MAL-2026-5533 Malicious code in @coze-common/chat-area (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 89b49d08422192fa57b4739bf462f0e8b3c206b2c3cfad15578ac92dd6f47b04 This package is a dependency-confusion/namespace-squat against ByteDance's @coze-common scope. The library is hollow — index.js is module.exports = a...

Malicious code in shopify-app-bridge-internal (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b21c63417fe3a82fd514d0af7c913fb3c1cd62915839dc8910483fb6484bbbd9 The package's preinstall lifecycle script in package.json runs unconditionally on npm install and issues an HTTPS GET to...

PT-2026-44041

Name of the Vulnerable Software and Affected Versions Erlang OTP versions 19.3 through 26.2.5.20 Erlang OTP versions 26.2.5.21 through 27.3.4.11 Erlang OTP versions 27.3.4.12 through 28.5.0.0 Erlang OTP versions 28.5.0.1 through 29.0.0 public key versions 1.4 through 1.15.1.6 public key versions...

EUVD-2026-17538

An arbitrary file overwrite vulnerability in FLY is FUN Aviation Navigation v35.33 allows attackers to overwrite critical internal files via the file import process, leading to arbitrary code execution or information exposure...

FLY is FUN Aviation Navigation 安全漏洞

FLY is FUN Aviation Navigation is a flight navigation and chart browsing application developed by the Czech company FLY is FUN. Version v35.33 of FLY is FUN Aviation Navigation contains a security vulnerability. This vulnerability stems from an issue with file import processes, where arbitrary...

CVE-2020-7644

fun-map through 3.3.1 is vulnerable to Prototype Pollution. The function assocInM could be tricked into adding or modifying properties of 'Object.prototype' using a 'proto' payload...

yintibao Fun Print Mobile 安全漏洞

yintibao Fun Print Mobile is a mini-printer companion mobile application from China-based yintibao yintibao. A security vulnerability exists in yintibao Fun Print Mobile that stems from an exported Activity bypassing security controls, which could lead to Gmail inbox access...

EUVD-2025-117361

Malicious code in fun-coffee-butterfly npm...

Malicious code in fun_pony_z3n (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1cf683a9c7bf985dc0b7cf4f80a823a3bf14c42100508427700a310b3e9f0fea This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

EUVD-2025-98753

Malicious code in funponyz3n npm...

EUVD-2025-74625

Malicious code in funtroutbeige-70 npm...

Malicious code in fun-maroon-pike (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 26af88761afc73e2ba0b04877773dc1a295394c637b216673c147f7880e3f104 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

EUVD-2025-54199

Malicious code in fun-amaranth-crow npm...

EUVD-2025-54198

Malicious code in fun-magenta-salamander npm...

EUVD-2025-54197

Malicious code in fun-maroon-pike npm...

EUVD-2025-54196

Malicious code in fun-orange-manatee npm...

EUVD-2025-54195

Malicious code in fun-rose-pinniped npm...

Malicious code in fun-rose-pinniped (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2d4bbbc1283ccb9d5328664b4f856e6f1f31c08f7860db0b845572c05dbb5f5c This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

CVE-2025-10313

The Find And Replace content for WordPress plugin for WordPress is vulnerable to unauthorized Stored Cross-Site Scripting and Arbitrary Content Replacement due to a missing capability check on the faradminajaxfun function in all versions up to, and including, 1.1. This makes it possible for...

EUVD-2007-3196

Malware in sbrugna...