32 matches found
EUVD-2025-76068
Malicious code in pancake-notthedevs npm...
EUVD-2020-17584
Malware in sbrugna...
EUVD-2024-45112
Malicious code in bioql PyPI...
MAL-2025-8366 Malicious code in @lbnqduy2180500/silver-octo-pancake (npm)
The package @lbnqduy2180500/silver-octo-pancake was found to contain malicious code...
Malicious code in @lbnqduy2180500/silver-octo-pancake (npm)
The package @lbnqduy2180500/silver-octo-pancake was found to contain malicious code...
Malicious code in pancake_connect (npm)
The package pancakeconnect was found to contain malicious code...
Malicious code in pancake_uniswap_validators_utils_snipe (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 791d7ac8f5692ffcb4db92ed0986a9f6c422640fbbe19c1522dbbc0f813aaeb4 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
CVE-2020-24876
Use of a hard-coded cryptographic key in Pancake versions 4.13.29 allows an attacker to forge session cookies, which may lead to remote privilege escalation...
CVE-2024-50552
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in jasonpancake Hover Video Preview hover-video-preview allows Stored XSS.This issue affects Hover Video Preview: from n/a through = 1.0.2...
CVE-2024-50552
CVE-2024-50552: WordPress Hover Video Preview plugin versions 1.0.2 and earlier are affected by a Stored XSS due to improper neutralization of input during web page generation. The connected sources consistently describe this as a Stored XSS vulnerability in Hover Video Preview (CVE-2024-50552); ...
PT-2024-34331 · Unknown · Jason Pancake Hover Video Preview
Name of the Vulnerable Software and Affected Versions: Jason Pancake Hover Video Preview versions 1.0.2 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, allowing Stored XSS. This means that an attacke...
olneypancakerace.org Cross Site Scripting vulnerability OBB-3285260
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
Malicious Package
Overview pancake-cake-vault is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this packag...
Malicious Package
Overview gatsby-pancake-api is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this packag...
Malicious Package
Overview pancake-info-api is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this package...
Malicious Package
Overview pancake-lottery-scheduler is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this...
Malicious code in pancake-info-api (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 0443a608b4568e8dc8b0e39a3b58804dac2a63c570a30f7752c5ca6ba41ce8d2 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2022-5202 Malicious code in pancake-info-api (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 0443a608b4568e8dc8b0e39a3b58804dac2a63c570a30f7752c5ca6ba41ce8d2 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in gatsby-pancake-api (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 90ceffb30b37291bb6ed204298f0beeb2f64c2ea30997c21d3c63501f9c1f5e7 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2022-5203 Malicious code in pancake-lottery-scheduler (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 2f9afc5285dfcaaba15d9a85dce9d0f13865eb7b05f956012a289899817b0bb4 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...