1519 matches found
ZimaOS <= v1.2.4 - Sensitive Information Disclosure
ZimaOS is a fork of CasaOS, an operating system for Zima devices and x86-64 systems with UEFI. In version 1.2.4 and all prior versions, the API endpoints in ZimaOS, such as http:///v1/users/image?path=/var/lib/casaos/1/apporder.json and http:///v1/users/image?path=/var/lib/casaos/1/system.json,...
Hackers Exploit Gravity SMTP WordPress Plugin Bug to Expose API Keys
Threat actors are exploiting a recently patched security flaw impacting Gravity SMTP, a WordPress plugin that's installed on about 100,000 sites. The vulnerability, tracked as CVE-2026-4020 CVSS score: 5.3, is a medium-severity information disclosure flaw that can allow unauthenticated attackers ...
Malicious code in node-vfs-polyfill (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7fb213e524ed75dcb54961d6d2ee9431ea6a32f4fdcb9d777bc260102920d81b On install, postinstall.js executes automatically and exfiltrates host reconnaissance data to attacker-controlled subdomains on oastify.com Burp...
MAL-2026-6143 Malicious code in node-vfs-polyfill (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7fb213e524ed75dcb54961d6d2ee9431ea6a32f4fdcb9d777bc260102920d81b On install, postinstall.js executes automatically and exfiltrates host reconnaissance data to attacker-controlled subdomains on oastify.com Burp...
Malicious code in opt-archetype-check (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6497b3f44c017bc9ba783cd75e17d4992f79542d8819558da92e152ee4d4471e On npm install, the package's postinstall hook executes node index.js, which collects the installer's public IP via api.ipify.org, hostname, username...
Malicious code in backoffice-charges-module (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 047eb92a0e8bb401b2c205765616c9b4b715ee7cfd33d2e6ef9dc8d645b77f04 On every npm install, the preinstall lifecycle script node index.js /dev/null 2&1 silently HTTPS-POSTs a JSON payload to https://avamnrwqo7.rbmock.de...
MAL-2026-5929 Malicious code in backoffice-charges-module (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 047eb92a0e8bb401b2c205765616c9b4b715ee7cfd33d2e6ef9dc8d645b77f04 On every npm install, the preinstall lifecycle script node index.js /dev/null 2&1 silently HTTPS-POSTs a JSON payload to https://avamnrwqo7.rbmock.de...
Malicious code in carousel-controller-mixin (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c1a4b1be297682ca77d8a92fc502887ee6d718a5541fa88413acdc6accb3ed97 package.json declares both preinstall and postinstall hooks that execute callback.js on every install. callback.js collects username, uid, hostname,...
MAL-2026-5856 Malicious code in carousel-controller-mixin (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c1a4b1be297682ca77d8a92fc502887ee6d718a5541fa88413acdc6accb3ed97 package.json declares both preinstall and postinstall hooks that execute callback.js on every install. callback.js collects username, uid, hostname,...
Malicious code in intel-ai-safety (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 7bafa4e952ec2e2db6e164f8bf385088c38438396f02f8096c28a6105878e729 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...
Malicious code in vault-strategies (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6b7037d9efc65a0885cc000a92c46ea9bed2097d02c8fb2883ceaa3eb2fd5eeb On npm install, the package's preinstall hook preinstall: node postinstall.js || true executes postinstall.js, which enumerates process.env and filte...
Malicious code in sys-info-cli-app (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1423c435a0e9e86338dd64d138fb1697580751ade2b7486880e21785e1b3eb47 The package's collect.js gathers host identifiers os.hostname, os.homedir along with filesystem and childprocess introspection and POSTs them to a...
Malicious code in @achuthvp/postinstall-poc (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c3dc0d7b5fc216ae117dda9c492a6bbdff46e49ab53f069c2d525dab001bcdb9 package.json declares scripts.postinstall = node postinstall.js. On every npm install, postinstall.js runs execSync'id' and POSTs a JSON body...
MAL-2026-5741 Malicious code in @achuthvp/postinstall-poc (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c3dc0d7b5fc216ae117dda9c492a6bbdff46e49ab53f069c2d525dab001bcdb9 package.json declares scripts.postinstall = node postinstall.js. On every npm install, postinstall.js runs execSync'id' and POSTs a JSON body...
Malicious code in flexitest (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 17f4bae10d193f8128f50dd3010d283dc89016fa468fc8d9b428b5183c505b27 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...
📄 FortiSandbox 4.4.7 Authentication Bypass / Command Injection
This Metasploit auxiliary scanner module is designed to collect system and environment information from vulnerable FortiSandbox instances by leveraging two disclosed vulnerabilities: an authentication bypass and a command injection flaw. The module supports multiple collection modes, including...
Malicious code in backup-my-data (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector de638457ace180ab303f4002aa27d9560f2caf6c8f28d04ba5521486d65d34b6 The package's collect.js loads childprocess, fs, os, http and https, gathers host identifiers via os.hostname and os.homedir, enumerates filesystem...
MAL-2026-5603 Malicious code in backup-my-data (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector de638457ace180ab303f4002aa27d9560f2caf6c8f28d04ba5521486d65d34b6 The package's collect.js loads childprocess, fs, os, http and https, gathers host identifiers via os.hostname and os.homedir, enumerates filesystem...
MAL-2026-5612 Malicious code in gpt-sdk (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8b9bdc5e04979d5b4f73407bcedaecc9df24dbb03e0bfbc0edefe333023dc50c On npm install, postinstall.js runs unconditionally and collects a wide range of installer-side reconnaissance data: hostname and FQDN, contents of...
Malicious code in @koadz/sso (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d284d5d0421ad906d63959ed4e0f3354106166311f4066ff794669f52d1eacfb package.json declares a postinstall hook that runs dist/index.js. The compiled bundle contains an appended payload absent from the index.ts source...