MAL-2025-190502 Malicious code in application-phskck (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6943455b71ad210483f41c6aad1617346d5cf05804711e7d3c08a94cd5d35084 The package application-phskck was found to contain malicious code. Source: ghsa-malware...

MAL-2025-48518 Malicious code in dist-decoder (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 9d6276f9115715018347a416b17686c81064ab130b386dacfdbe52f80bf1a2d4 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in scr-database (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 3902b02c9664e32f82d280e45ac58ec3cd3bb57766bfbffdb7a11b845f20b9ab Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in vite-configs-viewer (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware bb19ecaeacbca9e361ca15d50c99cbfa3ad023b63d06465ae2ad9d9988ab5a63 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in astra-db-recommendations-starter (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 9f406ad9e38dd12903b516bd5bc543aee1c02d1e5641d513bf0a6d1ddb9ce7f2 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in consumerweb-config (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 4eb6a4d25e1e5232ce079c43523de3b71572bb90389aabf0dbebd38837fb89f9 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in @sev-ui-verse/api (npm)

The package @sev-ui-verse/api was found to contain malicious code. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 414d159764ceef8011dcd7e75ef5fbfb99ec42da34486271031460875812f54b Any computer that has this package installed or running should be considered fully...

Malicious code in @sev-ui-verse/snackbar (npm)

The package @sev-ui-verse/snackbar was found to contain malicious code. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f92a070917a547edd5e73a9b1b800cdd1d7e726e1886a712901dc3830d831abe Any computer that has this package installed or running should be considered full...

Malicious code in dowload_ebok_grundkurs_kunstliche_intelligenz_by_wolfgang_ertel_r9sfy (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 94e9bffeeffbe35f94a97022a4515f12e36980b5cdb2152202cbe06899ed409a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in @segmentation/gf2fov (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 8cca9c2565b19f690b835370484ad318ef144e452a6bd93f7fb9461803f3b5cb Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in symphony-cryptolib (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware c8216b9fdde76a4f40936fd19fbe9a3a7d73dcf66ffdde04c6cf54ee965448b9 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in @sfdc-ogs/v1-stable (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 2cf5cb65e88f9911d818fe4538c2454d53d9f0bac558bc6bd8bb2f8f8146d2ea Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in chii-aungpao-new (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware e7612d6bbbfb9dc1ad7c5edf5f536d13eaa4e20da2e1a895caeacfb8b0e75140 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in karakeep (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 5b96143e1a337213c5ae7cdcd914230744fcb082e0645188de5f5fa18b991916 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in @loybung/inject (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a2360caebc7c178c732c57b8da900d7e303a05b8a498693b6f6449abad8fbb19 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in pipreqs (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 94775693df8241bc82973cceb421a0a3263d044d7a810c724173c0b4ada361bd Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in icloud-sod (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 528df6a9814a12abf16c70b3d096b10babfdae854b8a9952ab8ad5b69790a077 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in sw-cur (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 6b6e97eb66e9295d27e2c439734b0d7a8a4479ea22612dd7c5623827fcbb53eb Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2025-0676

This vulnerability involves command injection in tcpdump within Moxa products, enabling an authenticated attacker with console access to exploit improper input validation to inject and execute systems commands. Successful exploitation could result in privilege escalation, allowing the attacker to...

tcpdump 操作系统命令注入漏洞

tcpdump is a set of sniffing tools from Tcpdump team running under command line. The tool is mainly used for packet analysis and network traffic capture, among others. A security vulnerability exists in tcpdump, which stems from command injection and could lead to elevation of privilege and...