Lucene search
K

883 matches found

OSSF Malicious Packages
OSSF Malicious Packages
added yesterday3 views

Malicious code in abuden219 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1de0c667d7c3cbfd4c96728443db8ac059d53487498341bd937cf2aaf738574a The tarball ships auto-publish.sh, a script that republishes the same payload under 100 distinct npm names ishowfeet1-ishowfeet20, nottuff1-nottuff30...

6.2AI score
Exploits0References4
OSSF Malicious Packages
OSSF Malicious Packages
added yesterday3 views

Malicious code in abuden2 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 01fc679091d0bd079249822993efce7f3ed4ef7d032c73f9aa730a6259f76cb6 The tarball ships auto-publish.sh, a script that republishes the same payload under 100 distinct npm names ishowfeet1-ishowfeet20, nottuff1-nottuff30...

6.2AI score
Exploits0References4
OSSF Malicious Packages
OSSF Malicious Packages
added yesterday4 views

Malicious code in ishowfeet19 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 18bc2a7c89f862926aab27d42ebc31ed5c39f90197170a9b87e1dca9ecf933f5 The tarball ships auto-publish.sh, a script that republishes the same payload under 100 distinct npm names ishowfeet1-ishowfeet20, nottuff1-nottuff30...

6.2AI score
Exploits0References4
OSSF Malicious Packages
OSSF Malicious Packages
added yesterday2 views

Malicious code in imillegal1 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 85b8bddd4b8345bfaacf5ad511276da43344de0033bc312123620aa6cc6e4366 The tarball ships auto-publish.sh, a script that republishes the same payload under 100 distinct npm names ishowfeet1-ishowfeet20, nottuff1-nottuff30...

6.2AI score
Exploits0References4
OSV
OSV
added last week5 views

MAL-2026-6920 Malicious code in crypto-base58 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b7da752b2532b67e824f8904ffce7618b074a6a58746099b36b4ee547d936c8d The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...

6.1AI score
Exploits0References6
Cvelist
Cvelist
added 2026/07/06 9:17 p.m.36 views

CVE-2026-42204 Coolify: Authenticated RCE via SHELL_SAFE_COMMAND_PATTERN regression → host root

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. From 4.0.0-beta.471 through 4.0.0-beta.473, a regression in SHELLSAFECOMMANDPATTERN allowed ampersands in custom Docker Compose build, start, and pre/post-deployment command fields, allowing an...

8.8CVSS0.00359EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/07/02 12:0 a.m.12 views

PT-2026-55261

Name of the Vulnerable Software and Affected Versions Dockwatch versions prior to 0.6.568 Description An unauthenticated OS command injection exists that allows remote attackers to execute arbitrary shell commands. The issue arises from a chain of two bugs: a missing exit function after an...

9.8CVSS6.3AI score0.0119EPSS
Exploits0References8
OSV
OSV
added 2026/06/29 4:50 p.m.5 views

MAL-2026-6622 Malicious code in @gallup/pc-utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware eca755b4cbe794ce9b1389cff974fb13df6325eeb2eb658ca64a7bb7ee734b8b Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.8AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/29 4:50 p.m.10 views

Malicious code in @experian-shared/services (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 0b9781b2089d3aeafbedfe7c81af43904472553991bd7e50695ab301d4529eaa Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.8AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/29 4:50 p.m.9 views

Malicious code in @huobi-ui/activity-components (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a2dc07679f0c801fbb465a2502687e29ed687871964c5d84c0dd5f2b7f94e8ad Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.8AI score
Exploits0References1
OSV
OSV
added 2026/06/29 11:50 a.m.6 views

PYSEC-2026-564 OpenStack Vitrage: Unauthorized Access to the Host can Lead to Eval Injection

In the query parser in OpenStack Vitrage before 12.0.1, 13.0.0, 14.0.0, and 15.0.0, a user allowed to access the Vitrage API may trigger code execution on the Vitrage service host as the user the Vitrage service runs under. This may result in unauthorized access to the host and further compromise...

9.1CVSS7.7AI score0.00763EPSS
Exploits2References8
OSV
OSV
added 2026/06/26 6:33 p.m.2 views

GHSA-48Q5-W887-33WV Incus has a restricted project bypass leading to arbitrary command execution

Summary Instance snapshots ignore the restricted.containers.lowlevel=block setting; allowing for arbitrary command execution on the Incus server by abusing lowlevel hooks such as raw.lxc and raw.qemu. Details Instance snapshots ignore the restricted.containers.lowlevel=block setting; allowing for...

9.9CVSS6.2AI score
Exploits0References2
OSV
OSV
added 2026/06/26 6:31 p.m.4 views

GHSA-2Q3F-Q5PQ-G8WV Incus has an arbitrary file read+write on host via rootfs/ symlink in malicious image

Summary A specially crafted image can be used to read or create/write arbitrary files on the host; possibly leading to arbitrary command execution. Details Incus validates an image as soon as it sees a normal metadata.yaml and a rootfs/ entry, but full extraction can later process a duplicate...

9.9CVSS6AI score
Exploits0References2
OSV
OSV
added 2026/06/25 2:16 a.m.8 views

MAL-2026-6413 Malicious code in poc-publish-test-su-doughnym (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3e75d35af77b8871936717cc37537673789177cdd056f7f4d2c21c32b2be5f65 Package contains no observed installer-side harmful behavior. No exfiltration, no install-time fetch-and-execute, no silent-relay, no credential...

6.1AI score
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/22 12:0 a.m.18 views

PT-2026-51298

Name of the Vulnerable Software and Affected Versions IBM Langflow OSS versions 1.0.0 through 1.9.3 Description Improper isolation of Python execution combined with an authentication bypass allows an unauthenticated remote attacker to execute arbitrary code on the host system, leading to a comple...

10CVSS6.5AI score0.00502EPSS
Exploits0References12
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/19 8:8 a.m.12 views

Malicious code in assert-kit (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6e21fa9c37e9944a00f7e85c7476f8fd4dc6bcd1f8fcd064a90488ef93d5bd12 [email protected] impersonates the chai assertion library bundles chai's source, contributors, and API surface under a different author and homepage...

6AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/17 6:27 p.m.12 views

Malicious code in @mastra/redis (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e9691125da52a04efba450b4c5dcbebe08a604a54f2e9420d95ce17f782f2728 The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...

5.9AI score
Exploits0References2
OSV
OSV
added 2026/06/17 11:7 a.m.10 views

MAL-2026-6056 Malicious code in @mastra/react (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bb2d86bcc71a172b3b3abf321bea01e031f13fcbd7cf94c490a5735f02f6dc8f The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...

6.1AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/17 5:1 a.m.18 views

Malicious code in @mastra/otel-exporter (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b1998b4d1e4f2d960197b14f573628777e4456ff374f007ac39cca273a206aea The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...

5.9AI score
Exploits0References2
OSV
OSV
added 2026/06/17 3:12 a.m.10 views

MAL-2026-5949 Malicious code in @mastra/fastify (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1ba29e7c4e2320b4f5852c18ded92c92021cfbc47d5bf8146b1a93ffa58260c7 The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...

6.1AI score
Exploits0References2
Rows per page
Query Builder