Lucene search
K

12 matches found

Positive Technologies
Positive Technologies
added 2026/05/22 12:0 a.m.12 views

PT-2026-42727

The Location Weather plugin for WordPress is vulnerable to unauthorized modification of data due to missing capability checks on the splw update block options and lwp clean weather transients functions in all versions up to, and including, 3.0.2. This makes it possible for authenticated attackers...

4.3CVSS5.8AI score0.00248EPSS
Exploits0References7
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2025-29228

Malicious code in bioql PyPI...

8.8CVSS6.3AI score0.00378EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.39 views

EUVD-2025-29241

Malicious code in bioql PyPI...

8.8CVSS6.3AI score0.00378EPSS
Exploits0References5
OSV
OSV
added 2025/09/15 11:58 p.m.3 views

GHSA-6JP5-HH4C-8C5H [email protected] contains malware after npm account takeover

Impact On 8 September 2025, an npm publishing account for error-ex was taken over after a phishing attack. Version 1.3.3 was published, functionally identical to the previous patch version, but with a malware payload added attempting to redirect cryptocurrency transactions to the attacker's own...

8.8CVSS6.7AI score0.00378EPSS
Exploits0References7
Github Security Blog
Github Security Blog
added 2025/09/15 11:32 p.m.11 views

[email protected] contains malware after npm account takeover

Impact On 8 September 2025, the npm publishing account for color-convert was taken over after a phishing attack. Version 3.1.1 was published, functionally identical to the previous patch version, but with a malware payload added attempting to redirect cryptocurrency transactions to the attacker's...

8.8CVSS6.6AI score0.00378EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
added 2025/09/15 9:29 p.m.11 views

[email protected] contains malware after npm account takeover

Impact On 8 September 2025, the npm publishing account for color was taken over after a phishing attack. Version 5.0.1 was published, functionally identical to the previous patch version, but with a malware payload added attempting to redirect cryptocurrency transactions to the attacker's own...

8.8CVSS6.7AI score0.00378EPSS
Exploits0References7Affected Software1
NVD
NVD
added 2025/09/15 8:15 p.m.8 views

CVE-2025-59162

color-convert provides plain color conversion functions in JavaScript. On 8 September 2025, the npm publishing account for color-convert was taken over after a phishing attack. Version 3.1.1 was published, functionally identical to the previous patch version, but with a malware payload added...

8.8CVSS0.00378EPSS
Exploits0References5
NVD
NVD
added 2025/09/15 8:15 p.m.4 views

CVE-2025-59140

backlash parses collected strings with escapes. On 8 September 2025, the npm publishing account for backslash was taken over after a phishing attack. Version 0.2.1 was published, functionally identical to the previous patch version, but with a malware payload added attempting to redirect...

8.8CVSS0.00378EPSS
Exploits0References5
CVE
CVE
added 2025/09/15 7:10 p.m.21 views

CVE-2025-59143

Summary (CVE-2025-59143) : The issue affects the npm package color ([email protected]). An account takeover via phishing allowed an attacker to publish a malicious patch that inserts a payload in the browser context to redirect cryptocurrency transactions to attacker-owned addresses (e.g., wallets like...

8.8CVSS6.5AI score0.00378EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2025/09/15 7:10 p.m.2 views

CVE-2025-59143 [email protected] contains malware after npm account takeover

color is a Javascript color conversion and manipulation library. On 8 September 2025, the npm publishing account for color was taken over after a phishing attack. Version 5.0.1 was published, functionally identical to the previous patch version, but with a malware payload added attempting to...

8.8CVSS6.5AI score0.00378EPSS
Exploits0References5
OSV
OSV
added 2025/09/15 7:9 p.m.5 views

CVE-2025-59141 [email protected] contains malware after npm account takeover

simple-swizzle swizzles function arguments. On 8 September 2025, the npm publishing account for simple-swizzle was taken over after a phishing attack. Version 0.2.3 was published, functionally identical to the previous patch version, but with a malware payload added attempting to redirect...

8.8CVSS6.9AI score0.00378EPSS
Exploits0References7
OSV
OSV
added 2025/09/15 7:9 p.m.4 views

CVE-2025-59140 [email protected] contains malware after npm account takeover

backlash parses collected strings with escapes. On 8 September 2025, the npm publishing account for backslash was taken over after a phishing attack. Version 0.2.1 was published, functionally identical to the previous patch version, but with a malware payload added attempting to redirect...

8.8CVSS7AI score0.00378EPSS
Exploits0References7
Rows per page
Query Builder