Malicious code in chai-as-refined (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector dc7bd5b01fccd5ef5cc96d9a4eecf5801c6b34a062718a2131d2b2abb7a93191 The package chai-as-refined was found to contain malicious code. Source: ghsa-malware 5a69e4e0dbfe130a3d5da8413eb7ad9a490dc1874ee69ef385156479b365da4...

Malicious Package

Overview chai-as-refined is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

MAL-2026-2641 Malicious code in chai-as-refined (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector dc7bd5b01fccd5ef5cc96d9a4eecf5801c6b34a062718a2131d2b2abb7a93191 The package chai-as-refined was found to contain malicious code. Source: ghsa-malware 5a69e4e0dbfe130a3d5da8413eb7ad9a490dc1874ee69ef385156479b365da4...

EUVD-2021-27038

Malware in sbrugna...

EUVD-2021-21023

Malware in sbrugna...

EUVD-2020-24001

Malware in sbrugna...

CVE-2021-3769

Vulnerability in pygmalion, pygmalion-virtualenv and refined themes Description: these themes use print -P on user-supplied strings to print them to the terminal. All of them do that on git information, particularly the branch name, so if the branch has a specially-crafted name the vulnerability...

CVE-2020-36524

A vulnerability was found in Refined Toolkit. It has been rated as problematic. Affected by this issue is some unknown functionality of the component UI-Image/UI-Button. The manipulation leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the publ...

seattlerefined.com Cross Site Scripting vulnerability OBB-3906648

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

Microsoft Warns of New 'FalseFont' Backdoor Targeting the Defense Sector

Organizations in the Defense Industrial Base DIB sector are in the crosshairs of an Iranian threat actor as part of a campaign designed to deliver a never-before-seen backdoor called FalseFont. The findings come from Microsoft, which is tracking the activity under its weather-themed moniker Peach...

Blind Eagle Hackers Return with Refined Tools and Sophisticated Infection Chain

A financially motivated threat actor tracked as Blind Eagle has resurfaced with a refined toolset and an elaborate infection chain as part of its attacks targeting organizations in Colombia and Ecuador. Check Point's latest research offers new insights into the Spanish-speaking group's tactics an...

CVE-2020-36524

A vulnerability was found in Refined Toolkit. It has been rated as problematic. Affected by this issue is some unknown functionality of the component UI-Image/UI-Button. The manipulation leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the publ...

CVE-2020-36524

A vulnerability was found in Refined Toolkit. It has been rated as problematic. Affected by this issue is some unknown functionality of the component UI-Image/UI-Button. The manipulation leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the publ...

Cross site scripting

A vulnerability was found in Refined Toolkit. It has been rated as problematic. Affected by this issue is some unknown functionality of the component UI-Image/UI-Button. The manipulation leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the publ...

CVE-2020-36524 Refined Toolkit UI-Image/UI-Button cross site scripting

A vulnerability was found in Refined Toolkit. It has been rated as problematic. Affected by this issue is some unknown functionality of the component UI-Image/UI-Button. The manipulation leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the publ...

CVE-2020-36524

CVE-2020-36524 concerns Refined Toolkit (Confluence) with a cross-site scripting vulnerability in the UI-Image/UI-Button component. Connected sources confirm the issue can be triggered remotely and that the exploit has been disclosed publicly. CNNVD cites a specific version (Refined Toolkit for C...

CVE-2021-3769

Vulnerability in pygmalion, pygmalion-virtualenv and refined themes Description: these themes use print -P on user-supplied strings to print them to the terminal. All of them do that on git information, particularly the branch name, so if the branch has a specially-crafted name the vulnerability...

CVE-2021-3769

Vulnerability in pygmalion, pygmalion-virtualenv and refined themes Description: these themes use print -P on user-supplied strings to print them to the terminal. All of them do that on git information, particularly the branch name, so if the branch has a specially-crafted name the vulnerability...

Code injection

Vulnerability in pygmalion, pygmalion-virtualenv and refined themes Description: these themes use print -P on user-supplied strings to print them to the terminal. All of them do that on git information, particularly the branch name, so if the branch has a specially-crafted name the vulnerability...

CVE-2021-3769

The CVE-2021-3769 entry concerns ohmyzsh themes pygmalion, pygmalion-virtualenv, and refined, which print user-supplied strings with print -P to the terminal. The branch name can be crafted to trigger code execution, per the description. The issue was fixed in commit b3ba9978 (ohmyzsh/ohmyzsh). A...