25 matches found
MAL-2026-4950 Malicious code in @cloudplatform-single-spa/mlspace-access-request (npm)
Part of a dependency confusion attack campaign targeting the @cloudplatform-single-spa and @mlspace npm scopes. The attacker npm user mr.4nd3r50n published 139 scoped packages at the inflated version 99.99.99, which resolves ahead of any private registry version via npm's default version...
MAL-2026-4468 Malicious code in @wengine-ai/claude-code-router-shared (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 45e362000d036139e02a066a82ec157314a07796e0e855cdce184cc081ca4591 dist/index.js line 14 issues a fetch call to https://pub-0dc3e1677e894f07bbea11b17a29e032.r2.dev, an anonymous Cloudflare R2 bucket, and references...
CVE-2023-42508 JFrog Artifactory Improper header input validation leads to email manipulation sent from the platform
JFrog Artifactory prior to version 7.66.0 is vulnerable to specific endpoint abuse with a specially crafted payload, which can lead to unauthenticated users being able to send emails with manipulated email body...
Unfixed XSS vulnerability at www.84cafe.com
Security researcher kusomiso.com, has submitted on 07/10/2007 a cross-site-scripting XSS vulnerability affecting www.84cafe.com, which at the time of submission ranked 6769797 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 07/10/2007. It is...
Unfixed XSS vulnerability at www.erenet.us
Security researcher St@rExT, has submitted on 15/03/2007 a cross-site-scripting XSS vulnerability affecting www.erenet.us, which at the time of submission ranked 325519 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 15/03/2007. It is currently...