Malicious code in @ing-caf/cdn-proxy-plugin (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 24ccbe0b13f81d2fe8d285bab144167d33f7b4e167833ebf615411db6d318eb6 The OpenSSF Package Analysis project identified '@ing-caf/cdn-proxy-plugin' @ 200.0.2 npm as malicious. It is considered malicious because: - Th...

Malicious code in commitlint-config-ifood (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 82ce80367972231229038d234d1114c39f459b1c4bfe4a03392a3cfa35d4454b The OpenSSF Package Analysis project identified 'commitlint-config-ifood' @ 1.95.102 npm as malicious. It is considered malicious because: - The...

Hands-on Review: Myrror Security Code-Aware and Attack-Aware SCA

Introduction The modern software supply chain represents an ever-evolving threat landscape, with each package added to the manifest introducing new attack vectors. To meet industry requirements, organizations must maintain a fast-paced development process while staying up-to-date with the latest...

Malicious code in wdpr-device-detection (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 0e68ddd57d0cced6084c7770f4e48230e223d896f927b8952e4cf5d05caa721f The OpenSSF Package Analysis project identified 'wdpr-device-detection' @ 24.7.16 npm as malicious. It is considered malicious because: - The...

Malicious code in richcolor (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 50d5904bd379a75fd43115d7339df3d79f87ec691026774160b15b8632a9f8ae Packages either test the malicious behaviour, or actually download and run a simple remote script during the installation. --- Category: PROBABLYPENTEST -...

Malicious code in bynderweb (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 4c0e459e61d88421f9f8e8abec619108bcd6e0bb8b0e6f556a442ed551cb0fa1 The OpenSSF Package Analysis project identified 'bynderweb' @ 0.0.1 npm as malicious. It is considered malicious because: - The package...

Malicious code in oddsfire-components (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware d6560345fe7b94e452865d383a96b49b27e71c7113505ddfd5306218da9648d9 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in ifl-primitives (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 6cbddd298006615ef0975b9e718d03ba67c4cf761be2dc4048648ebd2866c0fb Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in cohort_sdk_js-darwin-x64 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis abc50fadc1925fd27cf2d8f5e59cfe3992cf481db078f520b50ded4fc10f43c4 The OpenSSF Package Analysis project identified 'cohortsdkjs-darwin-x64' @ 1.0.1 npm as malicious. It is considered malicious because: - The...

Malicious code in ppreact7 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis e2ad9ded90a270baf25a460421789f5a815f2956ef05fcf3e1b96cf1b2f35eb2 The OpenSSF Package Analysis project identified 'ppreact7' @ 7.0.0 npm as malicious. It is considered malicious because: - The package...

Malicious code in qrscrappers (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis b4db14e6db692ed154ddb9d82597d24bab338cabf83121f852118001db06b92a The OpenSSF Package Analysis project identified 'qrscrappers' @ 1.0.0 npm as malicious. It is considered malicious because: - The package...

Malicious code in sys-selenium (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis a1ae15b4cab934fe2bdb8472ceb8f00edfd582688a810321e7e4814ca66cbe98 The OpenSSF Package Analysis project identified 'sys-selenium' @ 9.1.9 pypi as malicious. It is considered malicious because: - The package...

Malicious code in stripe-deep-deep (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis e7158c510e35fd6474a199140be8247cbefc73f5020d7a443927d22a7b555573 The OpenSSF Package Analysis project identified 'stripe-deep-deep' @ 1.0.1 npm as malicious. It is considered malicious because: - The package...

Malicious code in zsbpwebsdktest (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 347bc418b55e9092cd6a48ff3f93f328085fa2c4192ba6dc2c5cf062c3d10c20 The OpenSSF Package Analysis project identified 'zsbpwebsdktest' @ 9999.99.91 npm as malicious. It is considered malicious because: - The packag...

MAL-2023-2928 Malicious code in esqguiload (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx 44fab0a0f41fa9697386ebec7773a48d73e65645e85b2ee8d0e566034447bfb3 EsqueleSquad group published nearly 6000 malicious PyPi and NPM packages, executing spyware and information-stealing malware...

CVE-2017-17888

creationtimestamp| type| source ---|---|--- 2021-08-26 07:07:09+00:00| seen| MISP/abbf5767-dae4-4313-af05-b12573b4258b 2024-11-14 06:09:47+00:00| seen| MISP/00b8bda7-2b7e-4df7-bd5d-c89d45e2dfdc...

ExBB <= 0.22 (LFI/RFI) Multiple Remote Vulnerabilities

Exploit for unknown platform in category web applications ====================================================== ExBB | |||| /| / / ==================================================================================================== This is a public Exploit...