MAL-2026-4188 Malicious code in @limebike/supreme (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4f65cdcb27200e24464982c0678d9dd556342d53886e4d5378da5d9c664fe1c7 Both preinstall and postinstall lifecycle hooks in package.json execute index.js, which collects the installer's hostname, non-internal network...

Malicious code in mongos-api (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f6580043c6aae1e9b2a53c9656a14b094f0e3b00ea7728457e4f2f2e46458358 The package mongos-api was found to contain malicious code. Source: ghsa-malware 7bf084b38089206dc3a1aea5fa3a424ca23992e8a695031b17b8a2bb85fd491d Any...

Malicious code in magento-coding-standard-eslint-plugin (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 181566f148b6cac8ad613b2942849254b7a6968bbe5e16a9d009aaa8e4184b25 The package magento-coding-standard-eslint-plugin was found to contain malicious code. Source: ghsa-malware...

GhostFrame phishing kit fuels widespread attacks against millions

GhostFrame is a new phishing-as-a-service PhaaS kit, tracked since September 2025, that has already powered more than a million phishing attacks. Threat analysts spotted a series of phishing attacks featuring tools and techniques they hadn't seen before. A few months later, they had linked over a...

EUVD-2023-51320

Malicious code in bioql PyPI...

EUVD-2024-37071

Malicious code in bioql PyPI...

Pulse-Level Simulation of Crosstalk Attacks on Superconducting Quantum Hardware

Hardware crosstalk in multi-tenant superconducting quantum computers poses a severe security threat, allowing adversaries to induce targeted errors across tenant boundaries by injecting carefully engineered pulses. We present a simulation-based study of active crosstalk attacks at the pulse level...

MAL-2025-5864 Malicious code in symphony-cryptolib (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware c8216b9fdde76a4f40936fd19fbe9a3a7d73dcf66ffdde04c6cf54ee965448b9 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2024-38753

Cross-Site Request Forgery CSRF vulnerability in Labib Ahmed Animated Rotating Words css3-rotating-words allows Cross Site Request Forgery.This issue affects Animated Rotating Words: from n/a through = 5.6...

CVE-2023-47187

Missing Authorization vulnerability in Labib Ahmed Animated Rotating Words css3-rotating-words allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Animated Rotating Words: from n/a through = 5.4...

MAL-2025-2108 Malicious code in kitchensink-ui-base (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 57dd46442eabdf4fcd3affcfd4b7ef777c2229b46845426429e6277a99fe8f9d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in accept-a-payment (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 1d066801593b468617494b166d230eba3bfc7df3e454f9125333718ef42f6953 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2024-38753

Cross-Site Request Forgery CSRF vulnerability in Labib Ahmed Animated Rotating Words css3-rotating-words allows Cross Site Request Forgery.This issue affects Animated Rotating Words: from n/a through = 5.6...

CVE-2023-47187

Missing Authorization vulnerability in Labib Ahmed Animated Rotating Words css3-rotating-words allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Animated Rotating Words: from n/a through = 5.4...

CVE-2024-38753 WordPress Animated Rotating Words Plugin <= 5.6 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in Labib Ahmed Animated Rotating Words css3-rotating-words allows Cross Site Request Forgery.This issue affects Animated Rotating Words: from n/a through = 5.6...

CVE-2024-38753 WordPress Animated Rotating Words Plugin <= 5.6 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in Labib Ahmed Animated Rotating Words css3-rotating-words allows Cross Site Request Forgery.This issue affects Animated Rotating Words: from n/a through = 5.6...

CVE-2024-38753

CVE-2024-38753 is a CSRF vulnerability affecting the WordPress plugin Animated Rotating Words (Labib Ahmed) up to version 5.6. The available sources confirm CSRF exposure but do not provide exploit details or remediation specifics. CVSS v3.1 metrics show base score 4.3 (Impact: Integrity Low; Ava...

WordPress plugin Animated Rotating Words 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site request forgery vulnerability...

PT-2025-1532 · Unknown · Labib Ahmed Animated Rotating Words

Name of the Vulnerable Software and Affected Versions: Labib Ahmed Animated Rotating Words versions through 5.4 Description: The issue is related to a Missing Authorization vulnerability, which allows exploiting incorrectly configured access control security levels. Recommendations: For versions...

WordPress plugin Animated Rotating Words 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...