MAL-2026-6308 Malicious code in @lazyutil/dater (npm)

@lazyutil/dater malicious versions 0.8.1, 0.9.2, 0.9.3, and 0.9.4, published by [email protected] is a trojanized npm package belonging to the wshu.net credential-stealer campaign. The campaign published trojanized look-alike utility packages across 12+ scopes whose publisher accounts all...

Malicious code in classbreeze-utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e19daf4f946816f5ba3c6e592eacc980861b281c6752b738de57fdd31f49279d The package masquerades as a Tailwind plugin: README and the top of src/index.js are a verbatim clone of @tailwindcss/typography...

MAL-2026-5800 Malicious code in boardstep (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d23139a90bc62310843522a9f8c266cf11ec4166f7a493072bf93b7d8ec05b0c The package wires all three npm lifecycle hooks preinstall, install, postinstall in package.json to run install.js, which downloads...

MAL-2026-5395 Malicious code in @sql-trigger/nodesql (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 39e37d95fb040c83277583e2bf90b56363f86360337f1c30e63c85eb56579ada The package advertises itself as a simple SQL helper but its main entry index.js is heavily obfuscated obfuscator.io string-array + RC4 + base64,...

Malicious code in @sql-trigger/nodesql (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 39e37d95fb040c83277583e2bf90b56363f86360337f1c30e63c85eb56579ada The package advertises itself as a simple SQL helper but its main entry index.js is heavily obfuscated obfuscator.io string-array + RC4 + base64,...

Malicious code in vxui-react (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4af2c5e995ae069d3037f1310d055fac142dd6bb2ccd5ecb7e7f9a518e8022f0 On npm install, package.json's postinstall script runs curl -skL...

MAL-2026-4677 Malicious code in swift-optimizer (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5c54f35da6df5cef65715d49fb7942aff442ee9a0cb486862031e5009277db3a On npm install, [email protected] runs scripts/install-binary.js as a postinstall hook. The script is a hand-rolled JavaScript bytecode VM 123 KB...

MAL-2026-3682 Malicious code in @chahuadev/junk-sweeper-app (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3d446150767f92344d8d0a699f5879bd746200fb8beb60554408699868f03d51 The package's postinstall script package.json line 10: "postinstall": "node install.js" unconditionally fetches a platform-native executable from...

Malicious code in kube-health-tools (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 4d36d5ed9b1bc15c12e89f48c1228a4f6e3aebe558a67d535655e280b25b4440 During import, the code download and starts remote executable that later connects to a C2 server, likely establishing a reverse tunnel. After executing the...

Malicious code in pulsecord (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 025d4e33a2037fb9ad36cb4b08b122e4439bb4932b73ac6c6f403609e7e1c09e This package is prepared for silent execution of a malicious executable, with disabling AV protection. While there is no link to the malicious binary inside, t...

Gradio 数据伪造问题漏洞

Gradio, an open source Python library open sourced by Hugging Face, is a method for demonstrating machine learning models through a friendly web interface. Gradio suffers from a Data Forgery Problem vulnerability that stems from the fact that if an attacker gains access to the remote URL where th...

Reprise License Manager 14.2 Remote Binary Execution

Product: Reprise License Manager 14.2 Vendor: Reprise Software CVE ID: CVE-2021-44153 Vulnerability Title: Authenticated Remote Binary Execution Severity: High Authors: Mark Staal Steenberg, Bilal El Ghoul, Gionathan Armando Reale, Andreas Fyhn Andersen, Oliver Lind Nordestgaard Date: 2021-11-25...

Reprise License Manager 14.2 Remote Binary Execution Vulnerability

Product: Reprise License Manager 14.2 Vendor: Reprise Software CVE ID: CVE-2021-44153 Vulnerability Title: Authenticated Remote Binary Execution Severity: High Authors: Mark Staal Steenberg, Bilal El Ghoul, Gionathan Armando Reale, Andreas Fyhn Andersen, Oliver Lind Nordestgaard Introduction: Whe...

DWebPro 8.4.2 Remote Binary Execution / File Inclusion

Exploit Title: DWebPro 8.4.2 Remote Binary Execution Date: 01/10/2016 Exploit Author: Tulpa Contact: [email protected] Author website: www.tulpa-security.com Author twitter: @tulpasecurity Vendor Homepage: http://www.dwebpro.com/ Software Link: http://www.dwebpro.com/download Version: 8.4....

Microsoft Internet Explorer 11 DLL Hijacking

Abstract -------- Microsoft Internet Explorer 11 MSHTML.DLL Remote Binary Planting Vulnerability Affected Version: MSHTML.DLL 11.0.9600.18231 and probably below on Windows 7 SP1 Vendor Homepage: http://www.microsoft.com Severity: high Status: fixed CVE-ID: CVE-2016-0160 Description -----------...

ACROS Security: Remote Binary Planting in Apple Safari for Windows (ASPR #2010-09-08-1)

=====BEGIN-ACROS-REPORT===== PUBLIC ========================================================================= ACROS Security Problem Report 2010-09-08-1 ------------------------------------------------------------------------- ASPR 2010-09-08-1: Remote Binary Planting in Apple Safari for Windows...

Moovida Media Player version 2.0.0.15 Insecure DLL Hijacking Vulnerability (libc.dll,quserex.dll)

OVERVIEW The Moovida Media Player application is vulnerable to Insecure DLL Hijacking Vulnerability. Similar terms that describe this vulnerability have been come up with Remote Binary Planting, Unsafe Library Loading, and Insecure DLL Loading/Injection/Hijacking/Preloading. 2. PRODUCT...

Notepad++ version 5.7 Insecure DLL Hijacking Vulnerability

OVERVIEW The Notepad++ application is vulnerable to Insecure DLL Hijacking Vulnerability. Similar terms that describe this vulnerability have been come up with Remote Binary Planting, and Insecure DLL Loading/Injection/Hijacking/Preloading. 2. PRODUCT DESCRIPTION Based on the powerful editing...

Maxthon Browser version 2.5.15.1000 Insecure DLL Hijacking Vulnerability (dwmapi.dll)

OVERVIEW The Maxthon Browser application is vulnerable to Insecure DLL Hijacking Vulnerability. Similar terms that describe this vulnerability have been come up with Remote Binary Planting, and Insecure DLL Loading/Injection/Hijacking/Preloading. 2. PRODUCT DESCRIPTION Maxthon Browser is a...

QtWeb Browser version 3.3 build 043 Insecure DLL Hijacking Vulnerability (wintab32.dll)

OVERVIEW The QtWeb Browser application is vulnerable to Insecure DLL Hijacking Vulnerability. Similar terms that describe this vulnerability have been come up with Remote Binary Planting, and Insecure DLL Loading/Injection/Hijacking/Preloading. 2. PRODUCT DESCRIPTION QtWeb Browser is a...