CVE-2026-42197

RELATE is a web-based courseware package. Versions prior to commit 555f0efb1c5bd7531c07cd73724d7e566a81f620 have a stored cross-site scripting vulnerability that allows any enrolled student to execute arbitrary JavaScript in an administrator's browser session, potentially leading to full admin...

Malicious code in @godscene/web (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e1bd83a63f0426cc7c4e1a68886c36ff47de093d9b7edc6b410d16c928be50c1 Package @godscene/[email protected] is a re-bundled copy of the legitimate @midscene/web at the same version, preserving the original description, README,...

Malicious code in @piewasm/pie-web-npm-package (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis c0784e4ad568cf85bee3ae36dde67ba090887b3f18f501a518cb24911fb7be29 The OpenSSF Package Analysis project identified '@piewasm/pie-web-npm-package' @ 99.9.1 npm as malicious. It is considered malicious because: -...

MAL-2026-4172 Malicious code in @piewasm/pie-web-npm-package (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis c0784e4ad568cf85bee3ae36dde67ba090887b3f18f501a518cb24911fb7be29 The OpenSSF Package Analysis project identified '@piewasm/pie-web-npm-package' @ 99.9.1 npm as malicious. It is considered malicious because: -...

Malicious code in ethers-web (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 7b57e9cfd1db5527382181f22fbf36f8bbc8cc0df4f701d2b4d6bc7ec7dbc407 The OpenSSF Package Analysis project identified 'ethers-web' @ 1.0.0 npm as malicious. It is considered malicious because: - The package...

Malicious code in @design-system-coopeuch/web (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a871445c3913d747a2f1383bcfdac02d6dec26ddb2053260340284cf4ee02233 Package @design-system-coopeuch/[email protected] is a dependency-confusion squat of an internal-looking scope, published at an inflated 999.x version to...

Malicious code in @alfa.life.mapp/app.web (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d31f4eb43fd465a585f96a6ae24d86885dcb21e0645e446d9831edce30250a9e The package @alfa.life.mapp/app.web was found to contain malicious code. Source: ghsa-malware...

ROOT-APP-MAVEN-CVE-2024-22243 CVE-2024-22243 in io.root.org.springframework:spring-web - Patched by Root

Root has patched CVE-2024-22243 in the io.root.org.springframework:spring-web package for Root:Maven. Multiple fixed versions available...

Malicious code in bmg-web (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 26777925b4f8e199b125a969ad8c6f4e0ff672b87613b22ce2b67fe461ba218e The package bmg-web was found to contain malicious code. Source: ossf-package-analysis 27618387221affefb03509d50b0545c22b6d18574bc71aa6f218350ca5f152...

Malicious code in @evoja-web/create-react-project (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector edb63f2bfa081652aba97d2848d34ffdb1f97f0b744457c6811337282b4359a2 The package @evoja-web/create-react-project was found to contain malicious code...

CVE-2025-7760

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Ofisimo Web-Based Software Technologies Association Web Package Flora allows XSS Through HTTP Headers.This issue affects Association Web Package Flora: from v3.0 through 03022026. NOTE: The...

CVE-2025-7760 Reflected XSS in Ofisimo's Association Web Package Flora

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Ofisimo Web-Based Software Technologies Association Web Package Flora allows XSS Through HTTP Headers.This issue affects Association Web Package Flora: from v3.0 through 03022026. NOTE: The...

CVE-2025-7760 Reflected XSS in Ofisimo's Association Web Package Flora

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Ofisimo Web-Based Software Technologies Association Web Package Flora allows XSS Through HTTP Headers.This issue affects Association Web Package Flora: from v3.0 through 03022026. NOTE: The...

CVE-2025-7760

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Ofisimo Web-Based Software Technologies Association Web Package Flora allows XSS Through HTTP Headers.This issue affects Association Web Package Flora: from v3.0 through 03022026. NOTE: The...

EUVD-2025-206770

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Ofisimo Web-Based Software Technologies Association Web Package Flora allows XSS Through HTTP Headers.This issue affects Association Web Package Flora: from v3.0 through 03022026. NOTE: The...

CVE-2025-7760

CVE-2025-7760 affects Ofisimo Web-Based Software Technologies Association Web Package Flora (versions 3.0 through 03022026). The issue stems from improper input handling during web page generation, enabling cross-site scripting via HTTP headers. Red Hat and other sources corroborate the same desc...

PT-2026-6000

Name of the Vulnerable Software and Affected Versions Ofisimo Web-Based Software Technologies Association Web Package Flora versions 3.0 through 03022026 Description The software contains a flaw related to improper input handling during web page generation, potentially leading to Cross-site...

Open Redirect

Overview Volo.Abp.Account.Web is a part of the ABP Framework. Affected versions of this package are vulnerable to Open Redirect due to improper validation of the returnUrl parameter in the register function. An attacker can redirect users to arbitrary external domains by supplying a crafted URL...

MAL-2025-55023 Malicious code in @rce-web/ui-upgrade-dialog (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 57e62e8b0f953b91fb74e52a2d70374df46b221c1d7cc57bcc80e0671cf32796 The package @rce-web/ui-upgrade-dialog was found to contain malicious code. Source: ossf-package-analysis...

Malicious code in adyen-web-v5 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 25b6c05640ee26217a85a428224b5a1a72790f5efec2d036828cb3cda0afa5ab The package adyen-web-v5 was found to contain malicious code. This package appears to be part of the tea.xyz token reward campaign that flooded npm...