5 matches found
MAL-2025-4727 Malicious code in ach-spa-facephi (npm)
The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware dd75f718721082889a41c284f8f6a36bc2940f0041d4ff2257a7065e040b7d9c Any computer that has this package installed or running should be considered...
CVE-2019-5433
A user having access to the UI of a Revive Adserver instance could be tricked into clicking on a specifically crafted admin account-switch.php URL that would eventually lead them to another unsafe domain, potentially used for stealing credentials or other phishing attacks. This vulnerability was...
MAL-2025-1565 Malicious code in tablegen (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 3570d8e35e0d101811baef90ca7f5697fcb57be4cf3d82558480a54fb37d99d1 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2025-524 Malicious code in lyft-auth (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 2c565f4f063903c396ce391a766b2f2e23376ee54056eed2f91fe4584c931069 The OpenSSF Package Analysis project identified 'lyft-auth' @ 999.9.9 npm as malicious. It is considered malicious because: - The package...
CVE-2017-8458
Brave 0.12.4 has a URI Obfuscation issue in which a string such as https://[email protected]/ is displayed without a clear UI indication that it is not a resource on the safe.example.com web site...