1063 matches found
MAL-2026-2130 Malicious code in fancode-web-app (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6e56c163153700b6fef7090e078a98b7c2403088e5c5f487344dc419af8adaa7 The package fancode-web-app was found to contain malicious code. Source: ghsa-malware a933e6c673f3cf2c4cb0e768570b64dcf627ac59e6b29c2e9afd5a5fb3d4396...
FriendlyDealer mimics official app stores to push unvetted gambling apps
We’ve identified a huge social-engineering campaign designed to steer people into online gambling sites under the impression they’re installing a legitimate app. We’re calling it FriendlyDealer. It’s been observed across at least 1,500 domains, each hosting a website that impersonates the Google...
web-app-security-project
🛡️ Web Application Security Project 📌 Overview This projec...
MAL-2026-1825 Malicious code in proleis-web-app (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector afd065de5d26ebde43c9fef2003ea3ffbc21bfa47120965cf1c6a893da876d33 The package proleis-web-app was found to contain malicious code...
Malicious code in proleis-web-app (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector afd065de5d26ebde43c9fef2003ea3ffbc21bfa47120965cf1c6a893da876d33 The package proleis-web-app was found to contain malicious code...
CVE-2026-3023
Non-relational SQL injection vulnerability NoSQLi in the Wakyma web application, specifically in the endpoint 'vets.wakyma.com/pets/print-tags'. This vulnerability could allow an authenticated user to alter a POST request to the affected endpoint for the purpose of injecting NoSQL commands,...
PT-2026-25671
Non-relational SQL injection vulnerability NoSQLi in the Wakyma web application, specifically in the endpoint 'vets.wakyma.com/hospitalization/generate-hospitalization-summary'. This vulnerability could allow an authenticated user to alter a POST request to the affected endpoint for the purpose o...
PT-2026-25673
Stored Cross-Site Scripting XSS vulnerability in the Wakyma web application, specifically in the endpoint 'vets.wakyma.com/configuracion/agenda/modelo-formulario-evento'. A user with permission to create personalized accounts could exploit this vulnerability simply by creating a malicious survey...
Chromium: CVE-2026-3935 Incorrect security UI in WebAppInstalls
This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...
SUSE CVE-2026-3935
Incorrect security UI in WebAppInstalls in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Chromium security severity: Medium...
CVE-2026-3935
Incorrect security UI in WebAppInstalls in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Chromium security severity: Medium...
CVE-2026-3935
CVE-2026-3935 affects Google Chrome/Chromium on multiple platforms due to an incorrect security UI in WebAppInstalls, enabling UI spoofing via a crafted HTML page. Affected versions before 146.0.7680.71 (Chrome/Chromium upstream) are susceptible; fixes are delivered in Chromium 146.0.7680.71 and ...
CVE-2026-3935
Incorrect security UI in WebAppInstalls in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Chromium security severity: Medium...
PT-2026-24882
CVE-2026-3935 Incorrect security UI in WebAppInstalls in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Chromium secu… https://t.co/HGxaJ6tckB...
CVE-2026-30240
Budibase is a low code platform for creating internal tools, workflows, and admin panels. In 3.31.5 and earlier, a path traversal vulnerability in the PWA Progressive Web App ZIP processing endpoint POST /api/pwa/process-zip allows an authenticated user with builder privileges to read arbitrary...
CVE-2026-30240 Budibase PWA ZIP Upload Path Traversal Allows Reading Arbitrary Server Files Including All Environment Secrets
Budibase is a low code platform for creating internal tools, workflows, and admin panels. In 3.31.5 and earlier, a path traversal vulnerability in the PWA Progressive Web App ZIP processing endpoint POST /api/pwa/process-zip allows an authenticated user with builder privileges to read arbitrary...
CVE-2026-30240
Budibase PWA ZIP upload path traversal (CVE-2026-30240) affects Budibase 3.31.5 and earlier. Affected component: PWA ZIP processing endpoint at POST /api/pwa/process-zip. Root cause: unsanitized usage of path.join() with user-controlled input from icons.json inside the uploaded ZIP allowing an au...
Budibase 安全漏洞
Budibase is an open-source platform developed by Budibase in the UK. It allows for the creation of internal applications, workflows, and management panels within minutes. Budibase versions 3.31.5 and earlier have a security vulnerability caused by a path traversal issue in the PWA ZIP processing...
CVE-2026-28405
MarkUs is a web application for the submission and grading of student assignments. Prior to version 2.9.1, the courses//assignments//submissions/htmlcontent route reads the contents of a student-submitted file and renders them without sanitization. This issue has been patched in version 2.9.1...
Malicious Package
Overview dc-web-app is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...