Lucene search
+L

33060 matches found

OSSF Malicious Packages
OSSF Malicious Packages
added 2 days ago8 views

Malicious code in ethereum-input-decorder (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 94137fcf0aee7d8edb4e15a8bc9be4455fbdf79cb5bf99987b79f0393fdff62c The package name typosquats the legitimate 'ethereum-input-decoder'. Its top-level init.py unconditionally invokes a payload routine on import: it...

6.2AI score
Exploits0References6
OSV
OSV
added 3 days ago4 views

MAL-2026-10591 Malicious code in solana-key-utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 68b4680547530fce361014fe8c228734a8ec33bc8c834f46285e371e8f6b9f92 On require, index.js waits 37 seconds, reads test/fixtures/keypairs.dat a 53KB base64 blob disguised as a test fixture, no test harness references it...

6.4AI score
Exploits0References4
OSSF Malicious Packages
OSSF Malicious Packages
added 3 days ago7 views

Malicious code in solana-key-utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 68b4680547530fce361014fe8c228734a8ec33bc8c834f46285e371e8f6b9f92 On require, index.js waits 37 seconds, reads test/fixtures/keypairs.dat a 53KB base64 blob disguised as a test fixture, no test harness references it...

6.4AI score
Exploits0References4
OSV
OSV
added 3 days ago5 views

BIT-SETUPTOOLS-2026-59890 setuptools: MANIFEST.in exclusion bypass in sdist via Unicode normalization collision (NFC/NFD) on macOS APFS/HFS+

setuptools is a package that allows users to download, build, install, upgrade, and uninstall Python packages. Prior to 83.0.0, FileList applied MANIFEST.in exclude, global-exclude, recursive-exclude, and prune directives by matching compiled glob patterns against on-disk file names without Unico...

6.1CVSS6.1AI score0.0029EPSS
Exploits1References4
OSSF Malicious Packages
OSSF Malicious Packages
added 3 days ago8 views

Malicious code in eth-wallet-helpers (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 517d465272a3a1d252e83e178bb263a1ccf600b42fed6d5aa1d110b9141fc77a On require of index.js, a delayed IIFE reads test/fixtures/keypairs.dat, base64-decodes it into /.cache-db/.node-sync/syncd.js mode 0o700, and spawns...

6.1AI score
Exploits0References4
Tenable Nessus
Tenable Nessus
added 3 days ago6 views

Adobe Audition < 25.6.6 / 26.0 < 26.3 Multiple Vulnerabilities (APSB26-71) (macOS)

The version of Adobe Audition installed on the remote macOS host is prior to 25.6.6, 26.3. It is, therefore, affected by multiple vulnerabilities as referenced in the APSB26-71 advisory. - Audition is affected by an out-of-bounds write vulnerability that could result in arbitrary code execution i...

7.8CVSS6.2AI score0.00197EPSS
Exploits0References7
Tenable Nessus
Tenable Nessus
added 3 days ago7 views

Adobe Media Encoder < 25.6.6 / 26.0.0 < 26.3.0 Multiple Vulnerabilities (APSB26-72) (macOS)

The version of Adobe Media Encoder installed on the remote macOS host is prior to 25.6.6, 26.3.0. It is, therefore, affected by multiple vulnerabilities as referenced in the APSB26-72 advisory. - Media Encoder is affected by an out-of-bounds write vulnerability that could result in arbitrary code...

7.8CVSS6.4AI score0.00297EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 3 days ago7 views

Adobe After Effects < 25.6.6 / 26.0.0 < 26.3.0 Multiple Arbitrary code execution (APSB26-78) (macOS)

The version of Adobe After Effects installed on the remote macOS host is prior to 25.6.6, 26.3.0. It is, therefore, affected by multiple vulnerabilities as referenced in the APSB26-78 advisory. - After Effects is affected by an out-of-bounds write vulnerability that could result in arbitrary code...

7.8CVSS7.3AI score0.00299EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 3 days ago5 views

Adobe Animate 23.x < 23.0.16 / 24.x < 24.0.14 Multiple Vulnerabilities (APSB26-83)

The version of Adobe Animate installed on the remote macOS or Mac OS X host is prior to 23.0.16 or 24.0.14. It is, therefore, affected by multiple vulnerabilities as referenced in the apsb26-83 advisory. - Animate is affected by an Improper Limitation of a Pathname to a Restricted Directory 'Path...

8.6CVSS6.5AI score0.00888EPSS
Exploits0References7
The Hacker News
The Hacker News
added 4 days ago14 views

CrashStealer macOS Malware Uses Notarized Dropper to Pass Gatekeeper Checks

Cybersecurity researchers have flagged a new macOS information stealer called CrashStealer that's capable of harvesting sensitive data from compromised systems. Unlike other information stealers that are built on AppleScript droppers or Objective-C-based wrappers, CrashStealer is implemented in...

6.2AI score
Exploits0
RedhatCVE
RedhatCVE
added last week8 views

CVE-2026-59890

A flaw was found in setuptools, a Python package management tool. The FileList component, responsible for handling file exclusions, did not properly normalize Unicode file names when applying exclusion rules. This oversight could allow a specially crafted file name, using a different Unicode...

6.1CVSS6AI score0.0029EPSS
Exploits1References6
NVD
NVD
added 2026/07/09 8:16 p.m.7 views

CVE-2026-0278

Multiple protection mechanism failures in the Prisma Access Agent Data Loss Prevention DLP component for Windows allow a local user to bypass DLP policy enforcement controls. The Prisma Access Agent on macOS is not affected...

8.4CVSS0.00151EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/07/09 7:19 p.m.36 views

CVE-2026-0275 Prisma Browser: Local Privilege Escalation on macOS

A local privilege escalation vulnerability in Palo Alto Networks Prisma® Browser allows a locally authenticated administrator with access to the macOS local filesystem to perform actions on the device with root privileges. This issue only affects Prisma® Browser on macOS...

5.4CVSS0.00112EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/07/09 7:12 p.m.38 views

CVE-2026-0278 Prisma Access Agent: Multiple DLP Policy Bypass Vulnerabilities on Windows

Multiple protection mechanism failures in the Prisma Access Agent Data Loss Prevention DLP component for Windows allow a local user to bypass DLP policy enforcement controls. The Prisma Access Agent on macOS is not affected...

8.4CVSS0.00151EPSS
Exploits0References1
EUVD
EUVD
added 2026/07/09 7:12 p.m.5 views

EUVD-2026-42688

Multiple protection mechanism failures in the Prisma Access Agent Data Loss Prevention DLP component for Windows allow a local user to bypass DLP policy enforcement controls. The Prisma Access Agent on macOS is not affected...

8.4CVSS5.9AI score0.00151EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/07/09 12:0 a.m.6 views

PT-2026-56917

Name of the Vulnerable Software and Affected Versions Prisma Browser affected versions not specified Description A local privilege escalation issue in Prisma Browser on macOS allows a locally authenticated administrator who has access to the local filesystem to execute actions on the device with...

5.4CVSS6.2AI score0.00112EPSS
Exploits0References4
OSV
OSV
added 2026/07/09 12:0 a.m.4 views

MAL-2026-10075 Malicious code in testudo-pack (npm)

The npm package testudo-pack is byte-for-byte identical verified via diff to testis-pack from the same npm publisher ioa2102 [email protected], differing only in its install hook: postinstall: node index.js instead of preinstall. It presents itself as a small binary packing/checksum...

6.2AI score
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/07/09 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2026-59890

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - setuptools is a package that allows users to download, build, install, upgrade, and uninstall Python packages. Prior to 83.0.0, FileList applied MANIFEST.in...

6.1CVSS6.1AI score0.0029EPSS
Exploits1References2
NVD
NVD
added 2026/07/08 5:17 p.m.9 views

CVE-2026-59890

setuptools is a package that allows users to download, build, install, upgrade, and uninstall Python packages. Prior to 83.0.0, FileList applied MANIFEST.in exclude, global-exclude, recursive-exclude, and prune directives by matching compiled glob patterns against on-disk file names without Unico...

6.1CVSS0.0029EPSS
Exploits1References3
CVE
CVE
added 2026/07/08 4:2 p.m.28 views

CVE-2026-59890

Setuptools vulnerability CVE-2026-59890 affects the setuptools sdist packaging logic. Prior to 83.0.0, FileList exclusions (MANIFEST.in exclude, global-exclude, recursive-exclude, prune) were matched against on-disk file names without Unicode normalization, so an NFD filename on macOS APFS/HFS+ c...

6.1CVSS6AI score0.0029EPSS
Exploits1References3Affected Software1
Rows per page
Query Builder