Lucene search
K

82 matches found

OSV
OSV
added 2026/06/25 5:20 p.m.4 views

MAL-2026-6467 Malicious code in @vpms/design-system (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 43ce5813fba2660b094a3e8a5c5a0bf2f1972530c294830c0a2e3d15dcd1b096 package.json declares preinstall="node index.js". On every npm install, index.js iterates process.env and harvests any variable whose name contains...

5.8AI score
Exploits0References5
OSV
OSV
added 2026/06/23 8:18 p.m.5 views

MAL-2026-6346 Malicious code in triage-bot (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2ef2bb10931626a345e1277463f9c2ec6ca36108c2d6131c9210707ea5692a64 package.json declares preinstall: node index.js, so the payload runs automatically on npm install with no user action. index.js requires os, fs, and...

5.9AI score
Exploits0References2
OSV
OSV
added 2026/06/16 2:15 a.m.8 views

MAL-2026-5856 Malicious code in carousel-controller-mixin (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c1a4b1be297682ca77d8a92fc502887ee6d718a5541fa88413acdc6accb3ed97 package.json declares both preinstall and postinstall hooks that execute callback.js on every install. callback.js collects username, uid, hostname,...

5.8AI score
Exploits0References2
OSV
OSV
added 2026/06/15 5:23 p.m.7 views

MAL-2026-5808 Malicious code in surf-lending (npm)

Sibling of [email protected] campaign C2 path /surflending/. Sentinel-9.9.9 dep-confusion squat; preinstall node index.js || true exfils env secrets mnemonic/key/token/blockfrost to raw C2 2.25.140.71:8443/surflending/npm-confusion. c913 + c252. --- -= Per source details. Do not edit below this...

5.4AI score
Exploits0References3
OSV
OSV
added 2026/06/09 8:34 p.m.13 views

MAL-2026-5484 Malicious code in mcp-server-sequential-thinking (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 211672c16839ae6cd4e9f10810163da536480f07938b2d51c50ecbbb9f5e90ed Unscoped package impersonating the official @modelcontextprotocol/server-sequential-thinking MCP server. package.json declares postinstall: 'node...

5.5AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/09 8:29 p.m.11 views

Malicious code in getd-handler-api (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 83398d27bb84d47296f796b4b2e6e9b5a0efc474add2e57592455e7d5d54eab5 On npm install, postinstall.js collects the installer's hostname, username, platform, current working directory, and CI-related environment variables...

5.5AI score
Exploits0References1
OSV
OSV
added 2026/05/22 1:19 a.m.11 views

MAL-2026-4487 Malicious code in audit-logsss (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9f1d266fef23fc79d6af52affefa68c2220baad023d09a7acc4d439a23dfdb69 The package's postinstall script executes shell reconnaissance id || ver && whoami && hostname, fetches the installer's public IP from api.ipify.org,...

5.8AI score
Exploits0References2
OSV
OSV
added 2026/05/21 5:52 a.m.20 views

MAL-2026-4490 Malicious code in auth0-templates-scripts-utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ed9a505fcbf6daef28b6625dcbde65ea1dd00b01c1a684debfdedfc7e5bc3643 Package name impersonates the Auth0 ecosystem. Its postinstall hook node index.js runs unconditionally on npm install and performs a multi-stage data...

5.5AI score
Exploits0References3
OSV
OSV
added 2026/05/14 7:25 p.m.15 views

MAL-2026-3757 Malicious code in claw-subagent-service (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b2ccba152d6841731431c91157874c72b5f9778fdf88b634a45ab5d9da961307 On npm install -g, the package's scripts/post-install.js registers a privileged Windows service claw-subagent-service pointing at service/daemon.js,...

6.2AI score
Exploits0References34
Packet Storm News
Packet Storm News
added 2025/12/16 12:0 a.m.56 views

PentestEval: Benchmarking LLM-Based Penetration Testing with Modular and Stage-Level Design

Penetration testing is essential for assessing and strengthening system security against real-world threats, yet traditional workflows remain highly manual, expertise-intensive, and difficult to scale. Although recent advances in Large Language Models LLMs offer promising opportunities for...

6.6AI score
Exploits0
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2020-28006

Malware in sbrugna...

6.5CVSS6.6AI score0.00537EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2021-19678

Malware in sbrugna...

7.5CVSS7.5AI score0.00857EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2023-54103

Malicious code in bioql PyPI...

5.3CVSS5.7AI score0.00377EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2023-46237

Malicious code in bioql PyPI...

6.1CVSS6.4AI score0.00188EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2023-46241

Malicious code in bioql PyPI...

7.5CVSS5AI score0.00366EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/07/10 12:0 a.m.4 views

IBM Analytics Content Hub 安全漏洞

IBM Analytics Content Hub is a clean streaming experience from International Business Machines IBM that visualizes relevant analytics by extracting content from IBM and other analytics providers. A security vulnerability exists in IBM Analytics Content Hub versions 2.0, 2.1, 2.2, and 2.3, which...

5.3CVSS6.1AI score0.00266EPSS
Exploits0References2
Circl
Circl
added 2025/05/28 6:14 p.m.16 views

CVE-2025-48927

creationtimestamp| type| source ---|---|--- 2025-05-28 18:14:10+00:00| seen| https://infosec.exchange/users/cR0w/statuses/114586815688198231 2025-05-28 19:40:21+00:00| seen| https://bsky.app/profile/cyberalerts.bsky.social/post/3lqaxgz2uub2z 2025-07-01 05:10:43+00:00| exploited|...

5.3CVSS7.5AI score0.07857EPSS
Exploits0References33
RedhatCVE
RedhatCVE
added 2025/05/23 4:42 a.m.12 views

CVE-2023-48680

Sensitive information disclosure due to excessive collection of system information. The following products are affected: Acronis Cyber Protect 16 macOS, Windows before build 37391...

5.5CVSS6.5AI score0.0017EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/23 4:38 a.m.9 views

CVE-2023-44213

Sensitive information disclosure due to excessive collection of system information. The following products are affected: Acronis Cyber Protect Cloud Agent Windows before build 35739, Acronis Cyber Protect 16 Windows before build 37391...

5.5CVSS6.6AI score0.0017EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/23 4:17 a.m.15 views

CVE-2023-41745

Sensitive information disclosure due to excessive collection of system information. The following products are affected: Acronis Agent Linux, macOS, Windows before build 30991, Acronis Cyber Protect 15 Linux, macOS, Windows before build 35979...

6.1CVSS6.5AI score0.00188EPSS
Exploits0
Rows per page
Query Builder