Stored Cross-Site Scripting (XSS)

decap-cms is vulnerable to Stored Cross-Site Scripting XSS. The vulnerability is due to insufficient sanitization and escaping of user-controlled input fields such as title, description, tags, and body in the admin preview pane, which allows an attacker with low-privilege access to inject...

F5 Breach Exposes BIG-IP Source Code — Nation-State Hackers Behind Massive Intrusion

U.S. cybersecurity company F5 on Wednesday disclosed that unidentified threat actors broke into its systems and stole files containing some of BIG-IP's source code and information related to undisclosed vulnerabilities in the product. It attributed the activity to a "highly sophisticated...

Malicious code in scr-database (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 3902b02c9664e32f82d280e45ac58ec3cd3bb57766bfbffdb7a11b845f20b9ab Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in andes-react-floater (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 63aced74061cbadf118f22491f4edb9450b8ab612b289b34f3b0acefd7860d61 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2025-60869

Publii CMS v0.46.5 (build 17089) is affected by a stored XSS in configuration fields (e.g., Site Description, Footer Follow Buttons). The issue arises from unsanitized input, allowing injected JavaScript to be stored in the project and executed in visitors’ browsers when viewing the generated sta...

MAL-2025-48269 Malicious code in vite-next-loggers (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 349c5908fb3c2430a77d9a6c96edebbbbda04c5d50a0826b4c0f7e8d002ba345 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in vite-configs-viewer (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware bb19ecaeacbca9e361ca15d50c99cbfa3ad023b63d06465ae2ad9d9988ab5a63 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-48246 Malicious code in mad-1.2.9.2.2.8 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware d9ee7df3c05d745488aab56d8e7e24dcc135b735d5f8b1f7a620b635e2d1514e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-48212 Malicious code in redirect-s7usff (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware faeb7411d951b4e0d7d23cff65a289f7e1fcc74c20e8b09018d465d41d490cc3 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-48156 Malicious code in redirect-evb9wa (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a05aa75c99ca2c7961466334cdd97f977cbf0ea50225bf63a129619c9b53771a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-48108 Malicious code in redirect-1hvx9g (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 811a6896f73fe5f0b353662e9cb94f319cce1d35d89c4babf11fb1431f3ea842 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-48147 Malicious code in redirect-cuvccp (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 45100716d4ad002f1a6e8c6cde5c6f82e0b69ce9dcf848e37a123e187b8b263a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in redirect-zfwzmc (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f4cf8696d75e3f701c0ac6f79188258fdc6bed64f408e75f30f12f0978a5007c Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in redirect-5cxzgs (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 82c7824f510b00329610cd86418ba60edbb31cd9ee4fe7a69481bd817d5437e7 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-48210 Malicious code in redirect-rmunkl (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f7c823e800eb5cb9b5cc10839b1971def19c6b3eff41ad1d7841688f733fbe55 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in @testcarrot/supply6 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 1879de03e36cf280adcff93d8fbfe8537bb68de7e372b70c0e6b80adbdfe21bd Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

PT-2025-41402

Name of the Vulnerable Software and Affected Versions Juniper Networks Junos OS versions prior to 21.4R3 Juniper Networks Junos OS versions 22.2 before 22.2R3-S3 Description An Origin Validation Error exists in a file within Juniper Networks Junos OS on EX4600 Series and QFX5000 Series. An...

Malicious code in redirect-297vpk (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 9517560a65a1c1bbd91a87b0d971d3e19dfd28ae7a73c8e9dbdd842907d362e2 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-48073 Malicious code in redirect-rc2ewa (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 35e1ffda65105f619c869543d8f7b50b73dff1fd865a8cbec013927540e90031 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in astra-db-recommendations-starter (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 9f406ad9e38dd12903b516bd5bc543aee1c02d1e5641d513bf0a6d1ddb9ce7f2 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...