Lucene search
+L

735 matches found

ossf
ossf
added 3 days ago5 views

Malicious code in abuden219 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1de0c667d7c3cbfd4c96728443db8ac059d53487498341bd937cf2aaf738574a The tarball ships auto-publish.sh, a script that republishes the same payload under 100 distinct npm names ishowfeet1-ishowfeet20, nottuff1-nottuff30...

6.2AI score
Exploits0References4
ossf
ossf
added 3 days ago6 views

Malicious code in imillegal3 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 390cc6f70ea2d87c44d68b9d62410d2ea485b64778bd536a1733503789c42d07 The tarball ships auto-publish.sh, a script that republishes the same payload under 100 distinct npm names ishowfeet1-ishowfeet20, nottuff1-nottuff30...

6.2AI score
Exploits0References4
osv
osv
added 3 days ago2 views

MAL-2026-10396 Malicious code in whatsadmaidk (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 604f59cbac58a8e35ba82016c72efe0c02226eec9273e96ee9215dd72cbe0392 The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...

6.1AI score
Exploits0References2
ossf
ossf
added 2026/07/07 12:0 a.m.10 views

Malicious code in vps-adapter-core (npm)

The package 'vps-adapter-core' is a purpose-built malware package published by the npm account 'srm0rgan' [email protected] as part of a coordinated campaign of fake 'Paperclip' VPS-maintenance adapters siblings: paperclip2, vps-maintenance, vps-maintenance-paperclip-adapter, paperclip-host-util...

6.1AI score
Exploits0References5
ossf
ossf
added 2026/07/06 6:57 p.m.8 views

Malicious code in secure-box (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1fac79042697157915144f205c342b79f8a019218c45580224a85c045c03fea9 The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...

5.9AI score
Exploits0References3
attackerkb
attackerkb
added 2026/06/22 10:16 p.m.6 views

CVE-2026-54232

vLLM is an inference and serving engine for large language models LLMs. Prior to 0.22.1, the vLLM Dockerfile is vulnerable to a dependency confusion attack through the flashinfer-jit-cache package. The package is installed from a custom index flashinfer.ai/whl/ using --extra-index-url, but the...

8.8CVSS6.2AI score0.00304EPSS
Exploits1References2Affected Software1
attackerkb
attackerkb
added 2026/06/19 7:46 p.m.6 views

CVE-2026-48787

gin-vue-admin is an AI-assisted basic development platform. In version 2.9.1, an authenticated attacker with access to the code-generation feature and MCP management interface can exploit this vulnerability by injecting attacker-controlled Go source code through POST /autoCode/addFunc, and then...

8.7CVSS6.6AI score0.0047EPSS
Exploits0References2
ossf
ossf
added 2026/06/09 3:10 p.m.14 views

Malicious code in enquriers (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7c7f041bb6800c0c765683543b18f204299e64265c3d9124c54f7f0169b53348 Package name 'enquriers' closely resembles the widely-used 'enquirer' package transposed/added characters, suggesting potential name-confusion risk. ...

6.3AI score
Exploits0References3
osv
osv
added 2026/06/09 2:17 p.m.10 views

MAL-2026-5380 Malicious code in @doaction/sudo-prompt (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e989180180ebba42b05f086cda01159058a0a9ccca3c4beb95f3e5a31430dfe6 @doaction/sudo-prompt shares the name of the widely-used unscoped sudo-prompt package but contains none of its privilege-escalation functionality. Th...

6.2AI score
Exploits0References3
packetstormnews
packetstormnews
added 2026/06/09 12:0 a.m.19 views

Securing Code Understanding: Detecting Natural Backdoor Vulnerability in Code Language Models

Code Language Models CodeLMs have become integral to software engineering, significantly advancing code intelligence tasks. However, their widespread adoption has raised critical security concerns, particularly regarding susceptibility to backdoor attacks. Recent studies have uncovered naturally...

5.8AI score
Exploits0
redhatcve
redhatcve
added 2026/06/05 7:21 p.m.13 views

CVE-2026-3623

IBM Netezza Performance Server Replication Services 3.0.2.0 through 3.0.5.0 allows an attacker with low‑privileged access to escalate their privileges to root. By exploiting this flaw, the attacker can execute root‑level commands, obtain a root shell, and change the root user’s password. Successf...

7.8CVSS5.6AI score0.00151EPSS
Exploits0References1
ossf
ossf
added 2026/06/05 12:53 a.m.14 views

Malicious code in autotel-sentry (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 84599539075d0dc6b022b261b65d1926f5772707f817dbc50178b5538220e2aa The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...

6.1AI score
Exploits0References4
ossf
ossf
added 2026/06/05 12:53 a.m.19 views

Malicious code in autotel-aws (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e356eee42d8cb9a80967237c11de3358548389fe2e413f1bbc3fae630c7d28f8 No concrete installer-harm signals were identified in this package version. No lifecycle hooks fetching external code, no credential-path reads, no...

6.1AI score
Exploits0References3
ossf
ossf
added 2026/06/05 12:53 a.m.20 views

Malicious code in executable-stories-vitest (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d9900528338f5a1325fa66f8ebc1b72d1a24d63d708b42bbd5c54146ad7a6cbd No concrete installer-harm indicators were identified in this package version. No lifecycle-script behavior, network beacon, credential read, or...

6.1AI score
Exploits0References9
ossf
ossf
added 2026/06/05 12:53 a.m.17 views

Malicious code in autotel-drizzle (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ed16d2715633927ef05b9b370a8d37f95581137f46144053bcb53f94430f2f33 The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...

6.1AI score
Exploits0References4
ossf
ossf
added 2026/06/05 12:53 a.m.13 views

Malicious code in awaitly (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a3b437ec90b9b48314676b67f08b3ab9a54e1d3b787aa17d668dd0459f2cf68b The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...

6.1AI score
Exploits0References4
ossf
ossf
added 2026/06/05 12:53 a.m.58 views

Malicious code in ai-sdk-ollama (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 19f3e848ffd678e29b96aec1a0aa02dcdcb7c3c5f58bc357ee3b3483b395577d The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...

6.1AI score
Exploits0References7
ossf
ossf
added 2026/06/05 12:53 a.m.19 views

Malicious code in awaitly-analyze (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e3f926748b1e107755cfd17cb9151edc730b0228b6e857735a6794f8c1e71c65 No concrete indicators of installer-side harm were identified in this package version. No lifecycle hooks fetching remote payloads, no credential-pat...

6.1AI score
Exploits0References12
ossf
ossf
added 2026/06/05 12:53 a.m.15 views

Malicious code in autotel-adapters (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4e39e600baede93e3a5b493d603c5fe392c561544c95611960149ac4e7b99f98 No concrete installer-harm evidence was identified for [email protected]. No lifecycle-script droppers, hardcoded exfiltration endpoints,...

6.1AI score
Exploits0References3
ossf
ossf
added 2026/06/05 12:53 a.m.13 views

Malicious code in autotel-edge (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 811b38cb7e91f18a899293fc6cd657bdc63f07714d5277920cfc21532b5aca08 No concrete installer-harm signals were identified in this package version. No lifecycle hooks, hardcoded exfiltration endpoints, credential-path...

6.2AI score
Exploits0References3
Rows per page
Query Builder