186 matches found
Malicious code in paperclip-adapter-helpers (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d49d1a6c5381f58370cbfedc2321bd44796eb4ea79541d967a661760d9759801 [email protected] executes a credential-theft and C2 backdoor automatically on import. The package's main re-exports...
PT-2026-56148
Name of the Vulnerable Software and Affected Versions uncanny-automator-pro WordPress plugin versions prior to 7.3.0.6 Description The software was distributed with malicious code following a compromise of the vendor's update and distribution infrastructure. This supply chain compromise introduce...
SkillCloak Lets Malicious AI Agent Skills Evade Static Scanners with Self-Extracting Packing
Scanners meant to catch malicious add-on "skills" for AI coding agents can be fooled by a few simple changes that leave the malware working, according to a new study from researchers at the Hong Kong University of Science and Technology. Their strongest trick slipped past every scanner tested mor...
Malicious code in vps-maintenance-paperclip-adapter (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 48d7d517534385e3776097217c197836517e4f4d84ef29598724c4398bfc875e On import of the server entry module, a top-level try block detaches a shell process that 1 appends an attacker-controlled ssh-ed25519 public key to...
MAL-2026-5722 Malicious code in textwrap-toolkit-stager (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9fc85924d5672f7c91c2dd5e97c46cc48e3ae48084f906b7b0ba9d606c433fa4 On import textwraptoolkitstager, the package's init.py unconditionally fetches Python source from...
Malicious code in textwrap-toolkit-stager (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9fc85924d5672f7c91c2dd5e97c46cc48e3ae48084f906b7b0ba9d606c433fa4 On import textwraptoolkitstager, the package's init.py unconditionally fetches Python source from...
Malicious code in telebot-server (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3d3c49bb558149b55f90b708ff47e24f6f856a88abb4b2ed477633c3df43d4e2 The package advertises itself as a configurable Telegram bot server README and.env.example reference TELEGRAMBOTTOKEN and ALLOWEDUSERIDS, but the cod...
Malicious code in @limebike/supreme (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4f65cdcb27200e24464982c0678d9dd556342d53886e4d5378da5d9c664fe1c7 Both preinstall and postinstall lifecycle hooks in package.json execute index.js, which collects the installer's hostname, non-internal network...
Malicious code in @tallyui/database (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 1d7af140ba49fc46f93bc668a317637f07fe952aa72fa5aaa3c3f16939d221ff Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in graphicsctxs (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 4786ca298bffb09916e622e06411ae44cb51c842a6eb9bf7bcf445c051463888 Packages in this campaign are used to exfiltrate data from users installing code from prepared Github repositories. Packages contain code to exfiltrate files...
CVE-2018-25272 ELBA5 5.8.0 Remote Code Execution via Database Access
ELBA5 5.8.0 contains a remote code execution vulnerability that allows attackers to obtain database credentials and execute arbitrary commands with SYSTEM level permissions. Attackers can connect to the database using default connector credentials, decrypt the DBA password, and execute commands v...
MAL-2026-2210 Malicious code in @opengov/form-builder (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 19bbc2729962e719c0df5dd96e17dd7ceb90a0a5506ebb318cc50c19b6fe8bb8 The package @opengov/form-builder was found to contain malicious code. Source: google-open-source-security...
MAL-2026-2203 Malicious code in @emilgroup/discount-sdk-node (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 98b66c2b21da822102c367293fd9acc95e864afb9bb8ddebcb3ac0d49ccf583e The package @emilgroup/discount-sdk-node was found to contain malicious code. Source: google-open-source-security...
MAL-2026-2211 Malicious code in @opengov/form-renderer (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f6c8cb05cb54fe0f2f81f0c9a5ff43f2c4a45ab0fa31bcc1d1cade080e731c3d The package @opengov/form-renderer was found to contain malicious code. Source: ghsa-malware...
EUVD-2025-208134
A flaw was found in the Red Hat Ansible Automation Platform Gateway route creation component. This vulnerability allows credential theft via the creation of misleading routes using a double-slash // prefix in the gatewaypath. A malicious or socially engineered administrator can configure a...
CVE-2025-10010
The CVE affects the CPSD CryptoPro Secure Disk: during boot, a small Linux OS validates integrity via IMA, but configuration files are not validated by IMA. This can allow an attacker with physical access to alter config files on the unencrypted partition, enabling arbitrary code execution as roo...
📄 AMSS++ 4.7 Backdoor Admin Account
AMSS++ version 4.7 has a hardcoded backdoor administrative account. Title: AMSS++ 4.7 - Backdoor Admin Account Author: indoushka Date: 2020-02-23 Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 65.032-bit Vendor : http://amssplus.ubn4.go.th/amssplusdownload/amssplus431install.ra...
CVE-2023-4467
A vulnerability was found in Poly Trio 8800 7.2.6.0019 and classified as critical. Affected by this issue is some unknown functionality of the component Test Automation Mode. The manipulation leads to backdoor. It is possible to launch the attack on the physical device. The exploit has been...
CVE-2023-53895 PimpMyLog 1.7.14 Improper Access Control via Account Creation Endpoint
PimpMyLog 1.7.14 contains an improper access control vulnerability that allows remote attackers to create admin accounts without authorization through the configuration endpoint. Attackers can exploit the unsanitized username field to inject malicious JavaScript, create a hidden backdoor account,...
CVE-2025-36752
Growatt ShineLan-X communication dongle has an undocumented backup account with undocumented credentials which allows significant level access to the device, such as allowing any attacker to access the Setting Center. This means that this is effectively backdoor for all devices utilizing a Growat...