Rancher 安全漏洞

Rancher is an open-source container management platform developed by Rancher in the United States. It is designed for organizations that deploy containers in production environments. Rancher has a security vulnerability caused by path traversal in the compressedEndpoint field within Extensions...

MAL-2025-48357 Malicious code in checkout-ui-extensions-react (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=-...

Malicious code in checkout-ui-extensions-react (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=-...

MAL-2025-32166 Malicious code in retail-ui-extensions-react (npm)

The package retail-ui-extensions-react was found to contain malicious code...

Malicious code in ui-extensions-internal-test (npm)

The package ui-extensions-internal-test was found to contain malicious code...

Malicious code in retail-ui-extensions (npm)

The package retail-ui-extensions was found to contain malicious code...

MAL-2025-37593 Malicious code in ui-extensions-react (npm)

The package ui-extensions-react was found to contain malicious code...

CVE-2024-31997

XWiki Platform is a generic wiki platform. Prior to versions 4.10.19, 15.5.4, and 15.10-rc-1, parameters of UI extensions are always interpreted as Velocity code and executed with programming rights. Any user with edit right on any document like the user's own profile can create UI extensions. Th...

MAL-2024-8887 Malicious code in ui-extensions-test-utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 612535ed853f3bcea44a30e8568888db73a09aa577ffd88994bf21ea077c985a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in ui-extensions-test-utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 612535ed853f3bcea44a30e8568888db73a09aa577ffd88994bf21ea077c985a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2024-31997

CVE-2024-31997 affects XWiki Platform: UI extension parameters are interpreted as Velocity code and executed with programming rights, enabling remote code execution. Affected are versions prior to 4.10.19, 15.5.4, and 15.10-rc-1. Remediations provided in sources patch the vulnerability in XWiki 1...

GHSA-C2GG-4GQ4-JV5J XWiki Platform remote code execution from account through UIExtension parameters

Impact Parameters of UI extensions are always interpreted as Velocity code and executed with programming rights. Any user with edit right on any document like the user's own profile can create UI extensions. This allows remote code execution and thereby impacts the confidentiality, integrity and...

PT-2024-24347 · Unknown · Xwiki Platform

Name of the Vulnerable Software and Affected Versions: XWiki Platform versions prior to 4.10.19 XWiki Platform versions prior to 15.5.4 XWiki Platform versions prior to 15.10-rc-1 Description: XWiki Platform is a generic wiki platform where parameters of UI extensions are always interpreted as...

CVE-2023-2480

Missing access permissions checks in M-Files Client before 23.5.12598.0 excluding 23.2 SR2 and newer allows elevation of privilege via UI extension applications...

Malicious Package

Overview ui-extensions-dev-console-app is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if...

Malicious code in ui-extensions (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 0b54e471f8d727b90e8a922a9f94f923bf020623f671ddb02def79899b0fdcc2 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2022-6752 Malicious code in ui-extensions (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 0b54e471f8d727b90e8a922a9f94f923bf020623f671ddb02def79899b0fdcc2 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2022-864 Malicious code in admin-ui-extensions-template (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 2734426856f28472d04c035064bc06310af65937b72de37955bfa261c7dde5a2 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in admin-ui-extensions-template (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 2734426856f28472d04c035064bc06310af65937b72de37955bfa261c7dde5a2 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in ui-extensions-server-kit (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware c62c5c5dd9010448134993984fa17538a55c6ac68f350f4c9ba81c827f54645a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...