Lucene search
+L

213 matches found

snyk
snyk
added 2025/08/14 3:31 p.m.3 views

Malicious Package

Overview duoblogcomment is a malicious package. This package contains malicious code, and its content was removed from the official package manager. The package appears to be part of a larger campaign targeting user credentials. It, and several other variations, masquerade as automation tools for...

8.6CVSS6.9AI score
Exploits0References3
snyk
snyk
added 2025/08/14 3:31 p.m.2 views

Malicious Package

Overview tgsendzon is a malicious package. This package contains malicious code, and its content was removed from the official package manager. The package appears to be part of a larger campaign targeting user credentials. It, and several other variations, masquerade as automation tools for soci...

8.6CVSS6.9AI score
Exploits0References3
snyk
snyk
added 2025/08/14 3:31 p.m.1 views

Malicious Package

Overview tblogzon is a malicious package. This package contains malicious code, and its content was removed from the official package manager. The package appears to be part of a larger campaign targeting user credentials. It, and several other variations, masquerade as automation tools for socia...

8.6CVSS6.9AI score
Exploits0References3
snyk
snyk
added 2025/08/14 3:31 p.m.1 views

Malicious Package

Overview tblogduopack is a malicious package. This package contains malicious code, and its content was removed from the official package manager. The package appears to be part of a larger campaign targeting user credentials. It, and several other variations, masquerade as automation tools for...

8.6CVSS6.9AI score
Exploits0References3
snyk
snyk
added 2025/08/14 3:31 p.m.3 views

Malicious Package

Overview tgsendduo is a malicious package. This package contains malicious code, and its content was removed from the official package manager. The package appears to be part of a larger campaign targeting user credentials. It, and several other variations, masquerade as automation tools for soci...

8.6CVSS6.9AI score
Exploits0References3
snyk
snyk
added 2025/08/14 3:31 p.m.4 views

Malicious Package

Overview t64d is a malicious package. This package contains malicious code, and its content was removed from the official package manager. The package appears to be part of a larger campaign targeting user credentials. It, and several other variations, masquerade as automation tools for social...

8.6CVSS6.9AI score
Exploits0References3
snyk
snyk
added 2025/08/14 3:31 p.m.1 views

Malicious Package

Overview cafebuy is a malicious package. This package contains malicious code, and its content was removed from the official package manager. The package appears to be part of a larger campaign targeting user credentials. It, and several other variations, masquerade as automation tools for social...

8.6CVSS6.9AI score
Exploits0References3
snyk
snyk
added 2025/08/14 3:31 p.m.1 views

Malicious Package

Overview cafebasics is a malicious package. This package contains malicious code, and its content was removed from the official package manager. The package appears to be part of a larger campaign targeting user credentials. It, and several other variations, masquerade as automation tools for...

8.6CVSS6.9AI score
Exploits0References3
snyk
snyk
added 2025/08/14 3:31 p.m.5 views

Malicious Package

Overview cafebuyduo is a malicious package. This package contains malicious code, and its content was removed from the official package manager. The package appears to be part of a larger campaign targeting user credentials. It, and several other variations, masquerade as automation tools for...

8.6CVSS6.9AI score
Exploits0References3
nessus
nessus
added 2025/08/09 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2022-40617

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - strongSwan before 5.9.8 allows remote attackers to cause a denial of service in the revocation plugin by sending a crafted end-entity and intermediate CA...

7.5CVSS9.1AI score0.01634EPSS
Exploits0References2
osv
osv
added 2025/07/02 8:15 p.m.5 views

CVE-2025-34074

An authenticated remote code execution vulnerability exists in Lucee’s administrative interface due to insecure design in the scheduled task functionality. An administrator with access to /lucee/admin/web.cfm can configure a scheduled job to retrieve a remote .cfm file from an attacker-controlled...

9.4CVSS6.6AI score0.01134EPSS
Exploits1References3
cnnvd
cnnvd
added 2025/06/30 12:0 a.m.8 views

Intersections Hotspot Shield VPN 注入漏洞

Intersections Hotspot Shield VPN is a virtual private network VPN service product from Intersections, Inc. Intersections Hotspot Shield VPN suffers from an injection vulnerability that stems from an injection issue in the processing of the Host header, which could result in request redirection or...

2.3CVSS7.2AI score0.00269EPSS
Exploits0References1
redhatcve
redhatcve
added 2025/05/23 3:19 a.m.6 views

CVE-2023-23848

Missing permission checks in Synopsys Jenkins Coverity Plugin 3.0.2 and earlier allow attackers with Overall/Read permission to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

4.3CVSS6.7AI score0.0052EPSS
Exploits0References1
cve
cve
added 2025/05/22 2:31 p.m.120 views

CVE-2025-0993

CVE-2025-0993 affects GitLab CE/EE, all versions before 17.10.7, 17.11 before 17.11.3, and 18.0 before 18.0.1. The issue can allow an authenticated attacker to cause a denial of service by exhausting server resources, with high availability impact. The provided documents do not include a concrete...

7.5CVSS7.1AI score0.00484EPSS
Exploits0References2Affected Software1
debiancve
debiancve
added 2025/05/22 2:31 p.m.27 views

CVE-2025-0993

Removed by vendor...

7.5CVSS7.5AI score0.00484EPSS
Exploits0
osv
osv
added 2025/05/22 2:31 p.m.7 views

CVE-2025-0993 Allocation of Resources Without Limits or Throttling in GitLab

An issue has been discovered in GitLab CE/EE affecting all versions before 17.10.7, 17.11 before 17.11.3, and 18.0 before 18.0.1. This could allow an authenticated attacker to cause a denial of service condition by exhausting server resources...

7.5CVSS8.2AI score0.00484EPSS
Exploits0References5
redhatcve
redhatcve
added 2025/05/22 10:25 a.m.11 views

CVE-2019-10389

A missing permission check in Jenkins Relution Enterprise Appstore Publisher Plugin 1.24 and earlier allows attackers to have Jenkins initiate an HTTP connection to an attacker-specified server...

4.3CVSS6.7AI score0.00615EPSS
Exploits0References1
ossf
ossf
added 2025/04/22 4:49 a.m.7 views

Malicious code in concurrent-hashmap (npm)

This package runs a post-install script that exfils sensitive data to a attacker-controlled server. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b043630941c12131f7d10fdb97608a15c397c2cf21e74116aa2fd89a1840a58e Any computer that has this package installed or runni...

6.8AI score
Exploits0References1
packetstorm
packetstorm
added 2025/04/15 12:0 a.m.233 views

📄 SilverStripe 5.3.8 Cross Site Scripting

SilverStripe version 5.34.8 suffers from a persistent cross site scripting vulnerability. Exploit Title: SilverStripe 5.3.8 - Stored Cross Site Scripting XSS Authenticated Date: 2025-01-15 Exploit Author: James Nicoll Vendor Homepage: https://www.silverstripe.org/ Software Link:...

5.4CVSS6.2AI score0.01108EPSS
Exploits2
ossf
ossf
added 2025/01/30 4:14 p.m.5 views

Malicious code in hardhat-configs (npm)

This package exfiltrates sensitive Ethereum-related data such as mnemonics and private keys to an attacker-controlled server. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 98317ddb2bbad731c7576eb5f64b3a91f7e6f7bd135fa5ef05b7a2ad3da15992 Any computer that has this...

6.8AI score
Exploits0References1
Rows per page
Query Builder