5 matches found
Malicious code in crossmint-wallets-sdk (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector dd4caebfba35b43bf10f156fe687f455e95b09a514b8644fe1a900b63f1bf78a Package name impersonates the Crossmint wallet SDK family. Both preinstall.js and index.js import childprocess, capture host identifiers hostname is...
MAL-2026-5758 Malicious code in npm-sandbox-research-8b2f (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 916280d3906e0f04caa7f46135039e4a42b03a5c96091c1555ad2ab0e86b923b On install, package.json runs postinstall: node run.js, which loads beacon scripts beacon8.js, beaconlinux.js that import childprocess, os, and http,...
Malicious code in @monitoring-lib/error-tracking (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 491603ad44ed812c3d248696b00f7d4801a4c1dc23e4f23a3bb86f2ef499616d On npm install, the preinstall lifecycle hook in package.json runs a Node one-liner that reads the installer's hostname os.hostname and username...
CVE-2025-44017
"Gunosy" App contains a vulnerability where sensitive information may be included in the application's outbound communication. If a user accesses a crafted URL, an attacker may obtain the JWT JSON Web Token...
NCH Axon PBX 跨站脚本漏洞
NCH Axon PBX is a set of virtual telephone switch software used in commercial environments. A cross-site scripting vulnerability exists in NCH Axon PBX, which stems from the failure of the product's outbound dialing plan to properly filter incoming data for special characters, which can be...