1513 matches found
ZimaOS <= v1.2.4 - Sensitive Information Disclosure
ZimaOS is a fork of CasaOS, an operating system for Zima devices and x86-64 systems with UEFI. In version 1.2.4 and all prior versions, the API endpoints in ZimaOS, such as http:///v1/users/image?path=/var/lib/casaos/1/apporder.json and http:///v1/users/image?path=/var/lib/casaos/1/system.json,...
Malicious code in carousel-controller-mixin (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c1a4b1be297682ca77d8a92fc502887ee6d718a5541fa88413acdc6accb3ed97 package.json declares both preinstall and postinstall hooks that execute callback.js on every install. callback.js collects username, uid, hostname,...
MAL-2026-5856 Malicious code in carousel-controller-mixin (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c1a4b1be297682ca77d8a92fc502887ee6d718a5541fa88413acdc6accb3ed97 package.json declares both preinstall and postinstall hooks that execute callback.js on every install. callback.js collects username, uid, hostname,...
Malicious code in intel-ai-safety (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 7bafa4e952ec2e2db6e164f8bf385088c38438396f02f8096c28a6105878e729 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...
Malicious code in vault-strategies (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6b7037d9efc65a0885cc000a92c46ea9bed2097d02c8fb2883ceaa3eb2fd5eeb On npm install, the package's preinstall hook preinstall: node postinstall.js || true executes postinstall.js, which enumerates process.env and filte...
Malicious code in sys-info-cli-app (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1423c435a0e9e86338dd64d138fb1697580751ade2b7486880e21785e1b3eb47 The package's collect.js gathers host identifiers os.hostname, os.homedir along with filesystem and childprocess introspection and POSTs them to a...
Malicious code in @achuthvp/postinstall-poc (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c3dc0d7b5fc216ae117dda9c492a6bbdff46e49ab53f069c2d525dab001bcdb9 package.json declares scripts.postinstall = node postinstall.js. On every npm install, postinstall.js runs execSync'id' and POSTs a JSON body...
MAL-2026-5741 Malicious code in @achuthvp/postinstall-poc (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c3dc0d7b5fc216ae117dda9c492a6bbdff46e49ab53f069c2d525dab001bcdb9 package.json declares scripts.postinstall = node postinstall.js. On every npm install, postinstall.js runs execSync'id' and POSTs a JSON body...
Malicious code in flexitest (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 17f4bae10d193f8128f50dd3010d283dc89016fa468fc8d9b428b5183c505b27 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...
📄 FortiSandbox 4.4.7 Authentication Bypass / Command Injection
This Metasploit auxiliary scanner module is designed to collect system and environment information from vulnerable FortiSandbox instances by leveraging two disclosed vulnerabilities: an authentication bypass and a command injection flaw. The module supports multiple collection modes, including...
Malicious code in backup-my-data (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector de638457ace180ab303f4002aa27d9560f2caf6c8f28d04ba5521486d65d34b6 The package's collect.js loads childprocess, fs, os, http and https, gathers host identifiers via os.hostname and os.homedir, enumerates filesystem...
MAL-2026-5603 Malicious code in backup-my-data (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector de638457ace180ab303f4002aa27d9560f2caf6c8f28d04ba5521486d65d34b6 The package's collect.js loads childprocess, fs, os, http and https, gathers host identifiers via os.hostname and os.homedir, enumerates filesystem...
MAL-2026-5612 Malicious code in gpt-sdk (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8b9bdc5e04979d5b4f73407bcedaecc9df24dbb03e0bfbc0edefe333023dc50c On npm install, postinstall.js runs unconditionally and collects a wide range of installer-side reconnaissance data: hostname and FQDN, contents of...
Malicious code in @koadz/sso (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d284d5d0421ad906d63959ed4e0f3354106166311f4066ff794669f52d1eacfb package.json declares a postinstall hook that runs dist/index.js. The compiled bundle contains an appended payload absent from the index.ts source...
MAL-2026-5562 Malicious code in @koadz/sso (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d284d5d0421ad906d63959ed4e0f3354106166311f4066ff794669f52d1eacfb package.json declares a postinstall hook that runs dist/index.js. The compiled bundle contains an appended payload absent from the index.ts source...
Malicious code in field-upload-tool (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 17402ad5019d1d433139ce2652d18d2493d87acfd1ede435a94c87eb421f25b1 On every npm install, the package's postinstall lifecycle script in package.json spawns a detached, unref'd Node process that decodes a base64-encode...
Malicious code in jailbreak-code (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9f729dde017c78154685be850893a9f3ebd58bf0b5cb1229e7e49fb09b14f5d5 The package presents itself as an AI developer CLI but is engineered as a credential and payment harvester. src/c2.ts hardcodes a Discord webhook URL...
MAL-2026-5543 Malicious code in jailbreak-code (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9f729dde017c78154685be850893a9f3ebd58bf0b5cb1229e7e49fb09b14f5d5 The package presents itself as an AI developer CLI but is engineered as a credential and payment harvester. src/c2.ts hardcodes a Discord webhook URL...
MAL-2026-5468 Malicious code in getd-pantallas-cliente (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 89a26267435645776aa984be114d5c657e63fa9937ff044e5ddd24943b28ea6e On npm install, postinstall.js collects os.hostname, os.userInfo.username, os.platform, process.cwd, and CI/build environment variables and sends the...
Malicious code in getd-typescript-eslint-rules (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector caed4b0db34232c4ef920817b6087cee9ac0610ec4ec2e49edbb5f167342f42f On npm install, the postinstall.js script collects the installer's hostname, OS username, platform, current working directory, CI environment markers...