Lucene search
+L

745 matches found

CNNVD
CNNVD
added 2026/06/11 12:0 a.m.15 views

GitLab 处理逻辑错误漏洞

GitLab Enterprise Edition EE and GitLab Community Edition CE are products of the American company GitLab. GitLab Enterprise Edition is a content management system. GitLab Community Edition is a community version of GitLab. There were security vulnerabilities in versions prior to 17.0, 18.11,...

4.3CVSS5.9AI score0.0022EPSS
Exploits0References2
OSV
OSV
added 2026/06/09 8:32 p.m.25 views

MAL-2026-5466 Malicious code in getd-eslint-rules (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 17328047b2ec8dce82cfbdfd5b16c8f862d51dca26b02c9801587c220a48975a On npm install, postinstall.js collects host identifiers os.hostname, os.userInfo username, os.platform, current working directory, CI environment...

6.1AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/09 8:32 p.m.12 views

Malicious code in getd-pantallas-cliente (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 89a26267435645776aa984be114d5c657e63fa9937ff044e5ddd24943b28ea6e On npm install, postinstall.js collects os.hostname, os.userInfo.username, os.platform, process.cwd, and CI/build environment variables and sends the...

6.1AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/09 8:29 p.m.17 views

Malicious code in getd-typescript-eslint-rules (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector caed4b0db34232c4ef920817b6087cee9ac0610ec4ec2e49edbb5f167342f42f On npm install, the postinstall.js script collects the installer's hostname, OS username, platform, current working directory, CI environment markers...

6.1AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/09 8:29 p.m.14 views

Malicious code in getd-ui-library (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fcdbf66757b102ed524f01c498adae819b02968aa455f57316f4e08af1fb9ea0 On npm install, postinstall.js runs unconditionally scripts.postinstall = 'node postinstall.js' and sends an HTTPS GET to a hardcoded webhook.site UR...

6.1AI score
Exploits0References2
OSV
OSV
added 2026/06/09 8:29 p.m.11 views

MAL-2026-5471 Malicious code in getd-ui-library (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fcdbf66757b102ed524f01c498adae819b02968aa455f57316f4e08af1fb9ea0 On npm install, postinstall.js runs unconditionally scripts.postinstall = 'node postinstall.js' and sends an HTTPS GET to a hardcoded webhook.site UR...

6.1AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/09 8:28 p.m.14 views

Malicious code in getui-library (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bf281a31a53827497d9a24ff0602f277b568f495a00c14603c3e9bf11a30327a On npm install, postinstall.js issues an HTTPS GET to https://webhook.site/18dc4281-d366-438a-9186-76fbcd56ade5 with query parameters containing the...

6.1AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/09 8:28 p.m.20 views

Malicious code in getd-content-management (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 44eb41541c340c710ad8afc366ab4642d3809d8d9afef53b99e3704b9dfb684b The unscoped package name 'getd-content-management' impersonates the legitimate @getd/ npm scope acknowledged in the package's own README. On npm...

6.1AI score
Exploits0References2
OSV
OSV
added 2026/06/09 8:28 p.m.12 views

MAL-2026-5465 Malicious code in getd-content-management (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 44eb41541c340c710ad8afc366ab4642d3809d8d9afef53b99e3704b9dfb684b The unscoped package name 'getd-content-management' impersonates the legitimate @getd/ npm scope acknowledged in the package's own README. On npm...

6.1AI score
Exploits0References2
OSV
OSV
added 2026/06/09 4:7 p.m.13 views

MAL-2026-5389 Malicious code in @0xlr/stripe-frontend (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3eda7bf8681a6253ffc4bc965888e45c5374e4ba8d4fe2e17efcd0f227d7ce5e On npm install, postinstall.js enumerates every entry in process.env sorted, bundles it with hostname, username, homedir, cwd, argv, and platform/arc...

5.5AI score
Exploits0References1
OSV
OSV
added 2026/06/09 4:4 p.m.11 views

MAL-2026-5397 Malicious code in create-docs-mcp (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fd4381fd77419441a2eefe6b22adef6c9f5adfe1b92be5d071abd5908fdf8647 Package is published at version 9999.99.99 — the canonical high-version override used in dependency-confusion attacks against private/internal packag...

5.5AI score
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:25 p.m.12 views

CVE-2026-44972

GuardDog is a CLI tool to identify malicious PyPI packages. From 2.6.0 to 2.9.0, GuardDog includes attacker-controlled filenames, file locations, messages, and code snippets in its default human-readable output without escaping terminal control characters. A malicious package can therefore inject...

5CVSS5.5AI score0.00113EPSS
Exploits0References1
GithubExploit
GithubExploit
added 2026/06/05 6:34 p.m.92 views

Dirty-cow-exploit

System Documentation Architecture - Frontend: React 19...

7.2CVSS6AI score0.83524EPSS
Exploits83
GithubExploit
GithubExploit
added 2026/06/04 8:54 p.m.88 views

exploit-labs

exploit-labs Companion code for the Windows-security blog at...

5.9AI score
Exploits0
GithubExploit
GithubExploit
added 2026/06/04 7:39 p.m.97 views

exploit-validator

$repo Production-grade offensive security tool for Purpose...

5.8AI score
Exploits0
Microsoft Secure
Microsoft Secure
added 2026/06/03 4:45 a.m.23 views

Preinstall to persistence: Inside the Red Hat npm Miasma credential-stealing campaign

In this article 1. Attack chain overview 2. Mitigation and protection guidance 3. Learn more Microsoft Threat Intelligence identified a large-scale npm supply chain attack affecting 32 maliciously modified packages across more than 90 versions under the @redhat-cloud-services npm scope. The...

5.9AI score
Exploits0
Snyk
Snyk
added 2026/06/01 9:0 p.m.8 views

Malicious Package

Overview search-engine-setup is a malicious package. This package contains malicious code, and its content has been removed from the official package manager. While this package typosquats well-known libraries to impersonate valid open-source ecosystems, there is no connection between those...

9.8CVSS5.7AI score
Exploits0References2
Snyk
Snyk
added 2026/06/01 9:0 p.m.10 views

Malicious Package

Overview opensearch-security-scanner is a malicious package. This package contains malicious code, and its content has been removed from the official package manager. While this package typosquats well-known libraries to impersonate valid open-source ecosystems, there is no connection between tho...

9.8CVSS5.7AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/01 8:0 a.m.17 views

Malicious code in @customer-threesixty/assets (npm)

Dependency confusion attack campaign targeting Scandinavian telecommunications and digital services organizations Telenor, Ownit, Vimla, and Customer 360 / C360. Four packages published by the debating0166 npm account use inflated version numbers 99.0.x to win npm registry resolution over private...

5.8AI score
Exploits0
GithubExploit
GithubExploit
added 2026/06/01 5:19 a.m.105 views

aks-poc-setup

AKS Production-Grade POC Setup A comprehensive, production-re...

6.1AI score
Exploits0
Rows per page
Query Builder