6 matches found
MAL-2025-191155 Malicious code in wenk (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 209b9df1ab21f1d5e193a2a9e68ece62122dc7979592c1f21599dd018aebfff7 The package wenk was found to contain malicious code. Source: ghsa-malware 440c248dbbb7a7c4fb5db4f70f71b5dd51ca4287f3d4e83c7caceeab7aee2dd8 Any...
CVE-2025-54887
CVE-2025-54887 affects the Ruby library jwe (Ruby implementation of RFC 7516) in versions 1.1.0 and earlier. The auth tag of encrypted JWEs can be brute-forced, enabling modification of JWEs to yield arbitrary plaintext and potentially revealing the GHASH key, which requires rotating keys after u...
GHSA-33QR-M49Q-RXFX Compromised xrpl.js versions 4.2.1, 4.2.2, 4.2.3, 4.2.4, and 2.14.2
Impact Versions 4.2.1, 4.2.2, 4.2.3, and 4.2.4 of xrpl.js were compromised and contained malicious code designed to exfiltrate private keys. If you are using one of these versions, stop immediately and rotate any private keys or secrets used with affected systems. Version 2.14.2 is also malicious...
MAL-2024-7324 Malicious code in @zitterorg/placeat-a (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 97e140c5d10bf92587d1e454856c6c3366a04c59862e78ec07694ece8216b221 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2024-1001 Malicious code in blockledger (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 596f3b83cb6e085aeab000858462b7f8ceb37be525f283a685882a9180b6abbc Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
PT-2023-22986 · Netflix · Netflix Lemur
Name of the Vulnerable Software and Affected Versions: Netflix Lemur versions prior to 1.3.2 Description: The issue is related to Netflix Lemur using insufficiently random values when generating default credentials. This may allow an attacker to guess the credentials and gain access to resources...