16 matches found
Malicious code in @sasmeee/gamble (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware c87f47f35d7c73fd035a897353adf49aa127f906c05e5bb8ffa791b9465d8f71 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2025-4607 Malicious code in @chatbot-builder/core (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 6ace9cff4af8d9323da0b8644083e75867baace24814284462f536c574065052 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
CVE-2025-2970
...
GHSA-W6XV-37JV-7CJR vulnerabilities
Vulnerabilities for packages: libarchive...
GHSA-M52W-J3PC-G32G vulnerabilities
Vulnerabilities for packages: chromium...
GHSA-PGGR-CGRF-HXVH vulnerabilities
Vulnerabilities for packages: mysql...
CVE-2025-21510
CVE-2025-21510 affects Oracle JD Edwards EnterpriseOne Tools (Web Runtime SEC) prior to 9.2.9.0. An unauthenticated, network-accessible (HTTP) attacker can compromise data or gain full access to Tools. Fixed in 9.2.9.x line; NCSC notes 9.2.9.2; Oracle CPU Jan 2025 advisory references patches. Exp...
GHSA-P54P-P3QM-8VGJ vulnerabilities
Vulnerabilities for packages: dotnet-bootstrap...
CVE-2024-52803
LLama Factory enables fine-tuning of large language models. A critical remote OS command injection vulnerability has been identified in the LLama Factory training process. This vulnerability arises from improper handling of user input, allowing malicious actors to execute arbitrary OS commands on...
CVE-2024-52803 LLama Factory Remote OS Command Injection Vulnerability
LLama Factory enables fine-tuning of large language models. A critical remote OS command injection vulnerability has been identified in the LLama Factory training process. This vulnerability arises from improper handling of user input, allowing malicious actors to execute arbitrary OS commands on...
CVE-2024-52803
CVE-2024-52803 affects LLama Factory, where the training process is vulnerable to a remote OS command injection due to insecure use of Popen with shell=True and unsanitized user input. The issue allows an attacker to execute arbitrary OS commands on the host, with impact described as high for con...
MAL-2022-5294 Malicious code in perf-storage-blob-track-1 (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 567e0f79387c321ef5292bc42ca46151d74d37f8f9a468ccbb20d3a267dceca1 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
CVE-2024-23425
CVE-2024-23425 entry is rejected/not used and does not represent an active vulnerability.
CVE-2022-32682
...
CVE-2020-26351
...
CVE-2025-8130
This CVE entry is rejected/not used and does not represent an active vulnerability.