Lucene search
K

1207 matches found

OSSF Malicious Packages
OSSF Malicious Packages
added yesterday4 views

Malicious code in @sauruslord/libsignal (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b0c2cf2672d98396a7b66cb732741d269732f5faae72293ea46e06b879e7a45b Package name impersonates Open Whisper Systems' libsignal-node but ships unrelated code. On require of index.js, after a 1-second delay, install.js...

6.1AI score
Exploits0References2
OSV
OSV
added yesterday4 views

MAL-2026-10653 Malicious code in webpack-session-cache (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0007695a788bff7d6d0a87ee48de6771c12a1e21241bd3fc0bc7b5509608533e The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...

6.1AI score
Exploits0References2
NVD
NVD
added 2 days ago3 views

CVE-2026-50462

External control of file name or path in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally...

7.8CVSS0.00313EPSS
Exploits0References1
NVD
NVD
added 2 days ago6 views

CVE-2026-54108

External control of file name or path in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network...

6.5CVSS0.00713EPSS
Exploits0References1
CVE
CVE
added 2 days ago10 views

CVE-2026-54108

CVE-2026-54108 affects Microsoft SharePoint Server. An authorized attacker can influence a file name or path in SharePoint, enabling network-based spoofing. CVSS v3.1: 6.5 (MEDIUM), AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N. Root cause details are not provided in the supplied documents; no exploitation...

6.5CVSS6.1AI score0.00713EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2 days ago8 views

CVE-2026-55002

Technical details about CVE-2026-55002 are not publicly available in the provided documents. Monitor for updates.

7.8CVSS6AI score0.00241EPSS
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2 days ago6 views

Malicious code in sight-bind (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 398788014436c7e95df3045f9b32398c3de46b8c9275c0437e44bda1dcb6cc00 The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...

6.1AI score
Exploits0References2
OSV
OSV
added 3 days ago2 views

MAL-2026-10468 Malicious code in nodemon-sync (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bf8b1d5b3dd215c6c8d726b73ad11fbb29e7285da9a7e88854552931f750d437 The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...

6.1AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 3 days ago8 views

Malicious code in prettier-plugin-base (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6e4c522699877c1eca1bb9c838a443e3c4bfa21950cf5c5b1d23182ae91a534e The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...

6.1AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 3 days ago5 views

Malicious code in abuden213 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a014a046e0516c12f5b1d7dcebebc2451633c4987fd3c96aae43229501ede141 The tarball ships auto-publish.sh, a script that republishes the same payload under 100 distinct npm names ishowfeet1-ishowfeet20, nottuff1-nottuff30...

6.2AI score
Exploits0References4
OSSF Malicious Packages
OSSF Malicious Packages
added 3 days ago5 views

Malicious code in testdonotredeemit (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b9f9461b13f64b90e569dcc6354708559128c23f4e47e4ac5842b46ce0fb6ed2 The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...

6.1AI score
Exploits0References4
OSSF Malicious Packages
OSSF Malicious Packages
added 3 days ago5 views

Malicious code in abuden1 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 366c27a7f56562405e9af37dcb6a78fa8f535af50e9ecd68ec559fbb1f80f5d7 The tarball ships auto-publish.sh, a script that republishes the same payload under 100 distinct npm names ishowfeet1-ishowfeet20, nottuff1-nottuff30...

6.2AI score
Exploits0References4
OSSF Malicious Packages
OSSF Malicious Packages
added 3 days ago5 views

Malicious code in nottuff3 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1adec69437876499397efaf931f1aa569a8cb462462b673145b664c564701060 The tarball ships auto-publish.sh, a script that republishes the same payload under 100 distinct npm names ishowfeet1-ishowfeet20, nottuff1-nottuff30...

6.2AI score
Exploits0References4
OSSF Malicious Packages
OSSF Malicious Packages
added 3 days ago5 views

Malicious code in abuden3 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 24491a69d293bf42c8f7a0f379f5e77600880d2fcd9c5b5ce9f0021b07b987f1 The tarball ships auto-publish.sh, a script that republishes the same payload under 100 distinct npm names ishowfeet1-ishowfeet20, nottuff1-nottuff30...

6.2AI score
Exploits0References4
OSSF Malicious Packages
OSSF Malicious Packages
added 3 days ago5 views

Malicious code in whatsadmaidk (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 604f59cbac58a8e35ba82016c72efe0c02226eec9273e96ee9215dd72cbe0392 The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...

6.1AI score
Exploits0References2
OSV
OSV
added 3 days ago3 views

MAL-2026-10299 Malicious code in crazynut (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 99acc5fd6f39abd90d81467df8fe55d92230edd286a12d9f628ad6f9c1c34a9a The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...

6.1AI score
Exploits0References2
OSV
OSV
added 3 days ago3 views

MAL-2026-10361 Malicious code in omglucidesotuff (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d144d98f0e90909ee371acfeeec0ad2ffe44450335ddf7f7a58f71a53dc7b107 The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...

6.1AI score
Exploits0References2
CVE
CVE
added 6 days ago52 views

CVE-2026-14480

CVE-2026-14480 affects OpenPLC Runtime v3. An authenticated user can write arbitrary files via the legacy web UI program-upload workflow by storing a attacker-controlled filename (prog_file) that is later used as the destination path. Python os.path.join() honors absolute paths, enabling writes a...

9.9CVSS6.2AI score0.00616EPSS
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 6 days ago8 views

Malicious code in execfences (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 974c5744c98a462c30d6c8dd3ca078461dc172244203e85d5290fa05660d2d1c The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...

6.1AI score
Exploits0References8
OSSF Malicious Packages
OSSF Malicious Packages
added last week8 views

Malicious code in n8n-nodes-mcputils (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fa6d921f2167545e1c8e1a4dfa9981a2b9ce2878b1406608d4673aadd00a761b The package poses as an n8n community node for MCP utility helpers but performs unrelated binary-dropper actions. The postinstall lifecycle script ru...

5.9AI score
Exploits0References2
Rows per page
Query Builder