22 matches found
Malicious code in lwc-components-lightning (npm)
The package lwc-components-lightning was found to contain malicious code...
Malicious code in eslint-plugin-lwc (npm)
The package eslint-plugin-lwc was found to contain malicious code...
MAL-2025-19857 Malicious code in eslint-plugin-lwc (npm)
The package eslint-plugin-lwc was found to contain malicious code...
Malicious code in lwc-recipes (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 92235263cd97e4d59a59394c77aeabcc20e347bda974b68b18072cf74295f12c Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2025-2605 Malicious code in lwc-recipes (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 92235263cd97e4d59a59394c77aeabcc20e347bda974b68b18072cf74295f12c Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in lwc-monorepo (npm)
--- -= Per source details. Do not edit below this line.=-...
MAL-2024-2643 Malicious code in lwc-monorepo (npm)
--- -= Per source details. Do not edit below this line.=-...
MAL-2024-75 Malicious code in lwc-jest-serializer (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware c88fb0df21e3f633176d1aa6411b5fa4bb5175518fe00ea39ededf35bf8823de Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in lwc-jest-serializer (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware c88fb0df21e3f633176d1aa6411b5fa4bb5175518fe00ea39ededf35bf8823de Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious Package
Overview @sfdc-www/hgf-lwc-components is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if...
Malicious code in lwc-playground (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 98e335481687ce6c9f293923692ec4f19da6a49f4d5fe8c014625761fe5a23cd Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2022-4430 Malicious code in lwc-playground (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 98e335481687ce6c9f293923692ec4f19da6a49f4d5fe8c014625761fe5a23cd Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious Package
Overview lwc-playground is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this package wa...
Malicious code in lwc-modules-foo (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 46d862b5923de09847e190714fa9981eb4f6d65f46e1c7cddbf6f840663d8534 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2022-4429 Malicious code in lwc-modules-foo (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 46d862b5923de09847e190714fa9981eb4f6d65f46e1c7cddbf6f840663d8534 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in jest-utils-lwc-internals (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 7c648c3492e79706f76e42a3e0ee3bf0d79e36fc2996157477622d919419e8f0 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2022-4016 Malicious code in jest-utils-lwc-internals (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 7c648c3492e79706f76e42a3e0ee3bf0d79e36fc2996157477622d919419e8f0 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in lwc-modules-bar (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 24f9cd6a5a72506e73b8e308c027eaa27aa5e3828f3a8d5674d1d012382e714f Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
CVE-2006-1252
Eval injection vulnerability in cal.php in Light Weight Calendar LWC 1.0 allows remote attackers to execute arbitrary PHP code via the date parameter to index.php...
CVE-2006-1252
CVE-2006-1252 affects Light Weight Calendar (LWC) 1.0, where an eval injection in cal.php allows remote attackers to execute arbitrary PHP code via the date parameter to index.php. This is a remote code execution vulnerability with CVSSv2 base score 7.5 (HIGH) and network attack vector with no au...