745 matches found
GitLab 处理逻辑错误漏洞
GitLab Enterprise Edition EE and GitLab Community Edition CE are products of the American company GitLab. GitLab Enterprise Edition is a content management system. GitLab Community Edition is a community version of GitLab. There were security vulnerabilities in versions prior to 17.0, 18.11,...
MAL-2026-5466 Malicious code in getd-eslint-rules (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 17328047b2ec8dce82cfbdfd5b16c8f862d51dca26b02c9801587c220a48975a On npm install, postinstall.js collects host identifiers os.hostname, os.userInfo username, os.platform, current working directory, CI environment...
Malicious code in getd-pantallas-cliente (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 89a26267435645776aa984be114d5c657e63fa9937ff044e5ddd24943b28ea6e On npm install, postinstall.js collects os.hostname, os.userInfo.username, os.platform, process.cwd, and CI/build environment variables and sends the...
Malicious code in getd-typescript-eslint-rules (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector caed4b0db34232c4ef920817b6087cee9ac0610ec4ec2e49edbb5f167342f42f On npm install, the postinstall.js script collects the installer's hostname, OS username, platform, current working directory, CI environment markers...
Malicious code in getd-ui-library (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fcdbf66757b102ed524f01c498adae819b02968aa455f57316f4e08af1fb9ea0 On npm install, postinstall.js runs unconditionally scripts.postinstall = 'node postinstall.js' and sends an HTTPS GET to a hardcoded webhook.site UR...
MAL-2026-5471 Malicious code in getd-ui-library (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fcdbf66757b102ed524f01c498adae819b02968aa455f57316f4e08af1fb9ea0 On npm install, postinstall.js runs unconditionally scripts.postinstall = 'node postinstall.js' and sends an HTTPS GET to a hardcoded webhook.site UR...
Malicious code in getui-library (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bf281a31a53827497d9a24ff0602f277b568f495a00c14603c3e9bf11a30327a On npm install, postinstall.js issues an HTTPS GET to https://webhook.site/18dc4281-d366-438a-9186-76fbcd56ade5 with query parameters containing the...
Malicious code in getd-content-management (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 44eb41541c340c710ad8afc366ab4642d3809d8d9afef53b99e3704b9dfb684b The unscoped package name 'getd-content-management' impersonates the legitimate @getd/ npm scope acknowledged in the package's own README. On npm...
MAL-2026-5465 Malicious code in getd-content-management (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 44eb41541c340c710ad8afc366ab4642d3809d8d9afef53b99e3704b9dfb684b The unscoped package name 'getd-content-management' impersonates the legitimate @getd/ npm scope acknowledged in the package's own README. On npm...
MAL-2026-5389 Malicious code in @0xlr/stripe-frontend (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3eda7bf8681a6253ffc4bc965888e45c5374e4ba8d4fe2e17efcd0f227d7ce5e On npm install, postinstall.js enumerates every entry in process.env sorted, bundles it with hostname, username, homedir, cwd, argv, and platform/arc...
MAL-2026-5397 Malicious code in create-docs-mcp (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fd4381fd77419441a2eefe6b22adef6c9f5adfe1b92be5d071abd5908fdf8647 Package is published at version 9999.99.99 — the canonical high-version override used in dependency-confusion attacks against private/internal packag...
CVE-2026-44972
GuardDog is a CLI tool to identify malicious PyPI packages. From 2.6.0 to 2.9.0, GuardDog includes attacker-controlled filenames, file locations, messages, and code snippets in its default human-readable output without escaping terminal control characters. A malicious package can therefore inject...
Dirty-cow-exploit
System Documentation Architecture - Frontend: React 19...
exploit-labs
exploit-labs Companion code for the Windows-security blog at...
exploit-validator
$repo Production-grade offensive security tool for Purpose...
Preinstall to persistence: Inside the Red Hat npm Miasma credential-stealing campaign
In this article 1. Attack chain overview 2. Mitigation and protection guidance 3. Learn more Microsoft Threat Intelligence identified a large-scale npm supply chain attack affecting 32 maliciously modified packages across more than 90 versions under the @redhat-cloud-services npm scope. The...
Malicious Package
Overview search-engine-setup is a malicious package. This package contains malicious code, and its content has been removed from the official package manager. While this package typosquats well-known libraries to impersonate valid open-source ecosystems, there is no connection between those...
Malicious Package
Overview opensearch-security-scanner is a malicious package. This package contains malicious code, and its content has been removed from the official package manager. While this package typosquats well-known libraries to impersonate valid open-source ecosystems, there is no connection between tho...
Malicious code in @customer-threesixty/assets (npm)
Dependency confusion attack campaign targeting Scandinavian telecommunications and digital services organizations Telenor, Ownit, Vimla, and Customer 360 / C360. Four packages published by the debating0166 npm account use inflated version numbers 99.0.x to win npm registry resolution over private...
aks-poc-setup
AKS Production-Grade POC Setup A comprehensive, production-re...