Malicious code in @cloudplatform-single-spa/ml-ai-agents-marketplace (npm)

Part of a dependency confusion attack campaign targeting the @cloudplatform-single-spa and @mlspace npm scopes. The attacker npm user mr.4nd3r50n published 139 scoped packages at the inflated version 99.99.99, which resolves ahead of any private registry version via npm's default version...

Malicious code in @car-loans/general-analytics (npm)

Part of a dependency confusion attack campaign targeting the @car-loans, @fb-deposit, and @debit-ib npm scopes. The attacker npm user pik-libs published 25 scoped packages at the inflated version 99.99.99, which resolves ahead of any private registry version via npm's default version resolution,...

MAL-2026-4993 Malicious code in @cloudplatform-single-spa/timescale-db (npm)

Part of a dependency confusion attack campaign targeting the @cloudplatform-single-spa and @mlspace npm scopes. The attacker npm user mr.4nd3r50n published 139 scoped packages at the inflated version 99.99.99, which resolves ahead of any private registry version via npm's default version...

Malicious Package

Overview jsx-dev-runtime is a malicious package. This package was recognized as part of the 'PhantomRaven' supply chain campaign, which involves credential-stealing malware. The package impersonates well-known ecosystem plugins to deceive developers into installing it. Malicious Behavior The...

Malicious Package

Overview jam3 is a malicious package. This package was recognized as part of the 'PhantomRaven' supply chain campaign, which involves credential-stealing malware. The package impersonates well-known ecosystem plugins to deceive developers into installing it. Malicious Behavior The package uses...

Exploit for Code Injection in Vmware Spring_Cloud_Data_Flow

CVE-2024-37084-Poc Setup ,Analysis , Demo exploit and poc abou...

Link Preload XSS bypass

Description Link preloads still do not effectively confirm if the requested link is external. This is a bypass to the fix for CVE-2022-4414. Root Cause The getPayloadURL function was adapted after the disclosure to use the browsers built in URL parser to properly check for a valid URL. This is a...

Exploit for CVE-2022-30190

Follina-CVE-2022-30190 Proof of Concept by Nee Usage ba...

Greenmart < 2.5.2 - Unauthenticated Reflected Cross-Site Scripting (XSS)

Due to an incomplete fix of CVE-2020-16140 see https://wpscan.com/vulnerability/10444, the reflected XSS attack is still possible on unauthenticated users, by extracting the searchnonce from the source of the homepage and adding it to the original payload. This is possible because WP nonces are...

CVE-2018-16130

System command injection in requestmitv in Xiaomi Mi Router 3 version 2.22.15 allows attackers to execute arbitrary system commands via the "payload" URL parameter...

Exploit for CVE-2017-8570

Introduction By Temesgen Yibeltal [email protected] Bas...

Oracle Forms and Reports 11.1 - Remote Exploit

No description provided by source. !/usr/bin/env ruby Exploit Title: Oracle Reports 11.1 About: Automated exploit for CVE-2012-3153/CVE-2012-3152 Google Dork: inurl:/reports/rwservlet/ Date: 01/28/2014 Exploit Author: Mekanismen [email protected] Credits to: @misssudo for initial disclosure...