Lucene search
+L

413 matches found

euvd
euvd
added 3 days ago5 views

EUVD-2026-43587

SAP NetWeaver Application Server Java allows an unauthenticated attacker to inject malicious JavaScript through crafted URLs. When a victim accesses such a URL, the script executes in the user's browser, allowing the attacker to access sensitive session information and modify non-sensitive data...

8.2CVSS6.1AI score0.00263EPSS
Exploits0References2
osv
osv
added 2026/07/06 3:6 a.m.7 views

MAL-2026-6794 Malicious code in zod-pino434 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 599a5d533bf699156b78f5296f643227bf3e43d8e46f2adabfe250205a05bd26 Package name zod-pino434 and package.json description Node.js integration layer for Autodesk Forge do not match the shipped code. On npm install, the...

6AI score
Exploits0References3
ossf
ossf
added 2026/06/28 11:3 a.m.10 views

Malicious code in fsociety-tools (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 88731d75288f663967fc64dde12b04eb43a2eb3d4113486bf35b1cf3d89ae537 On import, fsocietytools/init.py loads tokens.py, which at module load time instantiates TokenManager. The constructor concatenates eight large strin...

5.9AI score
Exploits0References4
osv
osv
added 2026/06/28 11:3 a.m.7 views

MAL-2026-6558 Malicious code in fsociety-tools (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 88731d75288f663967fc64dde12b04eb43a2eb3d4113486bf35b1cf3d89ae537 On import, fsocietytools/init.py loads tokens.py, which at module load time instantiates TokenManager. The constructor concatenates eight large strin...

5.9AI score
Exploits0References4
osv
osv
added 2026/06/27 8:52 p.m.11 views

MAL-2026-6549 Malicious code in discord-token-generator (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ebd016cfcb52b59c0141268099b96c1336a15ca1d0afce46f367c7fe376f57de discordtokengenerator/init.py imports tokens.py, which instantiates TokenManager at module load. The constructor calls notin, which concatenates eigh...

5.9AI score
Exploits0References6
ossf
ossf
added 2026/06/20 7:24 p.m.13 views

Malicious code in d0rk3r (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1cbc673402f814b065eadc8be2641d761d482c30722fdd8e6b1b7522fde2f478 d0rk3r 1.0.5 is advertised as a Shodan IP scraper with proxy rotation, but the sdist ships no Python source — only LICENSE, README, pyproject.toml,...

6AI score
Exploits0References17
osv
osv
added 2026/06/20 7:24 p.m.10 views

MAL-2026-6246 Malicious code in d0rk3r (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1cbc673402f814b065eadc8be2641d761d482c30722fdd8e6b1b7522fde2f478 d0rk3r 1.0.5 is advertised as a Shodan IP scraper with proxy rotation, but the sdist ships no Python source — only LICENSE, README, pyproject.toml,...

6.1AI score
Exploits0References17
ossf
ossf
added 2026/06/20 7:8 p.m.16 views

Malicious code in d0rk3r-telemetry (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector da4542d225ef144ecc5df2f578104ffc12659196c57b2214ecb54f60620601c6 On import d0rk3rtelemetry, the package spawns a background thread that reads installer-owned secrets and POSTs them to an attacker-controlled endpoin...

6AI score
Exploits0References3
osv
osv
added 2026/06/20 7:8 p.m.11 views

MAL-2026-6244 Malicious code in d0rk3r-telemetry (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector da4542d225ef144ecc5df2f578104ffc12659196c57b2214ecb54f60620601c6 On import d0rk3rtelemetry, the package spawns a background thread that reads installer-owned secrets and POSTs them to an attacker-controlled endpoin...

6AI score
Exploits0References3
ossf
ossf
added 2026/06/20 6:47 p.m.12 views

Malicious code in request-cache-py (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector eafb96e46544cb1351d26caf52bff79055bc205a1f8454737b677fff8fbc6fea request-cache-py impersonates the legitimate requests-cache HTTP caching library. On import requestcachepy, the package's init.py starts a background...

6.1AI score
Exploits0References12
osv
osv
added 2026/06/20 6:47 p.m.9 views

MAL-2026-6245 Malicious code in request-cache-py (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector eafb96e46544cb1351d26caf52bff79055bc205a1f8454737b677fff8fbc6fea request-cache-py impersonates the legitimate requests-cache HTTP caching library. On import requestcachepy, the package's init.py starts a background...

6.1AI score
Exploits0References12
ossf
ossf
added 2026/06/17 9:32 p.m.15 views

Malicious code in syncagents (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector aebf468a6887fb09002d4ae4aceab77e347034b389b02e252844f7d0d81fabd6 The PyPI package 'syncagents' impersonates the legitimate PyPI package 'agentsync' — the README, PKG-INFO, CHANGELOG, and project URLs all point at...

5.9AI score
Exploits0References6
osv
osv
added 2026/06/17 9:32 p.m.21 views

MAL-2026-6083 Malicious code in syncagents (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector aebf468a6887fb09002d4ae4aceab77e347034b389b02e252844f7d0d81fabd6 The PyPI package 'syncagents' impersonates the legitimate PyPI package 'agentsync' — the README, PKG-INFO, CHANGELOG, and project URLs all point at...

5.9AI score
Exploits0References6
ossf
ossf
added 2026/06/15 3:50 p.m.19 views

Malicious code in sam-package (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 26e593046a8f405a1a571d19aaa6bd46db57c4a22fce4b9acfc114dd4eb8ffb6 [email protected] is a malicious package whose only purpose is to deliver a prompt-injection payload targeting AI coding assistants Copilot, Cursor,...

5.4AI score
Exploits0References19
ossf
ossf
added 2026/06/11 9:23 p.m.13 views

Malicious code in pylogxo (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bbeee018f429f5a978b85aa3999c8e24251a85dc787b1e4fd673abcabf157800 On import pylogx, the package spawns a background thread that sleeps 5-20 seconds, force-installs sensitive third-party packages cryptography,...

5.9AI score
Exploits0References3
osv
osv
added 2026/06/11 9:23 p.m.12 views

MAL-2026-5679 Malicious code in pylogxo (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bbeee018f429f5a978b85aa3999c8e24251a85dc787b1e4fd673abcabf157800 On import pylogx, the package spawns a background thread that sleeps 5-20 seconds, force-installs sensitive third-party packages cryptography,...

6AI score
Exploits0References3
osv
osv
added 2026/06/09 3:16 p.m.10 views

MAL-2026-5342 Malicious code in kecak256 (npm)

kecak256 is a typosquat of the popular keccak256 package one c dropped that ships a credential-stealing payload executed automatically on install. The package spoofs the legitimate keccak256 project — author "Miguel Mota", matching description, README, and keywords — and includes a benign decoy...

6.2AI score
Exploits0References6
ossf
ossf
added 2026/06/08 7:20 p.m.16 views

Malicious code in nerfstudio-gs (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 68238d06ff6ba3548296464666c6d1390341e99d19ee053f7b36170a5e266d71 No suspicious behaviors were observed in this package version. No install-time network activity, no credential or environment scraping, no obfuscated...

6.2AI score
Exploits0References2
osv
osv
added 2026/06/08 7:20 p.m.11 views

MAL-2026-5333 Malicious code in nerfstudio-gs (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 68238d06ff6ba3548296464666c6d1390341e99d19ee053f7b36170a5e266d71 No suspicious behaviors were observed in this package version. No install-time network activity, no credential or environment scraping, no obfuscated...

6.3AI score
Exploits0References2
redhatcve
redhatcve
added 2026/06/05 7:42 p.m.9 views

CVE-2025-10503

The authentication endpoint accepts user-supplied input without enforcing expected validation constraints, leading to a lack of proper output encoding. This allows for the injection of malicious JavaScript payloads, enabling reflected cross-site scripting. An attacker can leverage this...

6.1CVSS5AI score0.00173EPSS
Exploits0References1
Rows per page
Query Builder