sherlock 操作系统命令注入漏洞

Sherlock is an open-source username search tool developed by Sherlock. Versions of Sherlock prior to 0.16.1 contained a vulnerability related to operating system command injection. This vulnerability originated from the pullrequesttarget trigger in the GitHub Actions workflow...

Malicious code in @faq-component/core (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cc9231d4632473ef4031ec55df06f361942089d230a511407a1cbdce5716ed7f The package @faq-component/core was found to contain malicious code. Source: ghsa-malware...

MAL-2025-191098 Malicious code in frontity-starter-theme (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 13b1b354fa335b058cf3b6af9fd24bc83609696da8937e6d103a4bdf3196ec2f The package frontity-starter-theme was found to contain malicious code. Source: ghsa-malware...

PayloadsAllTheThings

It is an offensive tool for general-purpose payloads. The repository contains a collection of payloads, but no specific exploit or vulnerability is identified. However, the presence of a GitHub Action workflow file .github/FUNDING.yml suggests that the repository may be used for generating or...