Lucene search
K

736 matches found

OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/09 8:28 p.m.12 views

Malicious code in getd-content-management (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 44eb41541c340c710ad8afc366ab4642d3809d8d9afef53b99e3704b9dfb684b The unscoped package name 'getd-content-management' impersonates the legitimate @getd/ npm scope acknowledged in the package's own README. On npm...

5.5AI score
Exploits0References1
OSV
OSV
added 2026/06/09 8:28 p.m.10 views

MAL-2026-5465 Malicious code in getd-content-management (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 44eb41541c340c710ad8afc366ab4642d3809d8d9afef53b99e3704b9dfb684b The unscoped package name 'getd-content-management' impersonates the legitimate @getd/ npm scope acknowledged in the package's own README. On npm...

5.5AI score
Exploits0References1
OSV
OSV
added 2026/06/09 4:7 p.m.12 views

MAL-2026-5389 Malicious code in @0xlr/stripe-frontend (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3eda7bf8681a6253ffc4bc965888e45c5374e4ba8d4fe2e17efcd0f227d7ce5e On npm install, postinstall.js enumerates every entry in process.env sorted, bundles it with hostname, username, homedir, cwd, argv, and platform/arc...

5.5AI score
Exploits0References1
OSV
OSV
added 2026/06/09 4:4 p.m.10 views

MAL-2026-5397 Malicious code in create-docs-mcp (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fd4381fd77419441a2eefe6b22adef6c9f5adfe1b92be5d071abd5908fdf8647 Package is published at version 9999.99.99 — the canonical high-version override used in dependency-confusion attacks against private/internal packag...

5.5AI score
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:25 p.m.10 views

CVE-2026-44972

GuardDog is a CLI tool to identify malicious PyPI packages. From 2.6.0 to 2.9.0, GuardDog includes attacker-controlled filenames, file locations, messages, and code snippets in its default human-readable output without escaping terminal control characters. A malicious package can therefore inject...

5CVSS5.5AI score0.00113EPSS
Exploits0References1
GithubExploit
GithubExploit
added 2026/06/05 6:34 p.m.76 views

Dirty-cow-exploit

System Documentation Architecture - Frontend: React 19...

7.2CVSS6AI score0.83524EPSS
Exploits81
GithubExploit
GithubExploit
added 2026/06/04 8:54 p.m.73 views

exploit-labs

exploit-labs Companion code for the Windows-security blog at...

5.9AI score
Exploits0
GithubExploit
GithubExploit
added 2026/06/04 7:39 p.m.70 views

exploit-validator

$repo Production-grade offensive security tool for Purpose...

5.8AI score
Exploits0
Microsoft Secure
Microsoft Secure
added 2026/06/03 4:45 a.m.21 views

Preinstall to persistence: Inside the Red Hat npm Miasma credential-stealing campaign

In this article 1. Attack chain overview 2. Mitigation and protection guidance 3. Learn more Microsoft Threat Intelligence identified a large-scale npm supply chain attack affecting 32 maliciously modified packages across more than 90 versions under the @redhat-cloud-services npm scope. The...

5.9AI score
Exploits0
Snyk
Snyk
added 2026/06/01 9:0 p.m.6 views

Malicious Package

Overview search-engine-setup is a malicious package. This package contains malicious code, and its content has been removed from the official package manager. While this package typosquats well-known libraries to impersonate valid open-source ecosystems, there is no connection between those...

9.8CVSS5.7AI score
Exploits0References2
Snyk
Snyk
added 2026/06/01 9:0 p.m.10 views

Malicious Package

Overview opensearch-security-scanner is a malicious package. This package contains malicious code, and its content has been removed from the official package manager. While this package typosquats well-known libraries to impersonate valid open-source ecosystems, there is no connection between tho...

9.8CVSS5.7AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/01 8:0 a.m.13 views

Malicious code in @customer-threesixty/assets (npm)

Dependency confusion attack campaign targeting Scandinavian telecommunications and digital services organizations Telenor, Ownit, Vimla, and Customer 360 / C360. Four packages published by the debating0166 npm account use inflated version numbers 99.0.x to win npm registry resolution over private...

5.8AI score
Exploits0
GithubExploit
GithubExploit
added 2026/06/01 5:19 a.m.89 views

aks-poc-setup

AKS Production-Grade POC Setup A comprehensive, production-re...

6.1AI score
Exploits0
CNNVD
CNNVD
added 2026/05/29 12:0 a.m.9 views

JetBrains TeamCity 代码问题漏洞

JetBrains TeamCity is a set of distributed build management and continuous integration tools developed by the Czech company JetBrains. This tool offers features such as continuous unit testing, code quality analysis, and reporting on build issues. Versions of JetBrains TeamCity prior to 2026.1 an...

7.5CVSS5.9AI score0.00287EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/05/29 12:0 a.m.8 views

Linux Distros Unpatched Vulnerability : CVE-2026-8716

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GitLab has remediated an issue in GitLab CE/EE affecting all versions from 12.7 before 18.10.7, 18.11 before 18.11.4, and 19.0 before 19.0.1 that under certain...

4.3CVSS5.8AI score0.00187EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/28 8:2 p.m.12 views

Directory Traversal

Overview shamefile is a Turn linter suppressions from silent technical debt into reviewable, documented decisions. Affected versions of this package are vulnerable to Directory Traversal via the shame next process when processing a user-controlled shamefile.yaml. An attacker can disclose the...

6.8CVSS6.3AI score0.00013EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/05/28 8:2 p.m.10 views

Shamefile has an arbitrary file read via shamefile.yaml in shame next

Impact A path traversal vulnerability in shame next allows an attacker-controlled shamefile.yaml to disclose contents of files outside the repository, one line at a time, to the terminal of a user who runs the command. See patch commit for technical details. Patches Fixed in 0.1.7. Upgrade to...

5.8AI score0.00013EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2026/05/28 9:12 a.m.11 views

BIT-GITLAB-2026-8716 Use of Incorrectly-Resolved Name or Reference in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 12.7 before 18.10.7, 18.11 before 18.11.4, and 19.0 before 19.0.1 that under certain conditions could have allowed an authenticated user to access CI data from a different ref type than intended...

4.3CVSS5.8AI score0.00187EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/05/27 5:54 p.m.39 views

CVE-2026-8716 Use of Incorrectly-Resolved Name or Reference in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 12.7 before 18.10.7, 18.11 before 18.11.4, and 19.0 before 19.0.1 that under certain conditions could have allowed an authenticated user to access CI data from a different ref type than intended...

4.3CVSS0.00187EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/27 5:54 p.m.13 views

EUVD-2026-32617

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 12.7 before 18.10.7, 18.11 before 18.11.4, and 19.0 before 19.0.1 that under certain conditions could have allowed an authenticated user to access CI data from a different ref type than intended...

4.3CVSS5.8AI score0.00187EPSS
Exploits0References2
Rows per page
Query Builder