28098 matches found
Malicious code in express-router-engine (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 49091d8e8923e3e709cebd14f01ee1617267bf3f9b6be99052603715b7cf9f70 The sole shipped file index.js is a heavily obfuscated RC4 + base64 string-array, 337-entry rotated array, control-flow flattening IIFE that executes...
Malicious code in cursed-ecto-d3ab00 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 49348969de68b56d680a46f67f817053621fa41a5220d8cd0bc1da720e77a5a1 The package has no legitimate functionality index.js is an empty module and exists solely to run an install-time attack payload. All four lifecycle...
Malicious code in tailwind-animate-v4 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fd43366b04ea80c2244079c09602623af157ce00cba9ae1837005b97ffe44bdb The package presents itself as a Tailwind CSS animation plugin and reproduces the legitimate tailwindcss-animate source including its original author...
CVE-2026-4275
creationtimestamp| type| source ---|---|--- 2026-07-09 14:57:43+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mq7vgdjneg26 2026-07-10 00:00:27+00:00| seen| https://bsky.app/profile/pulse-wp.com/post/3mqatqsu5rv2o...
CVE-2026-4256
creationtimestamp| type| source ---|---|--- 2026-07-09 14:52:43+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mq7v5f3nus2i...
CVE-2025-58151
CVE-2025-58151 affects varstored, a Xen/Xapi component that handles UEFI variables and maps guest memory to OVMF. The vulnerability arises from TOCTOU due to insufficient compiler barriers in the shared buffer, with exploitation depending on compiler-generated code, and the attacker potentially c...
CVE-2025-58151 varstored: TOCTOU issues with mapped guest memory
varstored is a component of the Xapi toolstack handling UEFI Variables for a VM. It has a communication path with OVMF inside the VM involving mapping a buffer prepared by OVMF. Within varstored, there were insufficient compiler barriers, creating TOCTOU issues with data in the shared buffer. The...
CVE-2026-15170
creationtimestamp| type| source ---|---|--- 2026-07-09 14:35:14+00:00| seen| https://bsky.app/profile/o2cloud.bsky.social/post/3mq7u64nhfe25...
CVE-2026-58303
creationtimestamp| type| source ---|---|--- 2026-07-09 12:47:10+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mq7o4uy5hk2t...
Malicious code in playwrightr (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1e165b925f82629524e611c81597c32a171df7cec246dc73f268d8192ccbe2c5 setup.py registers a CustomInstallCommand that runs automatically on pip install under Windows. It uses WinHTTP via ctypes to fetch a binary from...
ruby: net-imap: Net::IMAP: Denial of Service via crafted IMAP responses
A flaw was found in Net::IMAP, a Ruby library implementing the Internet Message Access Protocol IMAP client functionality. A hostile server can exploit a quadratic time complexity issue in the Net::IMAP::ResponseReader when processing large responses containing numerous string literals. This can...
CVE-2026-12590
creationtimestamp| type| source ---|---|--- 2026-07-09 10:29:15+00:00| seen| https://bsky.app/profile/ulisesgascon.com/post/3mq7gg7lj5s2d 2026-07-10 05:29:48+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mqbg5qdepx2e...
CVE-2026-14245
creationtimestamp| type| source ---|---|--- 2026-07-09 09:00:27+00:00| seen| https://infosec.exchange/users/offseq/statuses/116889198686002131 2026-07-09 09:00:30+00:00| seen| https://bsky.app/profile/offseq.bsky.social/post/3mq7bhkabxp24 2026-07-09 22:30:57+00:00| seen|...
CVE-2026-14342
The Mail Mint – Email Marketing, Newsletter, Email Automation & WooCommerce Emails plugin for WordPress is vulnerable to time-based SQL Injection via the 'contactids' parameter in all versions up to, and including, 1.24.2 due to insufficient escaping on the user supplied parameter and lack of...
CVE-2026-11869
creationtimestamp| type| source ---|---|--- 2026-07-09 08:01:59+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mq766nzxj42g...
CVE-2026-11571
creationtimestamp| type| source ---|---|--- 2026-07-09 07:59:31+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mq762jnkum25 2026-07-09 17:47:41+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mqa6wauter26...
CVE-2026-14342 Mail Mint <= 1.24.2 - Authenticated (Administrator+) SQL Injection via 'contact_ids' Parameter
The Mail Mint – Email Marketing, Newsletter, Email Automation & WooCommerce Emails plugin for WordPress is vulnerable to time-based SQL Injection via the 'contactids' parameter in all versions up to, and including, 1.24.2 due to insufficient escaping on the user supplied parameter and lack of...
EUVD-2026-42545
The Mail Mint – Email Marketing, Newsletter, Email Automation & WooCommerce Emails plugin for WordPress is vulnerable to time-based SQL Injection via the 'contactids' parameter in all versions up to, and including, 1.24.2 due to insufficient escaping on the user supplied parameter and lack of...
CVE-2026-14245
The miniOrange OTP Login, Verification and SMS Notifications plugin for WordPress is vulnerable to Authentication Bypass leading to Administrator Account Takeover in all versions up to, and including, 5.5.1. This is due to the umresetpasswordprocesshook function performing no server-side...
CVE-2026-14342
The Mail Mint – Email Marketing, Newsletter, Email Automation & WooCommerce Emails plugin for WordPress is vulnerable to time-based SQL Injection via the 'contactids' parameter in all versions up to, and including, 1.24.2 due to insufficient escaping on the user supplied parameter and lack of...