59 matches found
MAL-2026-4248 Malicious code in solna-web3 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6076f4236301f997d420c7daba9b12c035fe2866fa9fa42f59be230b5e90350a Package name 'solna-web3' is a one-character typosquat of the popular '@solana/web3.js' drops the 'a' from 'solana'. The package's only real...
Spring Boot DevTools remote secret comparison is vulnerable to timing attacks
An attacker on the same network as the remote application may be able to utilize a timing attack to discover information about the remote secret. In extreme circumstances this could result in the attacker determining the secret and uploading changed classes, thereby achieving remote code executio...
GHSA-56V8-86GJ-66JP Spring Boot DevTools remote secret comparison is vulnerable to timing attacks
An attacker on the same network as the remote application may be able to utilize a timing attack to discover information about the remote secret. In extreme circumstances this could result in the attacker determining the secret and uploading changed classes, thereby achieving remote code executio...
CVE-2026-40972
An attacker on the same network as the remote application may be able to utilize a timing attack to discover information about the remote secret. In extreme circumstances this could result in the attacker determining the secret and uploading changed classes, thereby achieving remote code executio...
CVE-2026-40972
An attacker on the same network as the remote application may be able to utilize a timing attack to discover information about the remote secret. In extreme circumstances this could result in the attacker determining the secret and uploading changed classes, thereby achieving remote code executio...
CVE-2026-40972
An attacker on the same network as the remote application may be able to utilize a timing attack to discover information about the remote secret. In extreme circumstances this could result in the attacker determining the secret and uploading changed classes, thereby achieving remote code executio...
CVE-2026-40972
The CVE-2026-40972 involves a Timing Attack on the DevTools remote secret comparison in Spring Boot. An attacker on the same network can measure timing differences when the remote secret is compared, enabling character-by-character deduction of the secret. In extreme cases this could allow upload...
EUVD-2026-25936
An attacker on the same network as the remote application may be able to utilize a timing attack to discover information about the remote secret. In extreme circumstances this could result in the attacker determining the secret and uploading changed classes, thereby achieving remote code executio...
CVE-2026-40972
An attacker on the same network as the remote application may be able to utilize a timing attack to discover information about the remote secret. In extreme circumstances this could result in the attacker determining the secret and uploading changed classes, thereby achieving remote code executio...
PT-2026-35540
An attacker on the same network as the remote application may be able to utilize a timing attack to discover information about the remote secret. In extreme circumstances this could result in the attacker determining the secret and uploading changed classes, thereby achieving remote code executio...
Malicious code in @emilgroup/billing-sdk (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 91fdd5297b7532183f2b29871b23802ced24b046c92f2826618bc083dd243620 The package @emilgroup/billing-sdk was found to contain malicious code. Source: ghsa-malware...
MAL-2026-1472 Malicious code in n8n-nodes-xml-utils (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 72bcfbf156c4f649a0f1bee9fe86ea767c5ff6edb02fca89a95569143d7ebf96 The package n8n-nodes-xml-utils was found to contain malicious code. Source: ghsa-malware...
Malicious code in syntax-class-constructor-call (npm)
The package 'syntax-class-constructor-call' is part of the PhantomRaven supply chain attack campaign Wave 3. It uses a Remote Dynamic Dependency RDD technique: the published package appears benign but includes a URL-based dependency in package.json pointing to an attacker-controlled C2 server...
MAL-2026-1115 Malicious code in chai-vest (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b92343f543acb60949d618ec06160013b1536a63f3db5431a4e24b1eaac2ccae The package chai-vest was found to contain malicious code. Source: ghsa-malware 2d3a82ac6f8ebd7b7eba324f04e78d43fccef2f3ddf20c24014f4768dc50731d Any...
Malicious code in researchpoc (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7ee8d68b9386bf55de2d3ed033493507ee88db166ae46345172ba93d938f3a27 The package researchpoc was found to contain malicious code. Source: ghsa-malware 912631f8dc76f3b4ddae075966fd902e7ab19c0799a0cd29b0c9ece7d79cd1ce An...
MAL-2026-73 Malicious code in chai-as-required (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1d4e11cf62bfc3ebf38053f2a9100239db0bc6e3069a4cd202f4469c5095cacf The package chai-as-required was found to contain malicious code. Source: ghsa-malware 6fc3ec9f20ee6a20fa8c22b25629b78558ca88fca81f4b25f414ad2eb13dcb...
MAL-2025-192563 Malicious code in sd-pay-ts (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7543455a42022174e965eac8f842494f5ad7eb1e0755dfd01035529d63d7a5ff The package sd-pay-ts was found to contain malicious code. Source: ghsa-malware c21a3fe3b0a1df838e4d8b768b5dcc2cf3831bea34c8527fd9e8493ab480bdd7 Any...
CVE-2025-13948
The CVE-2025-13948 entry concerns opsre go-ldap-admin (up to 20251011) with an issue in the JWT Handler’s docs/docker-compose/docker-compose.yaml processing. Manipulating the argument secret key can lead to use of a hard-coded cryptographic key, enabling remote attack. Exploitation details beyond...
MAL-2025-49366 Malicious code in mojio-client-lite (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5fea28b1c502ade1afb436a22ffc2bd83e1c413dd85b274370f805ec0760be91 The package mojio-client-lite was found to contain malicious code. Source: ghsa-malware...
MAL-2025-49361 Malicious code in react-notifications-alert (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1fbe66f8e85ad0ad7c2682e9640e0f2a48344bcef9beeaa8de12e5e687744acf The package react-notifications-alert was found to contain malicious code. Source: ghsa-malware...