Lucene search
K

716 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2025-23067

Malicious code in bioql PyPI...

4CVSS6.3AI score0.00198EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2024-0396

Malicious code in bioql PyPI...

8.8CVSS8.6AI score0.01537EPSS
Exploits1References7
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2024-52593

Malicious code in bioql PyPI...

3.3CVSS7.5AI score0.00214EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2025-25134

Malicious code in bioql PyPI...

9.3CVSS6.5AI score0.00344EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2025/09/23 12:29 a.m.7 views

Our plan for a more secure npm supply chain

Open source software is the bedrock of the modern software industry. Its collaborative nature and vast ecosystem empower developers worldwide, driving efficiency and progress at an unprecedented scale. This scale also presents unique vulnerabilities that are continually tested and under attack by...

7.1AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/09/19 12:0 a.m.3 views

Shai-Hulud npm Worm

Shai-Hulud is a self-replicating worm targeting the npm ecosystem. Once it compromises a developer machine or CI/CD runner, it harvests secrets and uses them to republish itself across multiple npm packages within hours. This advisory holds IoCs and further information...

6.9AI score
Exploits0
CISA
CISA
added 2025/09/18 12:0 p.m.7 views

CISA Releases Malware Analysis Report on Malicious Listener Targeting Ivanti Endpoint Manager Mobile Systems

Today, CISA released a Malware Analysis Report detailing the functionality of two sets of malware obtained from an organization compromised by cyber threat actors exploiting CVE-2025-4427link is external and CVE-2025-4428link is external in Ivanti Endpoint Manager Mobile Ivanti EPMM. The Malware...

8.8CVSS8.6AI score0.87529EPSS
Exploits10References3
Github Security Blog
Github Security Blog
added 2025/09/17 3:30 p.m.7 views

Jenkins has a log message injection vulnerability

In Jenkins 2.527 and earlier, LTS 2.516.2 and earlier, the log formatter that prepares log messages for console output including jenkins.log and equivalent does not restrict or transform the characters that can be inserted from user-specified content in log messages. This allows attackers able to...

5.3CVSS6.7AI score0.00335EPSS
Exploits0References4Affected Software1
Snyk
Snyk
added 2025/09/15 7:39 a.m.2 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. Compromised versions of this package contain a file called bundle.js that exfiltrates secrets from the user's accounts, including credentials and API tokens. It also downloads malicious files and repackages them...

9.8CVSS7AI score
Exploits0References2
Snyk
Snyk
added 2025/09/15 7:39 a.m.2 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. Compromised versions of this package contain a file called bundle.js that exfiltrates secrets from the user's accounts, including credentials and API tokens. It also downloads malicious files and repackages them...

9.8CVSS7AI score
Exploits0References2
Snyk
Snyk
added 2025/09/15 7:39 a.m.3 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. Compromised versions of this package contain a file called bundle.js that exfiltrates secrets from the user's accounts, including credentials and API tokens. It also downloads malicious files and repackages them...

9.8CVSS7AI score
Exploits0References2
The Hacker News
The Hacker News
added 2025/09/09 10:26 a.m.4 views

How Leading CISOs are Getting Budget Approval

It's budget season. Once again, security is being questioned, scrutinized, or deprioritized. If you're a CISO or security leader, you've likely found yourself explaining why your program matters, why a given tool or headcount is essential, and how the next breach is one blind spot away. But these...

6.8AI score
Exploits0
Talos Blog
Talos Blog
added 2025/09/08 10:0 a.m.10 views

Stopping ransomware before it starts: Lessons from Cisco Talos Incident Response

Over the past two and a half years January 2023 through June 2025, Cisco Talos Incident Response Talos IR has responded to numerous engagements that we classified as pre-ransomware incidents. Talos looked back to analyze what key security measures were credited with deterring ransomware deploymen...

8.1AI score
Exploits0
Gitee
Gitee
added 2025/09/06 3:36 p.m.120 views

Exploit for Deserialization of Untrusted Data in Siemens 6Bk1602-0Aa12-0Tp0_Firmware

This repository contains operational information regarding the vulnerability in the Log4j logging library CVE-2021-44228. The vulnerability allows an attacker to execute arbitrary code on a system by injecting malicious data into the logging system. The repository provides a list of known...

10CVSS8.9AI score0.99999EPSS
Exploits348
Gitee
Gitee
added 2025/09/06 1:52 a.m.94 views

Exploit for Deserialization of Untrusted Data in Siemens 6Bk1602-0Aa12-0Tp0_Firmware

This repository is an operational information repository regarding the vulnerability in the Log4j logging library CVE-2021-44228. It contains information on Indicators of Compromise IoCs, detection rules, and scanning software related to the vulnerability. The repository is maintained by the...

10CVSS8.3AI score0.99999EPSS
Exploits348
NCSC
NCSC
added 2025/08/29 8:37 a.m.4 views

Vulnerability fixed in FreePBX

FreePBX has fixed a vulnerability in versions 15, 16 and 17. The vulnerability allows attackers to gain unauthorized access and potentially execute remote code by exploiting a validation and remediation error in the processing of user-supplied input, such as in the "endpoint" module. FreePBX...

10CVSS7.9AI score0.93286EPSS
Exploits20References2
Circl
Circl
added 2025/08/27 11:17 a.m.4 views

CVE-2025-2313

creationtimestamp| type| source ---|---|--- 2025-08-27 11:17:18+00:00| seen| Telegram/JzqS30rbsZkXX-J9q-FpBkOr8wylmkM98sbVjWjXhrVNsA 2025-08-27 11:17:20+00:00| seen| Telegram/ssOidBomCKbG8sjcbyELy9TqieNAw9NmIvZVU6qSPqCeW2g 2025-08-27 11:17:24+00:00| seen|...

9.4CVSS4.7AI score0.00231EPSS
Exploits0
Malwarebytes
Malwarebytes
added 2025/08/25 2:11 a.m.6 views

How a scam hunter got scammed (Lock and Code S06E17)

This week on the Lock and Code podcast… If there’s one thing that scam hunter Julie-Anne Kearns wants everyone to know, it is that no one is immune from a scam. And she would know—she fell for one last year. For years now, Kearns has made a name for herself on TikTok as a scam awareness and...

7.4AI score
Exploits0
vulnersOsv
vulnersOsv
added 2025/08/20 9:30 p.m.6 views

ae.teletronics.nlp:entityextraction (>=1.3 <=1.4), ai.stainless:grails-tika (=0.1.0) +739 more potentially affected by CVE-2025-54988 +1 more via org.apache.tika:tika-parsers (>=1.13 <=1.9)

org.apache.tika:tika-parsers MAVEN version =1.13, =1.3, =1.0.1, =3.6.1, =3.11.0, =4.6.0, =8.10.1.3, =8.10.1.3, =8.10.1.3, =0.1, =3.0.0, =3.0.1 and more Source cves: CVE-2025-54988, CVE-2025-66516 Source advisory: SNYK:JAVA-ORGAPACHETIKA-14188256...

9.8CVSS7.4AI score0.79807EPSS
Exploits6
RedhatCVE
RedhatCVE
added 2025/08/20 6:32 p.m.13 views

CVE-2025-7693

A security issue exists due to improper handling of malformed CIP Forward Close packets during fuzzing. The controller enters a solid red Fault LED state and becomes unresponsive. Upon power cycle, the controller will enter recoverable fault where the MS LED and Fault LED become flashing red and...

9.3CVSS7.4AI score0.00344EPSS
Exploits0References1
Rows per page
Query Builder