40 matches found
CVE-2026-41031 A Stored Cross-Site Scripting (XSS) vulnerability occurs in Vinna Process Monitor
A Stored Cross-Site Scripting vulnerability in Vinna Process Monitor Version 4.0 Service Pack 1 Build 63255 allows an authenticated remote attacker with low privileges to inject malicious JavaScript code into the application. This enables attackers to steal administrative access tokens and sessio...
MAL-2026-5244 Malicious code in discord-search (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1588cbceb5959b1a1b9e22d2b54d3d67e6bac9c8be4538df23f809772e4a9850 The package was found to contain malicious code or consuming dependency that contains malicious code Source: google-open-source-security...
MAL-2026-4490 Malicious code in auth0-templates-scripts-utils (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ed9a505fcbf6daef28b6625dcbde65ea1dd00b01c1a684debfdedfc7e5bc3643 Package name impersonates the Auth0 ecosystem. Its postinstall hook node index.js runs unconditionally on npm install and performs a multi-stage data...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a credential-stealing payload and worm propagation logic. A malicious actor associated with the "TeamPCP" or "Mini Shai-Hulud" campaign compromised a maintainer's access token; this allowed the...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a credential-stealing payload and worm propagation logic. A malicious actor associated with the "TeamPCP" or "Mini Shai-Hulud" campaign compromised a maintainer's access token; this allowed the...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a credential stealer worm. A malicious actor managed to extract a GitHub Actions OIDC token from the runner process and publish tampered versions of 42 @tanstack/ packages to npm, which then spread ...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a credential stealer worm. A malicious actor managed to extract a GitHub Actions OIDC token from the runner process and publish tampered versions of 42 @tanstack/ packages to npm, which then spread ...
EUVD-2023-60559
Joomla Solidres 2.13.3 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by manipulating multiple GET parameters including show, reviews, typeid, distance, facilities, categories, prices, location, and Itemid. Attackers can...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Shai-hulud supply chain attacks. The malware functions as a self-replicating worm that spreads via npm dependencies to compromise developer environments;...
CVE-2025-42872
Due to a Cross-Site Scripting XSS vulnerability in SAP NetWeaver Enterprise Portal, an unauthenticated attacker could inject malicious scripts that execute in the context of other users� browsers, allowing the attacker to steal session cookies, tokens, and other sensitive information. As a result...
CVE-2025-42872
CVE-2025-42872 describes a Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Enterprise Portal. An unauthenticated attacker can inject scripts that run in other users’ browsers, potentially stealing session cookies, tokens, and other sensitive information. The impact is characterized as l...
Malicious code in quickswap-ads-list (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7a51e9188f2b9786cc34efba72bae1dbcf1b659db890a4b5d133a8b94ea60c13 The package quickswap-ads-list was found to contain malicious code. Source: ghsa-malware...
Malicious code in @voiceflow/secrets-provider (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 527df6a20822831f2bc2435e1db61fcc192d163d6a81240078e8e93066dc1235 The package @voiceflow/secrets-provider was found to contain malicious code. Source: ghsa-malware...
MAL-2025-191265 Malicious code in @oku-ui/presence (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9ccfe3cd227dfd52c2a7bb6d2c15fc511a5d1baab2eb3378960905005e421b9a The package @oku-ui/presence was found to contain malicious code. Source: google-open-source-security...
MAL-2025-191236 Malicious code in @ifings/design-system (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c8a2d458b22985eaf37f768018a4359ed4e32182c1c21f0f204e440b8f37772f The package @ifings/design-system was found to contain malicious code. Source: ghsa-malware...
MAL-2025-191224 Malicious code in @fishingbooker/react-swiper (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 06f57ab28c32fa764c92d001b6c970f064bf1c5544959b2c677d8ce8f26d3bd5 The package @fishingbooker/react-swiper was found to contain malicious code. Source: ghsa-malware...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Sha1-hulud supply chain attack, and its content was removed from the official package manager. The malware functions as a self-replicating worm capable of...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Sha1-hulud supply chain attack, and its content was removed from the official package manager. The malware functions as a self-replicating worm capable of...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Sha1-hulud supply chain attack, and its content was removed from the official package manager. The malware functions as a self-replicating worm capable of...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Sha1-hulud supply chain attack, and its content was removed from the official package manager. The malware functions as a self-replicating worm capable of...