package communicat...