227236 matches found
sql-injection-detector
SQL Injection Detector !testshttps://github.com/ayondey47...
MAL-2026-6096 Malicious code in requests-middleware (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cfd9564690d64c44a730b088f4295c75b36e9d2fb164e2c7aa9ec2367153ada6 The package masquerades as a typosquat of the legacy request/requests HTTP library, copying that project's README, dependencies, and source files...
Malicious code in requests-middleware (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cfd9564690d64c44a730b088f4295c75b36e9d2fb164e2c7aa9ec2367153ada6 The package masquerades as a typosquat of the legacy request/requests HTTP library, copying that project's README, dependencies, and source files...
From package to postinstall payload: Inside the Mastra npm supply chain compromise
In this article 1. Attack chain overview 1. Discovery and initial indicators 2. Dependency injection: the poisoned package.json 3. Typosquat analysis: easy-day-js 4. Staged delivery pattern 5. Obfuscation and payload analysis 6. TLS bypass to self-deletion 7. Timeline analysis 2. Mitigation and...
kali-pentest-trainer
WIFI PENTEST TRAINER Step-by-step guided pentesting GUI for Kali...
CVE-2026-45357
LiquidJS is a Shopify/GitHub Pages compatible template engine written in pure JavaScript. In versions 10.25.7 and below, the date filter's strftime implementation parses width specifiers like %9999999d and forwards the captured width unchecked into pad/padStart, leading to memory and render limit...
Crypto Clipper uses Tor and worm-like propagation for persistence and control
In this article 1. Attack chain overview 2. Mitigation and protection guidance 3. References 4. Learn more Microsoft Threat Intelligence and Microsoft Defender Experts identified a Windows-based cryptocurrency clipper that has affected users since February of 2026. Clipper malware relies on...
EUVD-2026-37827
LiquidJS is a Shopify/GitHub Pages compatible template engine written in pure JavaScript. In versions 10.25.7 and below, the date filter's strftime implementation parses width specifiers like %9999999d and forwards the captured width unchecked into pad/padStart, leading to memory and render limit...
CVE-2026-45357
CVE-2026-45357 — LiquidJS date filter (strftime) DoS via unbounded width padding . In LiquidJS
CVE-2026-45357 LiquidJS: Memory and render limit bypass via unbounded width padding in `date` filter (strftime)
LiquidJS is a Shopify/GitHub Pages compatible template engine written in pure JavaScript. In versions 10.25.7 and below, the date filter's strftime implementation parses width specifiers like %9999999d and forwards the captured width unchecked into pad/padStart, leading to memory and render limit...
DEBIAN-CVE-2026-9679
Impact: undici's cookie parser in parseSetCookie percent-decodes cookie values via qsUnescape, turning encoded sequences like %0D%0A, %00, %3B, and %3D into their literal byte equivalents. RFC 6265 §5.4 does not specify any decoding and browsers do not decode either. Applications that parse a...
DEBIAN-CVE-2026-11525
Impact: When undici parses a Set-Cookie header, it accepts any SameSite attribute value that contains Strict, Lax, or None as a substring, rather than the case-insensitive exact match specified by RFC 6265. Non-spec values are silently mapped to one of the three standard tokens. For example,...
Malicious code in dotenv-sync (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 8fa0ec08d0cd452a37bf602615f61dfbbdab27d55180f1e09f53a218b18673f5 During import, package loads embedded native extension module. This library hooks on loading, spawns a new system process and likely attempts to inject the...
MAL-2026-6082 Malicious code in dotenv-sync (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 8fa0ec08d0cd452a37bf602615f61dfbbdab27d55180f1e09f53a218b18673f5 During import, package loads embedded native extension module. This library hooks on loading, spawns a new system process and likely attempts to inject the...
Malicious code in disksweep (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 3bc79bc0cdfcad5c0e383a83f621365a84be1090e44364974ee8ec2bf1a12942 During import, package loads embedded native extension module. This library hooks on loading, spawns a new system process and likely attempts to inject the...
MAL-2026-6081 Malicious code in disksweep (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 3bc79bc0cdfcad5c0e383a83f621365a84be1090e44364974ee8ec2bf1a12942 During import, package loads embedded native extension module. This library hooks on loading, spawns a new system process and likely attempts to inject the...
Malicious code in syncagents (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 ab19812d31784aada2fb7c8165db286c96871bd8645568766ffc22c070fd3bf2 During import, package loads embedded native extension module. This library hooks on loading, spawns a new system process and likely attempts to inject the...
MAL-2026-6083 Malicious code in syncagents (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 ab19812d31784aada2fb7c8165db286c96871bd8645568766ffc22c070fd3bf2 During import, package loads embedded native extension module. This library hooks on loading, spawns a new system process and likely attempts to inject the...
CVE-2026-48821
Shaarli is a personal bookmarking service. Versions 0.16.1 and prior contain a DOM-based Cross-Site Scripting XSS vulnerability in the Thumbnail Synchronizer feature. When an administrator runs the thumbnail update process, malicious bookmark titles are returned via an AJAX response and inserted...
Malicious code in boardflow (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7a7f48df7609edb5bab9d9e572f093994d071165578a58032a69392d62b08b86 On pip install boardflow, setup.py spawns a background thread that fetches http://pooron.org/test.exe over plain HTTP into the OS temp directory and...