MAL-2026-4418 Malicious code in @pluxee-connect/api-client (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0f5056dda18e9a9f440db7379d09fa1f9f7ff087ac00d6684170cddd40c240e9 On npm install, postinstall.js collects os.hostname, os.userInfo, and process.version and transmits them over plain HTTP to...

Malicious code in financial-crimes-general-utils (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 21f201c2aada618cb80f926b029f6b83b3f3bd9ffd0b35d5a4bb0c3aa1afd792 In specific environments, during installation, the package attempts to exfiltrate some basic information using DNS requests and then cover tracks by installing...

RUSTSEC-2023-0103 `postgress` was removed from crates.io for malicious code

This crate was part of a typosquatting malware cluster published by the malicious user amaperf and contained a malware payload in build.rs to exfiltrate host information to the attacker. This advisory is to retrospectively document this attempted attack. The version information and download recor...

CVE-2018-14473

CVE-2018-14473 affects OCS Inventory NG 2.4.1. The issue is an XXE (XML External Entity) due to improper XML parsing configuration, enabling an attacker to exfiltrate data or cause a Denial of Service via a crafted HTTP request. All connected documents corroborate the description; no specific pat...

Wordpress plugin fGallery 2.4.1 fimrss.php SQL Injection Vulnerability

Exploit for unknown platform in category web applications ====================================================================== Wordpress plugin fGallery 2.4.1 fimrss.php SQL Injection Vulnerability ======================================================================...