2002 matches found
Malicious code in @muaththir/api (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 66954b91179d60bfbf1c18e8ed8ed9e6b12ab7b13bc6ab2a4174c3bf063c2c0a On npm install, the package's preinstall lifecycle hook runs node index.js, which collects host identifiers os.userInfo.username, process.cwd, Node...
Malicious code in poly-utils (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f5aab464aac47233efb564c52d5818fef783efa856f8318c61d61ef99ca0da4e The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...
CVE-2023-45795 Pilz: XSS vulnerability in Pilz PASvisu and PMI v8xx
A cross-site scripting vulnerability in the Builder Component of Pilz PASvisu before 1.14.1 allows a local unauthenticated attacker to inject malicious javascript and gain full control over the device...
Vulnerabilities are managed in Oracle Enterprise Manager
Oracle has identified several vulnerabilities in Oracle Enterprise Manager versions 13.5 and 24.1. The vulnerabilities in Oracle Enterprise Manager Base Platform versions 13.5 and 24.1 allow an attacker with low or no privileges, and access via HTTP or HTTPS, to gain complete control over the...
MAL-2026-6019 Malicious code in @mastra/docker (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware dd2417620dd4f98c496cdb956e0e2cf1b55f25dcc57ad7a360f072acfa88ba9c Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in @mastra/s3vectors (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a80c7f7a2326cd8139c9d2f5441370092e3816b3f81fda0edbeaa15902ab816a The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...
Malicious code in @mastra/auth-better-auth (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b3f3ba577912ece34e70e0f5d94ee38bf681dc3f0d2a2125d0bbe95c98dbbe3a The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...
Malicious code in @mastra/deployer (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8ada3444d44067bbe5085e0892f7885b106c016c114676c2601b15bbb52ce4a4 The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...
Malicious code in @mastra/dynamodb (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2567710170942391d967675952bbdd9cd0f8d933cc39e4cf4460ca4c5b700097 The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...
Malicious code in vemos-sdk (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f18f311fac95924bd42c92d1dc842a2678b07e1c54481983238a10f08a33bef1 The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...
MAL-2026-5670 Malicious code in pui-diagnostics (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f05c21e14c3c230fc88a2e0513e8dcd1ba8eda06a21ee1371dd5277b4280740a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in experian-analytics-components (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 0b17ea66ee9c256e21971184546b027011520942070236a348fe0da478b5ac66 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
CVE-2026-9151 Command Injection Vulnerability in OpenVPN on Multiple TP-Link Archer Routers
An OS command injection vulnerability exists in the VPN module of TP-Link Archer AX12 v1, AX17 v1. AX18 v1, and AX1300 v1.6 routers. This vulnerability allows an adjacent, authenticated attacker to execute arbitrary commands on the device by importing a specially crafted VPN client configuration...
MAL-2026-5504 Malicious code in @easytipsportal/pos-adapters (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 2b3beea7d832b4efd2ebc9c3a8eb2ffe1507564985414f7cf399abbd8fc55bc6 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2026-5374 Malicious code in @doaction/mapstore (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9692028d96015eee60ce05d38eac9bf0c6e51dd2153cea37cad4756e3b4b3de9 @doaction/[email protected] is published to the public npm registry under a sentinel-high version 99.99.99 with a pinned @doaction/shared: ^99.99.99...
Malicious code in @doaction/mapstore (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9692028d96015eee60ce05d38eac9bf0c6e51dd2153cea37cad4756e3b4b3de9 @doaction/[email protected] is published to the public npm registry under a sentinel-high version 99.99.99 with a pinned @doaction/shared: ^99.99.99...
Malicious code in @doaction/examples (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 361bc047872fceb7885c47404eef734b43ce8e5e7f13554e79d011be6f383339 @doaction/[email protected] declares preinstall: node scripts/postinstall.js in package.json, which requires @doaction/shared/bin/postinstall.js. The...
MAL-2026-5348 Malicious code in os-ulid-void (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 531ba01f5b5d2442cc8070ae6feec31976f9b67957fa3b0936c2cea7b6034b81 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2026-5187 Malicious code in supabase (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware aa2bdcc065a6d4c2b1512f8b68fed22618050c0435c12890c74a2f1405c62093 Withdrawn Advisory This advisory has been withdrawn because the malware detection was a false positive. This link is maintained to preserve external...
CVE-2026-40546
SOPlanning is vulnerable to SQL Injection across multiple endpoints and parameters. Attacker with low privileges can inject arbitrary SQL commands, potentially gaining full control over the database. This issue affects SOPlanning version 1.55 and below...