MAL-2025-105013 Malicious code in lara-wallet-store (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector dd0becca1ce15b4ce8f2e4a5472e14dc67bbaaab50f29d51ff2b8c364388a410 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

EUVD-2025-81420

Malicious code in lara-soluble-pot npm...

Malicious code in lara-soluble-pot (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f158dc2f26dc6bbc11776d099d26f5c3c8aea470f39b6e9ac9e9f4ecc2f1c3e4 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

EUVD-2025-81419

Malicious code in lara-wallet-store npm...

Malicious code in lara-wallet-store (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector dd0becca1ce15b4ce8f2e4a5472e14dc67bbaaab50f29d51ff2b8c364388a410 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

EUVD-2020-13411

Malware in sbrugna...

CVE-2025-53832

Lara Translate MCP Server is a Model Context Protocol MCP Server for Lara Translate API. Versions 0.0.11 and below contain a command injection vulnerability which exists in the @translated/lara-mcp MCP Server. The vulnerability is caused by the unsanitized use of input parameters within a call to...

Arbitrary Command Injection

Overview @translated/lara-mcp is a Lara API official MCP server Affected versions of this package are vulnerable to Arbitrary Command Injection via the importTmx function in importtmx.ts. An attacker can execute arbitrary system commands by supplying crafted input to the tmxurl parameter, which i...

Translated Lara Translate MCP Server 命令注入漏洞

Translated Lara Translate MCP Server is a Translated open source application. A command injection vulnerability exists in Translated Lara Translate MCP Server version 0.0.11 and earlier, which stems from insufficient cleanup of input parameters and could lead to a command injection attack...

PT-2025-30308 · Unknown · @Translated/Lara-Mcp

Name of the Vulnerable Software and Affected Versions: @translated/lara-mcp versions 0.0.11 and below Description: A command injection vulnerability exists in the @translated/lara-mcp MCP Server due to the unsanitized use of input parameters within a call to child process.exec. Successful...

Drupal One Time Password module < 1.3.0 - Unauthenticated Broken Access Control vulnerability

Unauthenticated Broken Access Control vulnerability discovered by Conrad Lara cmlara in WordPress Module One Time Password versions 1.3.0...

Drupal One Time Password module < 1.3.0 - Unauthenticated Broken Access Control vulnerability

Unauthenticated Broken Access Control vulnerability discovered by Conrad Lara cmlara in WordPress Module One Time Password versions 1.3.0...

Drupal Advanced File Destination module * - Authenticated Multiple Vulnerabilities vulnerability

Authenticated Multiple Vulnerabilities vulnerability discovered by Conrad Lara cmlara in WordPress Module Advanced File Destination versions...

Drupal Enterprise MFA - TFA for Drupal module < 4.7.0,5.0.0-5.1.0 - Unauthenticated Broken Access Control vulnerability

Drupal Enterprise MFA - TFA for Drupal module 4.7.0,5.0.0-5.1.0 - Unauthenticated Broken Access Control vulnerability discovered by Conrad Lara cmlara in WordPress Module Enterprise MFA - TFA for Drupal versions 4.7.0,5.0.0-5.1.0...

Drupal Two-factor Authentication (TFA) module < 1.10.0 - Unauthenticated Broken Access Control vulnerability

Unauthenticated Broken Access Control vulnerability discovered by Conrad Lara cmlara in WordPress Module Two-factor Authentication TFA versions 1.10.0...

CVE-2024-47817

Lara-zeus Dynamic Dashboard simple way to manage widgets for your website landing page, and filament dashboard and Lara-zeus artemis is a collection of themes for the lara-zeus ecosystem. If values passed to a paragraph widget are not valid and contain a specific set of characters, applications a...

CVE-2024-47817 Unvalidated paragraph widget values can be used for Cross-site Scripting in lara-zeus

Lara-zeus Dynamic Dashboard simple way to manage widgets for your website landing page, and filament dashboard and Lara-zeus artemis is a collection of themes for the lara-zeus ecosystem. If values passed to a paragraph widget are not valid and contain a specific set of characters, applications a...

CVE-2024-47817 Unvalidated paragraph widget values can be used for Cross-site Scripting in lara-zeus

Lara-zeus Dynamic Dashboard simple way to manage widgets for your website landing page, and filament dashboard and Lara-zeus artemis is a collection of themes for the lara-zeus ecosystem. If values passed to a paragraph widget are not valid and contain a specific set of characters, applications a...

CVE-2024-47817

The CVE-2024-47817 entry describes an XSS vulnerability in Lara-zeus Dynamic Dashboard and Artemis due to unvalidated values passed to a paragraph widget. Affected versions include Dynamic Dashboard v3.0.0 through v3.0.2; Artemis theme/dash components are also implicated. Root cause: improper val...

CVE-2024-47817 Unvalidated paragraph widget values can be used for Cross-site Scripting in lara-zeus

Lara-zeus Dynamic Dashboard simple way to manage widgets for your website landing page, and filament dashboard and Lara-zeus artemis is a collection of themes for the lara-zeus ecosystem. If values passed to a paragraph widget are not valid and contain a specific set of characters, applications a...