Lucene search
K

11 matches found

OSV
OSV
added 2025/11/24 1:33 p.m.4 views

MAL-2025-190787 Malicious code in vite-plugin-httpfile (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6d63741ea6b6aadbc224aabf56e98c5eb7b664d7554dbb502869a97ffffb2f46 The package vite-plugin-httpfile was found to contain malicious code. Source: ghsa-malware...

6.8AI score
Exploits0References4
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/11/13 3:23 a.m.7 views

Malicious code in ariel-markdown-arcturus-terser-webpack-plugin (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7f906563d9aed4a7980a31a32bfc6ae14daf13ed46d446a279c6169602dc258e This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.9AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/11/12 4:29 a.m.4 views

Malicious code in rollup-plugin-solis-nashira-ophiuchus (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e063306d0ace405b4675d9737c8065008de10a8d47a009069e48b9c53f1b196f This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.9AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/11/12 4:29 a.m.2 views

Malicious code in xerxes-public-eslint-plugin-quantum (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector dd2d15fdd3e3f0c5477368f312b0532431a264e618e809ebbdf7474e454016b5 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.9AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/11/12 4:29 a.m.4 views

Malicious code in rollup-plugin-callisto-figures-cosmos (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a4e3ad75f95ef1ab6168c2fc7ffe683dfbcf10052f2ad2549c971e1a6e3d55b5 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.9AI score
Exploits0
OSV
OSV
added 2025/11/12 4:29 a.m.3 views

MAL-2025-146497 Malicious code in prettier-plugin-markdown-uninstall-jupiter-umbriel (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 016a965ba834659af21a9a6e5d253b93b8c12b8879febe52cc900dcf8c2a290a This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.8AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/11/12 4:29 a.m.4 views

Malicious code in quito-request-karma-html-webpack-plugin (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3c90bb0614863aef8fa9c825f50394f601085ce72fe96a6c0d37ac4d097153fc This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.9AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/09/05 5:10 p.m.4 views

Malicious code in cybernetics-callisto-commitizen-rollup-plugin (npm)

The package cybernetics-callisto-commitizen-rollup-plugin was found to contain malicious code...

7AI score
Exploits0
Cvelist
Cvelist
added 2025/05/07 5:37 p.m.17 views

CVE-2025-46824 Discourse Code Review Plugin vulnerable to XSS via auto link commits

The Discourse Code Review Plugin allows users to review GitHub commits on Discourse. Prior to commit eed3a80, an attacker can execute arbitrary JavaScript on users' browsers by posting links to malicious GitHub commits. This problem is patched in commit eed3a80 of the discourse-code-review plugin...

3.1CVSS0.00278EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/04/04 3:58 p.m.28 views

CVE-2025-32118 WordPress CMP – Coming Soon & Maintenance plugin <= 4.1.13 - Remote Code Execution (RCE) vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in NiteoThemes CMP – Coming Soon & Maintenance allows Using Malicious Files. This issue affects CMP – Coming Soon & Maintenance: from n/a through 4.1.13...

9.1CVSS7.2AI score0.00631EPSS
Exploits1References1
Prion
Prion
added 2020/05/25 11:15 p.m.15 views

Information disclosure

The Knock Knock plugin before 1.2.8 for Craft CMS allows malicious redirection...

5.8CVSS6.3AI score0.0068EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder