Malicious code in @hongfangze/progress (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 30ce725234e86c5968568e8c66969c293462123d379f788087b8a0a5d8ebed31 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

GHSA-FCFQ-M8P6-GW56

creationtimestamp| type| source ---|---|--- 2025-03-31 17:31:08+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/9716...

GHSA-2PVV-PH3X-2F9H

creationtimestamp| type| source ---|---|--- 2025-03-31 17:30:57+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/9708...

GHSA-V63M-X9R9-8GQP

creationtimestamp| type| source ---|---|--- 2025-03-21 17:19:21+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/8382...

GHSA-WMFP-MJF3-57F5

creationtimestamp| type| source ---|---|--- 2025-03-13 19:42:47+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/7485...

GHSA-Q9JP-XV4G-328F

creationtimestamp| type| source ---|---|--- 2025-03-10 21:39:27+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/7070...

GHSA-VWJX-MMWM-PWRF

creationtimestamp| type| source ---|---|--- 2025-03-06 22:33:45+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/6775...

GHSA-MF24-CHXH-HMVJ

creationtimestamp| type| source ---|---|--- 2025-03-06 21:34:37+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/6767...

GHSA-C724-3XG7-G3HF

creationtimestamp| type| source ---|---|--- 2025-03-05 21:35:05+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/6625...

GHSA-WQ2P-5PC6-WPGF

creationtimestamp| type| source ---|---|--- 2025-02-27 17:25:18+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/5724...

GHSA-3GQJ-66QM-25JQ

creationtimestamp| type| source ---|---|--- 2025-02-25 19:23:55+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/5362...

GHSA-G5FM-JQ4J-C2C7

creationtimestamp| type| source ---|---|--- 2025-02-25 15:23:16+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/5297...

GHSA-P44G-M5W8-GWHM

creationtimestamp| type| source ---|---|--- 2025-02-17 00:19:06+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/4611 2025-02-17 00:20:11+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/4616 2025-02-17 00:21:07+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/4621 2025-02-17 00:22:13+00:00...

CVE-2025-25186

Net::IMAP implements Internet Message Access Protocol IMAP client functionality in Ruby. Starting in version 0.3.2 and prior to versions 0.3.8, 0.4.19, and 0.5.6, there is a possibility for denial of service by memory exhaustion in net-imap's response parser. At any time while the client is...

CVE-2025-25186 Net::IMAP vulnerable to possible DoS by memory exhaustion

Net::IMAP implements Internet Message Access Protocol IMAP client functionality in Ruby. Starting in version 0.3.2 and prior to versions 0.3.8, 0.4.19, and 0.5.6, there is a possibility for denial of service by memory exhaustion in net-imap's response parser. At any time while the client is...

CVE-2025-25186 Net::IMAP vulnerable to possible DoS by memory exhaustion

Net::IMAP implements Internet Message Access Protocol IMAP client functionality in Ruby. Starting in version 0.3.2 and prior to versions 0.3.8, 0.4.19, and 0.5.6, there is a possibility for denial of service by memory exhaustion in net-imap's response parser. At any time while the client is...

CVE-2025-25186

Net::IMAP implements Internet Message Access Protocol IMAP client functionality in Ruby. Starting in version 0.3.2 and prior to versions 0.3.8, 0.4.19, and 0.5.6, there is a possibility for denial of service by memory exhaustion in net-imap's response parser. At any time while the client is...

GHSA-5RJC-JC28-CWGG

creationtimestamp| type| source ---|---|--- 2025-02-07 21:03:02+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/3830...

CVE-2022-24752

SyliusGridBundle is a package of generic data grids for Symfony applications. Prior to versions 1.10.1 and 1.11-rc2, values added at the end of query sorting were passed directly to the database. The maintainers do not know if this could lead to direct SQL injections but took steps to remediate t...

CVE-2022-24743

Sylius is an open source eCommerce platform. Prior to versions 1.10.11 and 1.11.2, the reset password token was not set to null after the password was changed. The same token could be used several times, which could result in leak of the existing token and unauthorized password change. The issue ...