MAL-2026-5807 Malicious code in sam-package (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 26e593046a8f405a1a571d19aaa6bd46db57c4a22fce4b9acfc114dd4eb8ffb6 [email protected] is a malicious package whose only purpose is to deliver a prompt-injection payload targeting AI coding assistants Copilot, Cursor,...

PT-2026-39296

Name of the Vulnerable Software and Affected Versions grav-plugin-admin versions prior to 1.10.49.5 Description The application fails to properly validate and sanitize user input in the dataheadertitle parameter. This allows attackers to craft a malicious URL containing a Cross-Site Scripting XSS...

Fake TikTok Downloaders on Chrome and Edge Spying on 130,000 Users

Over 130,000 users are at risk from fake TikTok downloader extensions on Chrome and Microsoft Edge. Researchers discovered these malicious tools use device fingerprinting to spy on users and steal sensitive browser data...

EUVD-2018-6548

Malware in sbrugna...

EUVD-2020-27311

Malware in sbrugna...

EUVD-2019-13053

Malware in sbrugna...

EUVD-2019-11339

Malware in sbrugna...

EUVD-2018-0836

Malware in sbrugna...

EUVD-2020-4164

Malware in sbrugna...

EUVD-2018-14279

Malware in sbrugna...

EUVD-2024-0025

Malicious code in bioql PyPI...

EUVD-2022-1128

Malicious code in bioql PyPI...

EUVD-2025-7077

Malicious code in bioql PyPI...

EUVD-2022-44475

Malicious code in bioql PyPI...

EUVD-2025-18487

Malicious code in bioql PyPI...

EUVD-2025-6968

Malicious code in bioql PyPI...

EUVD-2025-6934

Malicious code in bioql PyPI...

EUVD-2024-0617

Malicious code in bioql PyPI...

EUVD-2024-53893

Malicious code in bioql PyPI...

CVE-2025-54593

FreshRSS is a free, self-hostable RSS aggregator. In versions 1.26.1 and below, an authenticated administrator user can execute arbitrary code on the FreshRSS server by modifying the update URL to one they control, and gain code execution after running an update. After successfully executing code...