Lucene search
K

42265 matches found

Circl
Circl
added 4 days ago7 views

CVE-2026-15028

creationtimestamp| type| source ---|---|--- 2026-07-10 12:03:12+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mqc453ekyq2x 2026-07-10 12:36:29+00:00| seen| https://bsky.app/profile/malwareobserver.bsky.social/post/3mqc5ypgytn26 2026-07-10 13:20:44+00:00| seen|...

3.9CVSS6.1AI score0.00203EPSS
Exploits0References7
OSSF Malicious Packages
OSSF Malicious Packages
added 4 days ago9 views

Malicious code in nodemon-patch (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 15ac606888cb1a54710bafa78dc76d760bef1088bb5e2cc0f0323614341345e5 The package is named nodemon-patch but its package.json metadata homepage https://nodemon.io, author Remy Sharp / github.com/remy, repository, fundin...

6.2AI score
Exploits0References3
Circl
Circl
added 4 days ago5 views

CVE-2026-15311

creationtimestamp| type| source ---|---|--- 2026-07-10 00:57:22+00:00| seen| https://bsky.app/profile/malwareobserver.bsky.social/post/3mqawwlemrj2q 2026-07-10 19:55:28+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mqcwjoofi22a...

5.1CVSS6.1AI score0.00203EPSS
Exploits0References2
Circl
Circl
added 4 days ago5 views

CVE-2026-15317

creationtimestamp| type| source ---|---|--- 2026-07-10 00:55:49+00:00| seen| https://bsky.app/profile/malwareobserver.bsky.social/post/3mqawtt3ljg2o...

7.5CVSS5.9AI score0.00247EPSS
Exploits0References1
Patchstack
Patchstack
added 5 days ago7 views

WordPress Anti-Malware Security and Brute-Force Firewall plugin <= 4.23.89 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by dutafi in WordPress Plugin Anti-Malware Security and Brute-Force Firewall versions = 4.23.89...

5.8CVSS6.1AI score0.00201EPSS
Exploits0Affected Software1
OSSF Malicious Packages
OSSF Malicious Packages
added 5 days ago8 views

Malicious code in n8n-nodes-mcputils (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fa6d921f2167545e1c8e1a4dfa9981a2b9ce2878b1406608d4673aadd00a761b The package poses as an n8n community node for MCP utility helpers but performs unrelated binary-dropper actions. The postinstall lifecycle script ru...

5.9AI score
Exploits0References2
The Hacker News
The Hacker News
added 5 days ago8 views

Microsoft Patches RoguePlanet Defender Flaw That Can Grant SYSTEM Privileges

Microsoft has released security updates for a Defender vulnerability known as RoguePlanet, nearly a month after details of the flaw became public. The vulnerability, tracked as CVE-2026-50656 CVSS score: 7.8, is a privilege escalation issue in the Microsoft Malware Protection Engine "mpengine.dll...

7.8CVSS7AI score0.03391EPSS
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 5 days ago8 views

Malicious code in clavuepro (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 97a9e3cf794eb2bc8d9ebb4bab007a52bf9fc1ed9dbc3db19695542503ec253e The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...

5.9AI score
Exploits0References2
NVD
NVD
added 6 days ago8 views

CVE-2026-35210

OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. Prior to 7.260326.0, an authorization bypass vulnerability in OpenCTI allows any authenticated user with KNOWLEDGEKNUPDATE permission to bypass Confidence Level validation and Object Marking...

7.1CVSS0.00269EPSS
Exploits0References4
Cvelist
Cvelist
added 6 days ago33 views

CVE-2026-35210 OpenCTI: Authorization Bypass via `synchronized-upsert` HTTP Header Injection

OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. Prior to 7.260326.0, an authorization bypass vulnerability in OpenCTI allows any authenticated user with KNOWLEDGEKNUPDATE permission to bypass Confidence Level validation and Object Marking...

7.1CVSS0.00269EPSS
Exploits0References4
CVE
CVE
added 6 days ago12 views

CVE-2026-35210

Summary: OpenCTI prior to version 7.260326.0 contains an authorization bypass via the synchronized-upsert: true HTTP header, exploitable by any authenticated user with KNOWLEDGE_KNUPDATE permission. This allows bypassing Confidence Level validation and Object Marking restrictions, enabling attack...

7.1CVSS5.9AI score0.00269EPSS
Exploits0References4Affected Software1
Circl
Circl
added 6 days ago7 views

GHSA-W54J-7WPM-CRHJ

creationtimestamp| type| source ---|---|--- 2026-07-08 14:44:37+00:00| seen| https://bsky.app/profile/malwareobserver.bsky.social/post/3mq5e7yeusk2s...

5.9AI score
Exploits0References1
Circl
Circl
added 6 days ago5 views

GHSA-HWMJ-QG4V-CVG9

creationtimestamp| type| source ---|---|--- 2026-07-08 14:41:40+00:00| seen| https://bsky.app/profile/malwareobserver.bsky.social/post/3mq5e2piu2p26...

5.9AI score
Exploits0References1
OSV
OSV
added 6 days ago7 views

MAL-2026-6962 Malicious code in gas-log (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 36241e999d92bad738082bf420fc144391735f9f3707bc4baa0153b4cb0eec8a gas-log impersonates the legitimate eth-gas-reporter package: it reuses that project's README, keywords, badges, and CHANGELOG, and the README even...

6.1AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 6 days ago10 views

Malicious code in pyqt6darktheme (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 8cd6d16792d681b160ae1e11b3f698d8fd3004cd6019704008ad1c649fbe6f67 Package downloads and runs a remote executable, which was found to downloads further exes and starting coine mining --- Category: MALICIOUS - The campaign has...

6.1AI score
Exploits0References4
Positive Technologies
Positive Technologies
added 6 days ago12 views

PT-2026-56601

Name of the Vulnerable Software and Affected Versions OpenCTI versions prior to 7.260326.0 Description An authorization bypass allows authenticated users with KNOWLEDGE KNUPDATE permission to circumvent Confidence Level validation and Object Marking restrictions. This is achieved by injecting the...

7.1CVSS6.1AI score0.00269EPSS
Exploits0References8
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/07/07 4:19 p.m.11 views

Malicious code in whs4_nmp (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 53a1fc3c42fcd64070dd50db1ed23a9f238bd10fea9bba087cb605f7419af28c The package's postinstall script runs node index.js on install, which invokes reportLoadedFrom to POST installer-side data to a hardcoded Discord...

6AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/07/07 4:19 p.m.10 views

Malicious code in whs4_npm (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 47695d571fe82fbb4402e8cc7f56c05e1cb21d0bc8089ccbd8fca32f8cf5a57c The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...

5.9AI score
Exploits0References2
OSV
OSV
added 2026/07/07 4:19 p.m.6 views

MAL-2026-6950 Malicious code in whs4_nmp (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 53a1fc3c42fcd64070dd50db1ed23a9f238bd10fea9bba087cb605f7419af28c The package's postinstall script runs node index.js on install, which invokes reportLoadedFrom to POST installer-side data to a hardcoded Discord...

6.1AI score
Exploits0References3
OSV
OSV
added 2026/07/07 4:19 p.m.9 views

MAL-2026-6953 Malicious code in whs4_pnm (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 47d72187d8b59a9a40cb8397d064bc7319b20e19ee7d48b870432bd96952b089 The package declares a postinstall script node index.js that runs unconditionally on npm install. The script POSTs the absolute filename path which...

6.1AI score
Exploits0References2
Rows per page
Query Builder