86 matches found
CVE-2025-59694
The Chassis Management Board in Entrust nShield Connect XC, nShield 5c, and nShield HSMi through 13.6.11, or 13.7, allows a physically proximate attacker to persistently modify firmware and influence the insecurely configured appliance boot process. To exploit this, the attacker must modify the...
MAL-2025-191463 Malicious code in initial-path (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9bdfbaf17e5ea42f67e6327f5dfe8766f8a5f8d83fb4b390fc8d780da5555187 The package initial-path was found to contain malicious code. Source: ghsa-malware 014c829694ccb06463ad706603727d070cbf38be1e103200b54c1235ccc82611 A...
Malicious code in victoria-wallet-type (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector db5621bc10f18615bd2282fd957a36730167a4e9318f35873c35258f033b2aad The package victoria-wallet-type was found to contain malicious code. Source: ghsa-malware...
Malicious code in obj-to-css (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 16c28013383e05a71d5da9d3d7c0d685a6355e42251a9527e769061e13ce54bb The package obj-to-css was found to contain malicious code. Source: ghsa-malware ada9fa1c509e4ac91c240ba95d3953b53291943071c42aa967d243bd17682078 Any...
MAL-2025-190507 Malicious code in integrator-2830 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 115be0b5028ffab5a29306a2d2d83f0f5f3dc669567f3e0615c37a1d3ebb6181 The package integrator-2830 was found to contain malicious code. Source: ghsa-malware a63fa08d4b3a438ab307f36f34faddc4f6d7f1fa928c42c3ae3318e3384748b...
CVE-2025-34501
Deck Mate 2 is distributed with static, hard-coded credentials for the root shell and web user interface, while multiple management services SSH, HTTP, Telnet, SMB, X11 are enabled by default. If an attacker can reach these interfaces - most often through local or near-local access such as...
MAL-2025-48156 Malicious code in redirect-evb9wa (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a05aa75c99ca2c7961466334cdd97f977cbf0ea50225bf63a129619c9b53771a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in redirect-zfwzmc (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f4cf8696d75e3f701c0ac6f79188258fdc6bed64f408e75f30f12f0978a5007c Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2025-48147 Malicious code in redirect-cuvccp (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 45100716d4ad002f1a6e8c6cde5c6f82e0b69ce9dcf848e37a123e187b8b263a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
PT-2025-41402
Name of the Vulnerable Software and Affected Versions Juniper Networks Junos OS versions prior to 21.4R3 Juniper Networks Junos OS versions 22.2 before 22.2R3-S3 Description An Origin Validation Error exists in a file within Juniper Networks Junos OS on EX4600 Series and QFX5000 Series. An...
Malicious code in rechxaartas (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 5fc5d0a5a306249e1d1010a8dd5e2e8e90d41a0bda538921ad3e2cec981ab6bc Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in sha256-validation-xyz (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware d087a7f065c7d1c6612320e8fc3d19957b0768a27ea56d1c6849c32193941829 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
EvilAI Operators Use AI-Generated Code and Fake Apps for Far-Reaching Attacks
Combining AI-generated code and social engineering, EvilAI operators are executing a rapidly expanding campaign, disguising their malware as legitimate applications to bypass security, steal credentials, and persistently compromise organizations worldwide...
Malicious code in what_type_of_self_indulgent_sub-par_challenge_is_this (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a3aab675be401e5fe6766b12bc5278c932ac0e97db81223ce0a5b14870dbb558 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in node-loggers (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 4d3ceb026e94d925a50747700634d96a0e709e7c3882dac41638f6578a9e7228 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in firefox-screenshots (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 7d3138a26b7ea5f91361ed825aad5e3dc068f6b6655b68dd357565767f5ed968 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in lmk (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 2038ad5438e131b27ac4909e8adaf2ed1ce6a0667a10b46ed02c33209e2708a6 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in your-published-package (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 1cffcefb87ba1dfcfc4089b98727de2186cb5179c69a0f7630c359ff62ba3546 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in kidding (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware d8ac1b9b208a68f6eb5fba2340ef58f1e62f83363b647916f6e5ac29be571f07 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in ilovingcats (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 9bbf798857d246d05c268c052e1b394b82f9a62af9af62ff888c2ff03bb2d4f6 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...