85886 matches found
CVE-2021-34619
creationtimestamp| type| source ---|---|--- 2026-06-19 12:48:06+00:00| exploited| https://vulnerability.circl.lu/known-exploited-vulnerabilities-catalog/560975b7-612c-4b84-9b6a-36796c7450d9 2026-06-23 14:04:03+00:00| exploited|...
Malicious code in fastercoding (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1c302e448868fcff3110a45d20b53d9d887cfb5aa31bb66df90702f2767246b4 The package exposes a single public function run re-exported from init.py which, on Windows, downloads BackgroundSyncService.exe from...
MAL-2026-6208 Malicious code in fastercoding (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1c302e448868fcff3110a45d20b53d9d887cfb5aa31bb66df90702f2767246b4 The package exposes a single public function run re-exported from init.py which, on Windows, downloads BackgroundSyncService.exe from...
Malicious code in fastercode (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 14de4534d4cf2290f5f54bc5929fa799b73dff2e6a03aa879ade141dfc6ea054 The package advertises itself as a Python performance helper "Make your Python code run faster" and exposes a single public function run. On Windows,...
MAL-2026-6206 Malicious code in fastercode (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 14de4534d4cf2290f5f54bc5929fa799b73dff2e6a03aa879ade141dfc6ea054 The package advertises itself as a Python performance helper "Make your Python code run faster" and exposes a single public function run. On Windows,...
MAL-2026-6192 Malicious code in nodepathbalance54 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d5ade836e7f92049242a01dbc0782900900c4e28eb7e08f9d9ebc611aab80762 nodepathbalance54 exports a single function nodeaxionweb whose implementation is hidden inside a hand-rolled stack-based JavaScript VM in index.js...
Malicious code in nodepathbalance54 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d5ade836e7f92049242a01dbc0782900900c4e28eb7e08f9d9ebc611aab80762 nodepathbalance54 exports a single function nodeaxionweb whose implementation is hidden inside a hand-rolled stack-based JavaScript VM in index.js...
Malicious code in dotenv-sync (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c91932ecf0decc2b900d3e3cd6effe3c4cb1c4ec5ddfd98cde2460facf9f7ae1 On Windows, src/envsync/init.py lines 39-44 unconditionally calls ctypes.CDLL on a bundled 2.9MB PE file parser.pyd at top-level import, wrapped in...
Malicious code in syncagents (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector aebf468a6887fb09002d4ae4aceab77e347034b389b02e252844f7d0d81fabd6 The PyPI package 'syncagents' impersonates the legitimate PyPI package 'agentsync' — the README, PKG-INFO, CHANGELOG, and project URLs all point at...
MAL-2026-6083 Malicious code in syncagents (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector aebf468a6887fb09002d4ae4aceab77e347034b389b02e252844f7d0d81fabd6 The PyPI package 'syncagents' impersonates the legitimate PyPI package 'agentsync' — the README, PKG-INFO, CHANGELOG, and project URLs all point at...
Malicious code in telegram-lite-grabber (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector aad489fe689e441f3237d052bb24702e3178fca26564e662b060c0a8d01fe5f9 Package is named 'telegram-lite-grabber', a name strongly suggestive of a tool intended to harvest Telegram credentials or session data. No concrete...
MAL-2026-6051 Malicious code in telegram-lite-grabber (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector aad489fe689e441f3237d052bb24702e3178fca26564e662b060c0a8d01fe5f9 Package is named 'telegram-lite-grabber', a name strongly suggestive of a tool intended to harvest Telegram credentials or session data. No concrete...
Malicious code in solana-js-client (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 855cf386497f33e21db48ae8b87c769fd777f52b585f3d8d5f276fd4c9d42628 Package masquerades as a 'Drop-in replacement for @solana/web3.js' and lists its author as 'Solana Labs Maintainers ' to impersonate the legitimate...
MAL-2026-5860 Malicious code in solana-js-client (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 855cf386497f33e21db48ae8b87c769fd777f52b585f3d8d5f276fd4c9d42628 Package masquerades as a 'Drop-in replacement for @solana/web3.js' and lists its author as 'Solana Labs Maintainers ' to impersonate the legitimate...
MAL-2026-5861 Malicious code in solana-mev-bot (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e65516d3e042858742ebfee878ff2de6361994ce0155dcbf53c8e0f24cd5fafb bot.js performs a hardcoded HTTPS GET to api.telegram.org's bot sendMessage endpoint, transmitting host fingerprint data collected via os.hostname,...
Malicious code in solana-mev-bot (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e65516d3e042858742ebfee878ff2de6361994ce0155dcbf53c8e0f24cd5fafb bot.js performs a hardcoded HTTPS GET to api.telegram.org's bot sendMessage endpoint, transmitting host fingerprint data collected via os.hostname,...
EUVD-2026-36972
Unauthenticated Cross Site Scripting XSS in Notification for Telegram = 3.5 versions...
CVE-2026-40732
Unauthenticated Cross Site Scripting XSS in Notification for Telegram = 3.5 versions...
CVE-2026-40732 WordPress Notification for Telegram plugin <= 3.5 - Cross Site Scripting (XSS) vulnerability
Unauthenticated Cross Site Scripting XSS in Notification for Telegram = 3.5 versions...
CVE-2026-40732
CVE-2026-40732 affects the WordPress plugin Notification for Telegram (versions ≤ 3.5). The issue is an unauthenticated Cross Site Scripting (XSS) vulnerability, with the root cause not explicitly described in the provided documents. The Patchstack entry assigns a CVSS v3.1 base score of 7.1 (HIG...