MAL-2025-7172 Malicious code in @crabas0npm/amet-vel-nulla (npm)

The package @crabas0npm/amet-vel-nulla was found to contain malicious code...

MAL-2025-13495 Malicious code in @zalastax/nolb-quad (npm)

The package @zalastax/nolb-quad was found to contain malicious code...

MAL-2023-5590 Malicious code in py-reencode (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx 45bd9c02650a7241e7805a1fb4864673ecf7eacfe646408dcc1f2da120128ded EsqueleSquad group published nearly 6000 malicious PyPi and NPM packages, executing spyware and information-stealing malware...

CVE-2023-23617 OpenMage LTS has DoS vulnerability in MaliciousCode filter

OpenMage LTS is an e-commerce platform. Versions prior to 19.4.22 and 20.0.19 contain an infinite loop in malicious code filter in certain conditions. Versions 19.4.22 and 20.0.19 have a fix for this issue. There are no known workarounds...

GHSA-3P73-MM7V-4F6M DoS vulnerability in MaliciousCode filter

Impact Infinite loop in malicious code filter in certain conditions. Workarounds None...

DoS vulnerability in MaliciousCode filter

Impact Infinite loop in malicious code filter in certain conditions. Workarounds None...

MAL-2022-1241 Malicious code in azure-arm-datafactory-samples (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 89a470850ee7f3521c35471ba1572d1529aa99647c9d09e8bb060f4b354f0226 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2021-46117

jpress 4.2.0 is vulnerable to remote code execution via io.jpress.module.page.PageNotifyKitdoSendEmail. The admin panel provides a function through which attackers can edit the email templates and inject some malicious code...

Open-Xchange: [XSS] Mail <style> v2.0

Hi. New way for 269116. Testing rev17. OX check data before remove / /, therefore a filter bypass: html .a font-family: ; font-family: ; font-family: ; For example: json "content": ".a font-family: ", Result: html ox-c3a5f76596 .ox-c3a5f76596-a font-family: Impact malicious code injection...

使用非官方渠道 Xcode 开发 App 造成的后门 (XcodeGhost)

经过对存在问题的应用进行 http 请求包进行抓取结果如下图 可以发现往 http://init.icloud-analysis.com 以POST的方式发送了数据, 而上述url则正是被爆出用于恶意收集用户信息的url 同时，XcodeGhost 病毒还可以在未越狱的 iPhone 上伪造弹窗进行钓鱼攻击，其生成的对话窗口仿真度非常高，很难辨别，因此用户如果在之前输入过iTunes密码，那么一定要尽快进行修改。 受影响部分应用列表： 微信IOS - 6.2.5 12306 - 2.12 滴滴出行 - 4.0.0.6 滴滴打车 - 3.9.7 高德地图 - 7.3.8 同花顺 -...