64 matches found
Malicious code in @wame/ngx-frf-utilities (npm)
Malicious package due to JS obfuscation, dynamic code execution, OS/DNS access, suspicious install script, and untrustworthy project. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bfa63e93a0b5a6ead3de9d3680bb75a023c43b59c6db80e0072b6a239cb7d5da The package...
MAL-2026-2412 Malicious code in @wame/ngx-frf-utilities (npm)
Malicious package due to JS obfuscation, dynamic code execution, OS/DNS access, suspicious install script, and untrustworthy project. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bfa63e93a0b5a6ead3de9d3680bb75a023c43b59c6db80e0072b6a239cb7d5da The package...
Malicious code in @wame/ngx-adfs (npm)
Malicious package due to hex obfuscation, dynamic module loading, process access, suspicious install script, and untrustworthy project. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ee67ae68f066d11c3e0625e260c588df3d43384ae91fe74292977ea5304684d9 The package...
MAL-2026-2411 Malicious code in @wame/ngx-adfs (npm)
Malicious package due to hex obfuscation, dynamic module loading, process access, suspicious install script, and untrustworthy project. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ee67ae68f066d11c3e0625e260c588df3d43384ae91fe74292977ea5304684d9 The package...
MAL-2026-2409 Malicious code in @phonos/types (npm)
Multiple evidences indicate malicious behavior: obfuscation, suspicious install script, access to sensitive functionalities, and untrustworthy source. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e8c10ea271203f85e595559214b08565cef54710fcc605eca02483606041cf5...
MAL-2026-2416 Malicious code in oc-ccp-module-client (npm)
Malware due to hex obfuscation, suspicious install script, dynamic module loading, OS command access, process object access, and untrustworthy project. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b2b4b9cee1369c441aa8d759bc04085a8e2b14786df20656a8c6bc249e6260...
MAL-2026-2407 Malicious code in @ceeferenderer/itg-renderer-sdk (npm)
Malicious package due to code obfuscation, dynamic module loading, process exposure, suspicious install script, and untrustworthy author email. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 51b9fa22264e38705c3a7ba319515ee66036e72ab14c32d08b01a5695aa191b8 This...
WordPress plugin PDF Invoice Builder for WooCommerce 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. A security...
WordPress plugin BugsPatrol 安全漏洞
WordPress BugsPatrol plugin is a WordPress theme designed for pest control services, offering the ability to create professional pest control company websites that support the presentation of pest management services in business, home and other scenarios. WordPress BugsPatrol plugin suffers from ...
Microsoft SharePoint Server Remote Code Execution Vulnerability
SharePoint Server is a locally deployed enterprise collaboration platform from Microsoft that supports content sharing, knowledge management, and application integration, and works seamlessly with Microsoft 365 subscriptions to access the latest features. A remote code execution vulnerability...
openSUSE Tumbleweed 安全漏洞
openSUSE Tumbleweed is a desktop and server operating system from openSUSE Germany. A security vulnerability exists in openSUSE Tumbleweed versions prior to 3.3.10-2.1, which stems from a logrotate configuration dependency on untrustworthy input that could lead to elevation of privilege...
WordPress Red Art Code Injection Vulnerability
WordPress Red Art is a theme designed for the art field, mainly used to create artist portfolios, galleries, photography exhibitions, tattoo studios and other art websites. WordPress Red Art suffers from a code injection vulnerability that stems from deserializing untrustworthy data, which can be...
Microsoft SharePoint Server Remote Code Execution Vulnerability (CNVD-2025-24453)
Microsoft SharePoint Server is a groupware for Windows Server made by Microsoft that provides basic portal and corporate intranet functionality. A remote code execution vulnerability exists in Microsoft SharePoint Server due to deserialization of untrustworthy data. An attacker could exploit this...
pycel 安全漏洞
pycel is a library for compiling excel spreadsheets into python code and visualizing them as graphs by Dirk Gorissen, a personal developer. A security vulnerability exists in pycel 1.0b30 and earlier versions, which stems from the possibility of executing arbitrary code when processing...
Google Chrome Input Validation Error Vulnerability (CNVD-2025-07516)
Google Chrome is a web browser from Google Inc. in the United States. Google Chrome suffers from an input validation error vulnerability that stems from insufficient validation of untrustworthy input in Extensions. An attacker can exploit this vulnerability to obtain sensitive information...
CVE-2024-31224
GPT Academic provides interactive interfaces for large language models. A vulnerability was found in gptacademic versions 3.64 through 3.73. The server deserializes untrustworthy data from the client, which may risk remote code execution. Any device that exposes the GPT Academic service to the...
The vulnerability of the Dell ECS storage platform lies in the redirection of the URL to an unreliable website, allowing a hacker to redirect users to any given URL address.
The vulnerability of the Dell ECS storage platform relates to the redirection of URLs to an unreliable website. Exploiting this vulnerability allows a hacker to redirect users to arbitrary URL addresses...
CVE-2024-26024 SUBNET Substation Server Reliance on Insufficiently Trustworthy Component
SUBNET Solutions Inc. has identified vulnerabilities in third-party components used in Substation Server...
FBI warns online daters to avoid “free” online verification schemes that prove costly
The FBI has warned of fraudsters targeting users of dating websites and apps with “free” online verification service schemes that turn out to be very costly. Instead of being free, as advertised, the verification schemes involve steep monthly subscription fees, and will steal personal information...
CVE-2024-31224 GPT Academic: Pickle deserializing cookies may pose RCE risk
GPT Academic provides interactive interfaces for large language models. A vulnerability was found in gptacademic versions 3.64 through 3.73. The server deserializes untrustworthy data from the client, which may risk remote code execution. Any device that exposes the GPT Academic service to the...