Open Web Analytics 1.7.3 - Remote Code Execution

Open Web Analytics OWA before 1.7.4 allows an unauthenticated remote attacker to obtain sensitive user information, which can be used to gain admin privileges by leveraging cache hashes. This occurs because files generated with '?php instead of the intended "?php sequence aren't handled by the PH...

WordPress AWCA – The Great Analytics Insights for Your eStore plugin <= 3.12.0 - Unauthenticated Reflected Cross-Site Scripting vulnerability

Unauthenticated Reflected Cross-Site Scripting vulnerability discovered by Asaf Mozes in WordPress Plugin Advanced WC Analytics versions = 3.12.0...

CVE-2025-68032

Missing Authorization vulnerability in Passionate Brains Advanced WC Analytics advance-wc-analytics allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Advanced WC Analytics: from n/a through = 3.19.0...

PT-2026-21078

Name of the Vulnerable Software and Affected Versions Passionate Brains Advanced WC Analytics versions through 3.19.0 Description An authorization issue exists in Passionate Brains Advanced WC Analytics, allowing exploitation due to incorrectly configured access control security levels...

CVE-2021-2474

Vulnerability in the Oracle Web Analytics product of Oracle E-Business Suite component: Admin. Supported versions that are affected are 12.1.1-12.1.3. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Web Analytics. Successful attack...

MAL-2025-191217 Malicious code in @everreal/web-analytics (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 77c0514435a2fcfbbc44b6691737ce9fa17b0397b9cbd490173d9dca9fa18adc The package @everreal/web-analytics was found to contain malicious code. Source: ghsa-malware...

Malicious code in @everreal/web-analytics (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 77c0514435a2fcfbbc44b6691737ce9fa17b0397b9cbd490173d9dca9fa18adc The package @everreal/web-analytics was found to contain malicious code. Source: ghsa-malware...

EUVD-2025-199321

Malicious code in @everreal/web-analytics npm...

@everreal/react-charts (>=1.0.0 <=1.0.1-ff20697), @everreal/web-analytics (>=0.0.3 <=0.0.12) +1 more potentially affected by unknown CVE via undefsafe-typed (=1.0.2)

undefsafe-typed NPM version =1.0.2 is affected by a known vulnerability. The following packages have a transitive dependency on undefsafe-typed and may be impacted: - @everreal/react-charts =1.0.0, =0.0.3, =1.1.17, =1.2.5 Source cves: unknown CVE Source advisory: OSV:MAL-2025-190937...

@everreal/react-charts (>=1.0.0 <=1.0.1-ff20697), @everreal/web-analytics (>=0.0.3 <=0.0.12) +1 more potentially affected by unknown CVE via undefsafe-typed (=1.0.2)

undefsafe-typed NPM version =1.0.2 is affected by a known vulnerability. The following packages have a transitive dependency on undefsafe-typed and may be impacted: - @everreal/react-charts =1.0.0, =0.0.3, =1.1.17, =1.2.5 Source cves: unknown CVE Source advisory: SNYK:JS-UNDEFSAFETYPED-14103745...

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Sha1-hulud supply chain attack, and its content was removed from the official package manager. The malware functions as a self-replicating worm capable of...

EUVD-2014-1287

Malware in sbrugna...

EUVD-2014-1533

Malware in sbrugna...

EUVD-2017-1838

Malware in sbrugna...

EUVD-2010-2681

Malware in sbrugna...

EUVD-2010-2680

Malware in sbrugna...

EUVD-2021-16932

Malware in sbrugna...

EUVD-2014-1532

Malware in sbrugna...

EUVD-2014-2332

Malware in sbrugna...

EUVD-2025-29208

Malicious code in bioql PyPI...