Malicious code in @hover-design/core (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b03af3ac7b52b07f33bbcc22eb9afad4255a3c9c5f5ce300953bbedb4193751e The package @hover-design/core was found to contain malicious code. Source: ghsa-malware...

@hover-design/react (>=0.2.1-beta <=0.2.4-beta) potentially affected by unknown CVE via @hover-design/core (=0.0.1-beta)

@hover-design/core NPM version =0.0.1-beta is affected by a known vulnerability. The following packages have a transitive dependency on @hover-design/core and may be impacted: - @hover-design/react =0.2.1-beta, =0.2.4-beta Source cves: unknown CVE Source advisory: OSV:MAL-2025-191226...

MAL-2025-191226 Malicious code in @hover-design/core (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b03af3ac7b52b07f33bbcc22eb9afad4255a3c9c5f5ce300953bbedb4193751e The package @hover-design/core was found to contain malicious code. Source: ghsa-malware...

MAL-2025-190965 Malicious code in hover-design-prototype (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector db96c13324b014e92e639e93401c356c60bdd7d020bc22c5327900ccbab0220a The package hover-design-prototype was found to contain malicious code. Source: ghsa-malware...

Malicious code in hover-design-prototype (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector db96c13324b014e92e639e93401c356c60bdd7d020bc22c5327900ccbab0220a The package hover-design-prototype was found to contain malicious code. Source: ghsa-malware...

EUVD-2025-199078

Malicious code in hover-design-prototype npm...

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Sha1-hulud supply chain attack, and its content was removed from the official package manager. The malware functions as a self-replicating worm capable of...

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Sha1-hulud supply chain attack, and its content was removed from the official package manager. The malware functions as a self-replicating worm capable of...

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Sha1-hulud supply chain attack, and its content was removed from the official package manager. The malware functions as a self-replicating worm capable of...

WordPress Image Hover Effects Ultimate plugin <= 9.10.5 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ DOM-Based Stored Cross-Site Scripting vulnerability discovered by Webbernaut in WordPress Plugin Image Hover Effects Ultimate versions = 9.10.5...

WordPress Image Hover Effects for Elementor plugin <= 1.0.2.3 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Upload vulnerability

Missing Authorization to Authenticated Subscriber+ Arbitrary Plugin Upload vulnerability discovered by theviper17y in WordPress Plugin Image Hover Effects for Elementor versions = 1.0.2.3...

WordPress plugin多款产品 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. WordPress is a blogging platform developed using the PHP language, which provides the ability to host personal blog sites on PHP and MySQL-based...

Home Assistant has Stored XSS vulnerability in Energy dashboard from Energy Entity Name

Summary An authenticated party can add a malicious name to the Energy entity, allowing for Cross-Site Scripting attacks against anyone who can see the Energy dashboard, when they hover over any information point The blue bar in the picture below An alternative, and more impactful scenario, is tha...

EUVD-2025-34249

Home Assistant has Stored XSS vulnerability in Energy dashboard from Energy Entity Name...

EUVD-2021-12188

Malware in sbrugna...

EUVD-2021-11178

Malware in sbrugna...

EUVD-2025-19396

Malicious code in bioql PyPI...

EUVD-2025-4354

Malicious code in bioql PyPI...

EUVD-2025-10966

Malicious code in bioql PyPI...

EUVD-2023-27768

Malicious code in bioql PyPI...