EUVD-2023-0944

Malicious code in bioql PyPI...

EUVD-2023-36925

Malicious code in bioql PyPI...

EUVD-2024-50843

Malicious code in bioql PyPI...

EUVD-2024-0352

Malicious code in bioql PyPI...

EUVD-2023-40424

Malicious code in bioql PyPI...

EUVD-2023-1742

Malicious code in bioql PyPI...

EUVD-2021-30698

Malicious code in bioql PyPI...

EUVD-2025-25596

Malicious code in bioql PyPI...

EUVD-2024-36469

Malicious code in bioql PyPI...

EUVD-2024-1173

Malicious code in bioql PyPI...

EUVD-2024-0942

Malicious code in bioql PyPI...

EUVD-2024-1797

Malicious code in bioql PyPI...

EUVD-2023-0939

Malicious code in bioql PyPI...

EUVD-2025-23381

Malicious code in bioql PyPI...

EUVD-2023-3077

Malicious code in bioql PyPI...

EUVD-2025-6735

Malicious code in bioql PyPI...

EUVD-2023-27719

Malicious code in bioql PyPI...

CVE-2025-34197 Vasion Print (formerly PrinterLogic) Undocumented Local Account with Hardcoded Password and Passwordless sudo

Vasion Print formerly PrinterLogic Virtual Appliance Host versions prior to 22.0.951, Application prior to 20.0.2368 VA and SaaS deployments contain an undocumented local user account named ubuntu with a preset password and a sudoers entry granting that account passwordless root privileges ubuntu...

[email protected] contains malware after npm account takeover

Impact On 8 September 2025, an npm publishing account for is-arrayish was taken over after a phishing attack. Version 0.3.3 was published, functionally identical to the previous patch version, but with a malware payload added attempting to redirect cryptocurrency transactions to the attacker's ow...

[email protected] contains malware after npm account takeover

Impact On 8 September 2025, the npm publishing account for color-convert was taken over after a phishing attack. Version 3.1.1 was published, functionally identical to the previous patch version, but with a malware payload added attempting to redirect cryptocurrency transactions to the attacker's...