93 matches found
Malicious Package
Overview lynx-keeper-cli is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...
Malicious Package
Overview lynx-keeper is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorshi...
Malicious code in lynx-keeper-cli (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9cebbf0e6cc5a35eea6e6869d295d072526b6ff7d566c49bc80f15952138cf88 lynx-keeper-cli ships a heavily obfuscated payload in dist/index.js that runs at require time. After a CI-evasion gate that aborts when...
Fake OpenAI Privacy Filter Repo Hits #1 on Hugging Face, Draws 244K Downloads
A malicious Hugging Face repository managed to take a spot in the platform's trending list by impersonating OpenAI's Privacy Filter open-weight model to deliver a Rust-based information stealer to Windows users. The project, named Open-OSS/privacy-filter, masqueraded as its legitimate counterpart...
Improper Synchronization
Overview Affected versions of this package are vulnerable to Improper Synchronization through the bridgeOut precompile. An attacker can restore their ERC-20 token balance and allowance after a burn operation by exploiting stale state overwrites in the dual-context state management, enabling...
Malicious Package
Overview keeper-secrets-manager is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this packag...
⚡ Weekly Recap: Firewall Flaws, AI-Built Malware, Browser Traps, Critical CVEs & More
Security failures rarely arrive loudly. They slip in through trusted tools, half-fixed problems, and habits people stop questioning. This week's recap shows that pattern clearly. Attackers are moving faster than defenses, mixing old tricks with new paths. "Patched" no longer means safe, and every...
WordPress Shabat Keeper plugin <= 0.4.4 - Reflected Cross-Site Scripting via $_SERVER['PHP_SELF'] vulnerability
Reflected Cross-Site Scripting via $SERVER'PHPSELF' vulnerability discovered by Abdulsamad Yusuf 0xVenus - Envorasec in WordPress Plugin Shabat Keeper versions = 0.4.4...
CVE-2025-13701
The Shabat Keeper plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the $SERVER'PHPSELF' parameter in all versions up to, and including, 0.4.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrar...
CVE-2025-13701 Shabat Keeper <= 0.4.4 - Reflected Cross-Site Scripting via $_SERVER['PHP_SELF']
The Shabat Keeper plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the $SERVER'PHPSELF' parameter in all versions up to, and including, 0.4.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrar...
CVE-2025-13701 Shabat Keeper <= 0.4.4 - Reflected Cross-Site Scripting via $_SERVER['PHP_SELF']
The Shabat Keeper plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the $SERVER'PHPSELF' parameter in all versions up to, and including, 0.4.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrar...
CVE-2025-13701
CVE-2025-13701 refers to Shabat Keeper, a WordPress plugin, with a Reflected Cross-Site Scripting vulnerability via the $_SERVER['PHP_SELF'] parameter. The vulnerability affects all versions up to and including 0.4.4 due to insufficient input sanitization and output escaping, enabling unauthentic...
CVE-2023-25793
Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in George Pattihis Link Juice Keeper plugin = 2.0.2 versions...
PT-2026-1707
Name of the Vulnerable Software and Affected Versions Shabat Keeper versions up to and including 0.4.4 Description The Shabat Keeper plugin for WordPress is susceptible to Reflected Cross-Site Scripting due to inadequate input sanitization and output escaping. This allows unauthenticated attacker...
WordPress plugin Shabat Keeper 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site scripting...
MAL-2025-192861 Malicious code in session-keeper (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6816e7c69a6752f4aeccba80eac83e7fd815e3388f21b4bfd007ccd6192dbc96 The package session-keeper was found to contain malicious code...
Malicious code in session-keeper (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6816e7c69a6752f4aeccba80eac83e7fd815e3388f21b4bfd007ccd6192dbc96 The package session-keeper was found to contain malicious code...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Sha1-hulud supply chain attack, and its content was removed from the official package manager. The malware functions as a self-replicating worm capable of...
Malicious code in @asyncapi/keeper (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 04b1620523a3ce8e3a6d91cc4b532723797a0cc56a36e303774caf14ef1acffd The package @asyncapi/keeper was found to contain malicious code. Source: ghsa-malware b4de90c140688e48a7bd263f6ce83227887405e7322154faa001d6bdf787cd...
EUVD-2025-198878
Malicious code in @asyncapi/keeper npm...