Lucene search
K

14 matches found

OSV
OSV
added 2026/06/13 8:15 p.m.10 views

MAL-2026-5740 Malicious code in 2fa-exe (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector df3ad6044ca4d17d594aa3aa0d1a75d1dbf3ebf483d0dd1b04d502277674a8cc Package advertises itself as an SVG fetcher/sanitizer but ships an undocumented exported factory getPlugin in index.js that performs an HTTPS GET to...

5.6AI score
Exploits0References2
OSV
OSV
added 2026/05/26 1:0 a.m.11 views

MAL-2026-4544 Malicious code in cwao (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f48b0fefe9d99bcebeaa878f5bb2ca40df917b40785d6b5b8a31cf6e70a44970 package.json declares "preinstall": "./vendor/setup", which directly executes a 976,568-byte packed Linux x86 ELF binary shipped in the tarball. The...

5.9AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/26 12:59 a.m.12 views

Malicious code in weavedb-base (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 886f22636b5e4726978e23b10a4311fb7e65c2b10003da72429348fa617884d1 package.json declares "preinstall": "./vendor/setup", which runs a 976KB packed Linux x86 ELF binary sha256...

5.8AI score
Exploits0References4
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/23 5:57 p.m.13 views

Malicious code in @dreamlake/lakeshore (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8ef6f14503697000ebd139364326d859a625a27a669e6f53b3e7a9388c3b0b25 On install, dist/cli/daemon/install.js fetches content from https://pub-c0109e197b4a4d1abe5884ac4dd3a023.r2.dev — an anonymous Cloudflare R2 bucket —...

6AI score
Exploits0References2
OSV
OSV
added 2026/05/19 7:53 p.m.10 views

MAL-2026-4740 Malicious code in zod-to-js (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 370d1632254cb5b5dbd394992054b6c0e943a6fb758ab70f470c059ee734b9c0 The package is published as 'zod-to-js' but ships a copy of pino's source tree main entry pino.js, lib/proto.js, lib/levels.js, pino docs/README with...

6.2AI score
Exploits0References3
NVD
NVD
added 2026/01/30 8:16 p.m.4 views

CVE-2026-23835

LobeHub is an open source human-and-AI-agent network. Prior to version 1.143.3, the file upload feature in Knowledge Base File Upload does not validate the integrity of the upload request, allowing users to intercept and modify the request parameters. As a result, it is possible to create arbitra...

7.2CVSS0.0033EPSS
Exploits0References1
NVD
NVD
added 2025/12/10 4:16 p.m.2 views

CVE-2025-34421

MailEnable versions prior to 10.54 contain an unsafe DLL loading vulnerability that can lead to local arbitrary code execution. The MailEnable administrative executable attempts to load MEAISP.DLL from its installation directory without sufficient integrity validation or a secure search order. A...

8.5CVSS0.00164EPSS
Exploits0References3
NVD
NVD
added 2025/11/24 5:16 p.m.4 views

CVE-2025-63434

The update mechanism in Xtooltech Xtool AnyScan Android Application 4.40.40 and prior is insecure. The application downloads and extracts update packages containing executable code without performing a cryptographic integrity or authenticity check on their contents. An attacker who can control th...

8.8CVSS0.00269EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2025/11/24 12:0 a.m.1 views

CVE-2025-63434

The update mechanism in Xtooltech Xtool AnyScan Android Application 4.40.40 and prior is insecure. The application downloads and extracts update packages containing executable code without performing a cryptographic integrity or authenticity check on their contents. An attacker who can control th...

7.4AI score0.00269EPSS
Exploits1References2
Cvelist
Cvelist
added 2025/11/24 12:0 a.m.9 views

CVE-2025-63434

The update mechanism in Xtooltech Xtool AnyScan Android Application 4.40.40 and prior is insecure. The application downloads and extracts update packages containing executable code without performing a cryptographic integrity or authenticity check on their contents. An attacker who can control th...

0.00269EPSS
Exploits1References2
OSV
OSV
added 2022/01/02 4:15 p.m.2 views

CVE-2021-36751

ENC DataVault 7.2.3 and before, and OEM versions, use an encryption algorithm that is vulnerable to data manipulation without knowledge of the key. This is called ciphertext malleability. There is no data integrity mechanism to detect this manipulation...

4.2CVSS5.8AI score0.00486EPSS
Exploits0References3
Snyk
Snyk
added 2020/01/22 8:44 a.m.1 views

Bit-Flipping Attack

Amendment This was deemed not a vulnerability. Overview parsel is a gem to encrypt and decrypt data with a given key. Affected versions of this package are vulnerable to Bit-Flipping Attack via the ciphertext function. AES-256-CBC, the construct used in parsel.rb, has no integrity check i.e., the...

7.1CVSS6.8AI score
Exploits0References2
OSV
OSV
added 2019/10/09 4:15 p.m.4 views

CVE-2019-14808

An issue was discovered in the RENPHO application 3.0.0 for iOS. It transmits JSON data unencrypted to a server without an integrity check, if a user changes personal data in his profile tab e.g., exposure of his birthday or logs into his account i.e., exposure of credentials...

6.8CVSS5.8AI score0.01337EPSS
Exploits1References3
OSV
OSV
added 2017/04/02 8:59 p.m.2 views

CVE-2016-8273

Huawei PC client software HiSuite 4.0.5.300OVE uses insecure HTTP for upgrade software package download and does not check the integrity of the software package before installing; an attacker can launch an MITM attack to interrupt or replace the downloaded software package and further compromise...

7.8CVSS5.8AI score0.0021EPSS
Exploits0References1
Rows per page
Query Builder