4175 matches found
EUVD-2025-199039
Malicious code in react-native-retriable-fetch npm...
MAL-2025-191004 Malicious code in react-native-retriable-fetch (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f7a3d5e2b867c8c149b9f1a79751ad5cfa9699fe24ec38d49770f9f80a37b3aa The package react-native-retriable-fetch was found to contain malicious code. Source: ghsa-malware...
MAL-2025-191023 Malicious code in tenacious-fetch (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 61051d9fdf4393e5d5b5336a35ce010a5bd613ab5e8c9b1f45c9c3a409f365c5 The package tenacious-fetch was found to contain malicious code. Source: ghsa-malware 0c44fc9d1c7099876e590cd69eb0d5ff3928dcc439cfe74cce255584a3455cf...
EUVD-2025-199020
Malicious code in tenacious-fetch npm...
@jbrowse/core (>=1.4.0 <=1.7.3), @persistr/js (>=3.6.3 <=3.14.0) +5 more potentially affected by unknown CVE via tenacious-fetch (=2.3.1)
tenacious-fetch NPM version =2.3.1 is affected by a known vulnerability. The following packages have a transitive dependency on tenacious-fetch and may be impacted: - @jbrowse/core =1.4.0, =3.6.3, =1.0.5, =1.0.0, =1.2.0 Source cves: unknown CVE Source advisory: OSV:MAL-2025-191023...
Malicious code in tenacious-fetch (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 61051d9fdf4393e5d5b5336a35ce010a5bd613ab5e8c9b1f45c9c3a409f365c5 The package tenacious-fetch was found to contain malicious code. Source: ghsa-malware 0c44fc9d1c7099876e590cd69eb0d5ff3928dcc439cfe74cce255584a3455cf...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Sha1-hulud supply chain attack, and its content was removed from the official package manager. The malware functions as a self-replicating worm capable of...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Sha1-hulud supply chain attack, and its content was removed from the official package manager. The malware functions as a self-replicating worm capable of...
@jbrowse/core (>=1.4.0 <=1.7.3), @persistr/js (>=3.6.3 <=3.14.0) +5 more potentially affected by unknown CVE via tenacious-fetch (=2.3.1)
tenacious-fetch NPM version =2.3.1 is affected by a known vulnerability. The following packages have a transitive dependency on tenacious-fetch and may be impacted: - @jbrowse/core =1.4.0, =3.6.3, =1.0.5, =1.0.0, =1.2.0 Source cves: unknown CVE Source advisory: SNYK:JS-TENACIOUSFETCH-14103737...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Sha1-hulud supply chain attack, and its content was removed from the official package manager. The malware functions as a self-replicating worm capable of...
CVE-2025-65109
Minder is an open source software supply chain security platform. In Minder Helm version 0.20241106.3386+ref.2507dbf and Minder Go versions from 0.0.72 to 0.0.83, Minder users may fetch content in the context of the Minder server, which may include URLs which the user would not normally have acce...
CVE-2025-65109 Minder does not sandbox http.send in Rego programs
Minder is an open source software supply chain security platform. In Minder Helm version 0.20241106.3386+ref.2507dbf and Minder Go versions from 0.0.72 to 0.0.83, Minder users may fetch content in the context of the Minder server, which may include URLs which the user would not normally have acce...
CVE-2025-65109 Minder does not sandbox http.send in Rego programs
Minder is an open source software supply chain security platform. In Minder Helm version 0.20241106.3386+ref.2507dbf and Minder Go versions from 0.0.72 to 0.0.83, Minder users may fetch content in the context of the Minder server, which may include URLs which the user would not normally have acce...
CVE-2025-63889
The fetch function in file thinkphp\library\think\Template.php in ThinkPHP 5.0.24 allows attackers to read arbitrary files via crafted file path in a template value...
CVE-2025-63889
The fetch function in file thinkphp\library\think\Template.php in ThinkPHP 5.0.24 allows attackers to read arbitrary files via crafted file path in a template value...
PT-2025-47609
The fetch function in file thinkphplibrarythinkTemplate.php in ThinkPHP 5.0.24 allows attackers to read arbitrary files via crafted file path in a template value...
CVE-2025-12545
The Pixel Manager for WooCommerce – Track Conversions and Analytics, Google Ads, TikTok and more plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.49.2 via the ajaxpmwgetproductids function due to insufficient restrictions on which products can be...
WordPress plugin Local Syndication 代码问题漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A code issue...
Mozilla Firefox ESR < 52.4
The version of Firefox ESR installed on the remote macOS or Mac OS X host is prior to 52.4. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2017-22 advisory. - Mozilla developers and community members Christoph Diehl, Jan de Mooij, Jason Kratzer, Randell Jesup, Tom...
Mozilla Firefox < 56.0
The version of Firefox installed on the remote macOS or Mac OS X host is prior to 56.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2017-21 advisory. - Mozilla developers and community members Christian Holler, Jason Kratzer, Tobias Schneider, Tyson Smith, Davi...