Lucene search
K

82 matches found

Snyk
Snyk
added 2026/05/04 1:43 a.m.9 views

Malicious Package

Overview tinfoil-shops is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.8AI score
Exploits0References2
OSV
OSV
added 2026/05/04 1:43 a.m.5 views

MAL-2026-3284 Malicious code in tinfoil-shops (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 12060d7ba8ada1f0215277ed3936de1f8e9f03d47430fe816b634778291d7024 The package tinfoil-shops was found to contain malicious code. Source: ghsa-malware 5fafb06ed458abc37062e49cbd57b0e5c348dba7d88d1524ca5df198216d7326...

5.8AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/04 1:43 a.m.15 views

Malicious code in tinfoil-shops (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 12060d7ba8ada1f0215277ed3936de1f8e9f03d47430fe816b634778291d7024 The package tinfoil-shops was found to contain malicious code. Source: ghsa-malware 5fafb06ed458abc37062e49cbd57b0e5c348dba7d88d1524ca5df198216d7326...

5.8AI score
Exploits0References1
Malwarebytes
Malwarebytes
added 2026/03/23 7:6 a.m.6 views

A week in security (March 16 – March 22)

Last week on Malwarebytes Labs: Could your face change what you pay? NYC wants limits on biometric tracking That "job brief" on Google Forms could infect your device A DarkSword hangs over unpatched iPhones Your tax forms sell for $20 on the dark web Researchers found font-rendering trick to hide...

5.7AI score
Exploits0
Malwarebytes
Malwarebytes
added 2026/03/18 8:51 a.m.5 views

Inside a network of 20,000+ fake shops

We mapped a sprawling fake shop operation of over 20,000 domains, dozens of shared IP addresses and identical storefronts with different names pasted on top. They exist for one purpose: to steal your payment details and personal data. The thread that ties them all together is a browser tab title...

5.7AI score
Exploits0
Malwarebytes
Malwarebytes
added 2026/02/16 8:2 a.m.6 views

A week in security (February 9 – February 15)

Last week on Malwarebytes Labs: How to find and remove credential-stealing Chrome extensions Fake shops target Winter Olympics 2026 fans Outlook add-in goes rogue and steals 4,000 credentials and payment data Child exploitation, grooming, and social media addiction claims put Meta on trial Apple...

5.6AI score
Exploits0
RedhatCVE
RedhatCVE
added 2026/01/10 5:41 a.m.4 views

CVE-2025-68890

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in hands01 e-shops e-shops-cart2 allows DOM-Based XSS.This issue affects e-shops: from n/a through = 1.0.4...

7.1CVSS5.9AI score0.00149EPSS
Exploits0References1
NVD
NVD
added 2026/01/08 10:15 a.m.8 views

CVE-2025-68890

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in hands01 e-shops e-shops-cart2 allows DOM-Based XSS.This issue affects e-shops: from n/a through = 1.0.4...

7.1CVSS0.00149EPSS
Exploits0References1
CVE
CVE
added 2026/01/08 9:17 a.m.10 views

CVE-2025-68890

CVE-2025-68890 is a DOM-based XSS in the hands01 e-shops e-shops-cart2 plugin (WordPress) caused by improper input neutralization during web-page generation, affecting versions from n/a through

7.1CVSS6AI score0.00149EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/01/08 9:17 a.m.34 views

CVE-2025-68890 WordPress e-shops plugin <= 1.0.4 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in hands01 e-shops e-shops-cart2 allows DOM-Based XSS.This issue affects e-shops: from n/a through = 1.0.4...

7.1CVSS0.00149EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/01/08 9:17 a.m.3 views

CVE-2025-68890 WordPress e-shops plugin <= 1.0.4 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in hands01 e-shops e-shops-cart2 allows DOM-Based XSS.This issue affects e-shops: from n/a through = 1.0.4...

7.1CVSS6AI score0.00149EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/01/08 12:0 a.m.7 views

PT-2026-1928

Name of the Vulnerable Software and Affected Versions hands01 e-shops e-shops-cart2 versions through 1.0.4 Description The software contains an Improper Neutralization of Input During Web Page Generation issue, leading to a DOM-Based Cross-Site Scripting XSS condition. The issue allows for the...

6.1CVSS5.9AI score0.00149EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/01/08 12:0 a.m.5 views

WordPress plugin e-shops 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...

7.1CVSS5.9AI score0.00149EPSS
Exploits0References1
Patchstack
Patchstack
added 2025/12/30 6:14 a.m.8 views

WordPress e-shops plugin <= 1.0.4 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Nguyen Xuan Chien in WordPress Plugin e-shops versions = 1.0.4...

6.1CVSS6.1AI score0.00149EPSS
Exploits0Affected Software1
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2022-4525

Malicious code in bioql PyPI...

9.8CVSS9.1AI score0.01576EPSS
Exploits1References6
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2024-45583

Malicious code in bioql PyPI...

7.1CVSS6.4AI score0.00206EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 4:1 p.m.9 views

CVE-2020-21809

SQL Injection vulnerability in NukeViet CMS module Shops 4.0.29 and 4.3 via the 1 listid parameter in detail.php and the 2 groupprice or groupid parameters in searchresult.php...

9.8CVSS8.1AI score0.01576EPSS
Exploits1
HackRead
HackRead
added 2025/05/02 10:1 a.m.20 views

200+ Fake Retail Sites Used in New Wave of Subscription Scams

Bitdefender uncovers a massive surge in sophisticated subscription scams disguised as online shops and evolving mystery boxes. Learn…...

7.3AI score
Exploits0
RedhatCVE
RedhatCVE
added 2025/02/05 3:13 a.m.5 views

CVE-2024-51648

Cross-Site Request Forgery CSRF vulnerability in hands01 e-shops e-shops-cart2 allows Reflected XSS.This issue affects e-shops: from n/a through = 1.0.3...

7.1CVSS5.9AI score0.00206EPSS
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/02/03 9:1 a.m.3 views

Malicious code in zapier-shops-orders (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a081d17e6a916052da5d5af10b083f443f0713f3a687feb4186d21737b7c74b9 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.9AI score
Exploits0References1
Rows per page
Query Builder