EUVD-2023-58169

Malicious code in bioql PyPI...

EUVD-2023-1437

Malicious code in bioql PyPI...

EUVD-2025-6566

Malicious code in bioql PyPI...

Malicious code in wide-lib (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f73134e4d528333c8306a8966d02b2302f48a8375f08bfb7529fbc30bbf2b196 Any computer that has this package installed or running should be considered...

MAL-2025-47865 Malicious code in wide-lib (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f73134e4d528333c8306a8966d02b2302f48a8375f08bfb7529fbc30bbf2b196 Any computer that has this package installed or running should be considered...

CVE-2025-26278

A prototype pollution in the lib.set function of dref v0.1.2 allows attackers to cause a Denial of Service DoS via supplying a crafted payload...

CVE-2025-26278

A prototype pollution in the lib.set function of dref v0.1.2 allows attackers to cause a Denial of Service DoS via supplying a crafted payload...

PT-2025-39378

Name of the Vulnerable Software and Affected Versions dref version 0.1.2 Description A prototype pollution issue exists in the lib.set function. This allows attackers to potentially cause a Denial of Service DoS by providing a specially crafted payload. The issue involves manipulating the prototy...

CVE-2025-26278

CVE-2025-26278 describes a prototype pollution in dref v0.1.2 via the lib.set function, allowing an attacker to cause a Denial of Service. Affected component: dref (JavaScript library). Root cause: unsafe/object recursive merge or path-based pollution enabling properties to be injected into Objec...

Malicious code in paypal-postman-lib (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=-...

MAL-2025-47594 Malicious code in paypal-postman-lib (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=-...

CVE-2025-55904

Open5GS v2.7.5, prior to commit 67ba7f92bbd7a378954895d96d9d7b05d5b64615, is vulnerable to a NULL pointer dereference when a multipart/related HTTP POST request with an empty HTTP body is sent to the SBI of either AMF, AUSF, BSF, NRF, NSSF, PCF, SMF, UDM, or UDR, resulting in a denial of service...

Malicious code in @gc-crm/gc-crm-lib (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware bf39ace819686baffe9455922e74af791567817ba9cce482693ba58166e35ed8 Any computer that has this package installed or running should be considered...

MAL-2025-47386 Malicious code in @gc-crm/gc-crm-lib (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware bf39ace819686baffe9455922e74af791567817ba9cce482693ba58166e35ed8 Any computer that has this package installed or running should be considered...

MAL-2025-47108 Malicious code in vusd-lib (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 9d7ab0e73da32b556aaa23c99dbb37d948aad1d628eb6286ac8069e1df5bf79e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in vusd-lib (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 9d7ab0e73da32b556aaa23c99dbb37d948aad1d628eb6286ac8069e1df5bf79e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Linux Distros Unpatched Vulnerability : CVE-2016-20015

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the ebuild package through smokeping-2.7.3-r1 for SmokePing on Gentoo, the initscript allows the smokeping user to gain ownership of any file, allowing for t...

CodeceptJS's incomprehensive sanitation can lead to Command Injection

CodeceptJS versions 3.5.0 through 3.7.5-beta.18 contain a command injection vulnerability in the emptyFolder function lib/utils.js. The execSync command directly concatenates the user-controlled directoryPath parameter without sanitization or escaping, allowing attackers to execute arbitrary...

armory_cli (>=0.3.3 <=0.3.28), armory_lib (>=0.1.0 <=0.3.28) +157 more potentially affected by unknown CVE via crypto-hash (=0.3.4)

crypto-hash CARGO version =0.3.4 is affected by a known vulnerability. The following packages have a transitive dependency on crypto-hash and may be impacted: - armorycli =0.3.3, =0.1.0, =0.1.0, =0.1.0, =0.10.0, =0.10.0, =0.23.0, =0.1.0, =0.5.0, =0.3.10, =0.1.0, =0.2.2, =0.6.3 and more Source cve...

MAL-2025-43329 Malicious code in @zalastax/nolb-lion-lib-2 (npm)

The package @zalastax/nolb-lion-lib-2 was found to contain malicious code...