Lucene search
K

452 matches found

OSV
OSV
added 2 days ago5 views

MAL-2026-10476 Malicious code in @gleamkit/engine.io (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 008464ca4d7ba15b4b8c6d3a979586c61bd527aef3a209571d28c0ba912403ae The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...

6.1AI score
Exploits0References4
OSSF Malicious Packages
OSSF Malicious Packages
added 2 days ago3 views

Malicious code in nottuff2 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2505cd60f257bd1c69e2bd6ccbaa987e2045a453adb8c0e1c529c34afade95c7 The tarball ships auto-publish.sh, a script that republishes the same payload under 100 distinct npm names ishowfeet1-ishowfeet20, nottuff1-nottuff30...

6.2AI score
Exploits0References4
OSSF Malicious Packages
OSSF Malicious Packages
added 2 days ago3 views

Malicious code in nottuff11 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4435156ef39093b21f7d28e37ef0445d66c02c6267b9c364d493a7856168f426 The tarball ships auto-publish.sh, a script that republishes the same payload under 100 distinct npm names ishowfeet1-ishowfeet20, nottuff1-nottuff30...

6.2AI score
Exploits0References4
OSV
OSV
added 2026/06/11 4:4 a.m.12 views

MAL-2026-5584 Malicious code in justgetit (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f6e3691bf83f31d1f1dd45e3224151455cbcf6b03acf1d50a25a96eb69ef3065 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.5AI score
Exploits0References1
OSV
OSV
added 2026/05/29 10:2 p.m.11 views

MAL-2026-5060 Malicious code in chai-extensions-extras (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 2d91953781373f4257c01ae16e16329a5e35acfc2c30eddae881f73f8ebceaea Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.8AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/29 6:37 a.m.18 views

Malicious code in tiny-naturalsort (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 5ecbb6057e556f6985eb20768788e9f7dcf6146b3fdbe703653ce0d52c2a4a31 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.8AI score
Exploits0References1
OSV
OSV
added 2026/05/19 3:24 p.m.9 views

MAL-2026-4173 Malicious code in is-really-odd (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 7f205432fff885dce7a6dee0e8d1267c65944d3e486abd566683caeaad833692 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.8AI score
Exploits0References1
OSV
OSV
added 2026/05/12 3:26 a.m.6 views

MAL-2026-3532 Malicious code in @uipath/apollo-react (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 235b3abc1afad9d8a47430183286bbef61e16f74be20b29c7d967a8d528ecdf4 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.8AI score
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/04/13 12:0 a.m.10 views

PT-2026-32434

Improper Limitation of a Pathname to a Restricted Directory CWE-22 in Logstash can lead to arbitrary file write and potentially remote code execution via Relative Path Traversal CAPEC-139. The archive extraction utilities used by Logstash do not properly validate file paths within compressed...

8.1CVSS6.5AI score0.00545EPSS
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/03/20 1:28 a.m.9 views

Malicious code in big-nunber (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f23ede1c7b10923f9db48acb43cc160860b18e8be59b8bd2a26109ac8495ddd0 The package big-nunber was found to contain malicious code. Source: ghsa-malware af922fdcf3519d03326fd29435ab7bb179a1505a9082641e92a2f77f98332974 Any...

5.7AI score
Exploits0References1
OSV
OSV
added 2026/03/16 3:51 p.m.6 views

MAL-2026-1473 Malicious code in aesdecryptor (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2ac66c3676fdc79338dd38b32cacdd68d6f86e097c163eb1e8e4bd556de82c69 The package aesdecryptor was found to contain malicious code. Source: ghsa-malware 67de86e4e1b93130bb4f76480f236f202b1f257067eaf1ca02d3c565c2fc8edb A...

5.7AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/03/16 12:0 a.m.7 views

Malicious code in undeclared-variables-check (npm)

The package 'undeclared-variables-check' is part of the PhantomRaven supply chain attack campaign Wave 2. It uses a Remote Dynamic Dependency RDD technique: the published package appears benign but includes a URL-based dependency in package.json pointing to an attacker-controlled C2 server...

5.5AI score
Exploits0References3
OSV
OSV
added 2026/03/16 12:0 a.m.3 views

MAL-2026-1574 Malicious code in transform-spread (npm)

The package 'transform-spread' is part of the PhantomRaven supply chain attack campaign Wave 3. It uses a Remote Dynamic Dependency RDD technique: the published package appears benign but includes a URL-based dependency in package.json pointing to an attacker-controlled C2 server...

5.6AI score
Exploits0References3
OSV
OSV
added 2026/03/10 1:4 a.m.3 views

MAL-2026-1308 Malicious code in iron-image (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 64bb41903e84d6a7adabb1c7268258090468e2e83e6f31fb679d594e8266f79e The package iron-image was found to contain malicious code. Source: ghsa-malware 11a0db876976d8589a7d975fb9c112f6569a4fc2708fb21c378166c2a1f8d204 Any...

5.7AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/02/20 4:59 p.m.8 views

Malicious code in parse-compat (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f14189ba3007a51617df87911f83c0c765d38bf6abe23b5aecbbe60cd8646c0a The package parse-compat was found to contain malicious code. Source: ghsa-malware 90a657719347c80f56dab387dd9beb25be7af98e9580382365a65feb0fd53243 A...

5.6AI score
Exploits0References1
Packet Storm News
Packet Storm News
added 2026/01/30 12:0 a.m.6 views

Windows Registry Run Persistence

This Metasploit module is a Windows persistence module designed to maintain access to a compromised system after a successful exploitation and an active Meterpreter session has been obtained...

5.8AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/01/27 7:57 a.m.8 views

Malicious code in n8n-nodes-gg-udhasudsh-hgjkhg-official (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1f177f9d8bad0a259983bc9f3e0880c59ee120b1e686e3f10b490ab0527beec3 The package n8n-nodes-gg-udhasudsh-hgjkhg-official was found to contain malicious code. Source: ghsa-malware...

5.8AI score
Exploits0References1
OSV
OSV
added 2026/01/21 4:39 a.m.6 views

MAL-2026-422 Malicious code in oce-icons (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5b843dd5f2dd468eea116bc6b01258c72903738ea423def44e73bbee3e0a477f The package oce-icons was found to contain malicious code. Source: ghsa-malware e946a5aefa4f4734044a2667883bff32c43c93401630708063066e1348fb2b25 Any...

5.5AI score
Exploits0References1
OSV
OSV
added 2026/01/21 4:34 a.m.7 views

MAL-2026-405 Malicious code in anthropic-sdk (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 49a0221a103a31cc2bf5e4f6c7d5fc7e0a8cbb2128d06aafe849e2c0df492fa8 The package anthropic-sdk was found to contain malicious code. Source: ghsa-malware fb69378ea2c4bf83cabc021e0e00f2cc8f87b8d9ddfd536f6e0285d10dbf4daf...

5.5AI score
Exploits0References1
OSV
OSV
added 2026/01/08 4:58 a.m.5 views

MAL-2026-157 Malicious code in test-thegenetic-module (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9a1aa78e95a98adc8d2ce9a727c53e49e1a1cd5d91a052d5aadcb2ead7afe050 The package test-thegenetic-module was found to contain malicious code. Source: ghsa-malware...

6.8AI score
Exploits0References1
Rows per page
Query Builder