Lucene search
K

50 matches found

OSSF Malicious Packages
OSSF Malicious Packages
added 2026/07/01 8:37 p.m.10 views

Malicious code in polymarket-trading-developer-tool (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 30ffc35841039a7a95d8b5590db211f34b662975513f3a054b8be282f0858c99 The package's postinstall lifecycle script performs install-time remote code execution. It reads a bundle URL from a JSON config hosted at...

6.4AI score
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/06/30 12:0 a.m.8 views

Amazon Linux 2023 : rclone (ALAS2023-2026-1907)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1907 advisory. Rclone is a command-line program to sync files and directories to and from different cloud storage providers. From 1.46.0 until 1.74.3, rclone rcd --rc-serve accepts unauthenticated GET and HEAD reques...

9.8CVSS5.9AI score0.00701EPSS
Exploits0References4
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/29 7:18 a.m.8 views

Malicious code in clob-client-math (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b36bbf14a743630a93ba7f8d7529d3fae8073f0f585af4343506be6248fc1b59 [email protected] ships a postinstall script install-check.cjs that fetches a JSON config from...

6.1AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/29 6:4 a.m.6 views

Malicious code in poly-kelly (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3d3df5266b6e9d9347844e4e054ab744aad9517c6f55df4e68e6c6815e843da7 On npm install, the package's postinstall script reads the homepage field from package.json set to...

5.9AI score
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2026/06/18 12:0 a.m.7 views

Rclone 1.46.x < 1.74.3 Unauthenticated Command Execution

The version of Rclone installed on the remote host is 1.46.x prior to 1.74.3. It is, therefore, affected by an unauthenticated command execution vulnerability: - rclone rcd --rc-serve accepts unauthenticated GET and HEAD requests to paths of the form /remote:path/object. The remote value is parse...

9.8CVSS6AI score0.00701EPSS
Exploits0References2
OSV
OSV
added 2026/06/17 12:0 p.m.8 views

MAL-2026-6160 Malicious code in firebase-readability (npm)

The npm package firebase-readability published by npm user sproger, [email protected] is a deceptive React Native component and part of a coordinated 37-package campaign across two attacker-controlled domains surrprisingcoompanny.lol and barbellmate.xyz. On component mount it registers...

5.5AI score
Exploits0References1
OSV
OSV
added 2026/06/17 12:0 p.m.6 views

MAL-2026-6170 Malicious code in onesignal-hooks (npm)

The npm package onesignal-hooks published by npm user sproger, [email protected] is a deceptive React Native component and part of a coordinated 37-package campaign across two attacker-controlled domains surrprisingcoompanny.lol and barbellmate.xyz. On component mount it registers...

5.5AI score
Exploits0References1
OSV
OSV
added 2026/06/17 12:0 p.m.5 views

MAL-2026-6145 Malicious code in accordion-animationtiming-authorization (npm)

The npm package accordion-animationtiming-authorization published by npm user sproger, [email protected] is a deceptive React Native component and part of a coordinated 37-package campaign across two attacker-controlled domains surrprisingcoompanny.lol and barbellmate.xyz. On component moun...

5.5AI score
Exploits0References1
OSV
OSV
added 2026/06/17 12:0 p.m.5 views

MAL-2026-6166 Malicious code in jest-macos (npm)

The npm package jest-macos published by npm user sproger, [email protected] is a deceptive React Native component and part of a coordinated 37-package campaign across two attacker-controlled domains surrprisingcoompanny.lol and barbellmate.xyz. On component mount it registers...

5.5AI score
Exploits0References1
OSV
OSV
added 2026/06/17 12:0 p.m.5 views

MAL-2026-6163 Malicious code in framerate-interaction-permissions (npm)

The npm package framerate-interaction-permissions published by npm user sproger, [email protected] is a deceptive React Native component and part of a coordinated 37-package campaign across two attacker-controlled domains surrprisingcoompanny.lol and barbellmate.xyz. On component mount it...

5.5AI score
Exploits0References1
OSV
OSV
added 2026/06/17 12:0 p.m.8 views

MAL-2026-6178 Malicious code in streaming-downloads (npm)

The npm package streaming-downloads published by npm user sproger, [email protected] is a deceptive React Native component and part of a coordinated 37-package campaign across two attacker-controlled domains surrprisingcoompanny.lol and barbellmate.xyz. On component mount it registers...

5.5AI score
Exploits0References1
OSV
OSV
added 2026/06/17 12:0 p.m.4 views

MAL-2026-6156 Malicious code in documents-widgets (npm)

The npm package documents-widgets published by npm user sproger, [email protected] is a deceptive React Native component and part of a coordinated 37-package campaign across two attacker-controlled domains surrprisingcoompanny.lol and barbellmate.xyz. On component mount it registers...

5.5AI score
Exploits0References1
OSV
OSV
added 2026/06/17 12:0 p.m.7 views

MAL-2026-6181 Malicious code in virtualization-compression-collapse (npm)

The npm package virtualization-compression-collapse published by npm user sproger, [email protected] is a deceptive React Native component and part of a coordinated 37-package campaign across two attacker-controlled domains surrprisingcoompanny.lol and barbellmate.xyz. On component mount it...

5.5AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/26 9:37 a.m.12 views

Malicious code in noteparse (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 270d4c797fe34bc0b9598608f45add8721f1fa80d1488e4fae750e3a7b38419e noteparse 1.1.27 ships live MinIO credentials in configReader.py endpoint uicfile.uniview.com, accesskey 'uicpro', secretkey 'uicpropass123' that are...

5.8AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/02 8:0 a.m.18 views

Malicious code in common-tg-service (npm)

Malicious npm package published by user shetty123 as part of a Telegram account hijacking framework targeting Indian Telegram users. All 502 published versions 1.0.1 through 1.3.207 are malicious. Pairs with ams-ssk, which provides the operator's server-side AMS/CMS infrastructure...

6.2AI score
Exploits0References21
CNNVD
CNNVD
added 2026/03/05 12:0 a.m.9 views

OpenClaw 访问控制错误漏洞

OpenClaw is an open-source intelligent artificial assistant. Versions of OpenClaw prior to 2026.2.12 had a access control vulnerability. This vulnerability stemmed from the Nostr plugin exposing unvalidated HTTP endpoints, which could allow remote attackers to read sensitive configuration file da...

8.3CVSS5.8AI score0.0034EPSS
Exploits0References3
OSV
OSV
added 2026/03/03 6:16 p.m.3 views

CVE-2021-35486

A Cross-Site Request Forgery CSRF vulnerability in Nokia IMPACT through 19.11.2.10-20210118042150283 allows a remote attacker to import and overwrite the entire application configuration. Specifically, in /ui/rest-proxy/entity/import, neither the X-CSRF-NONCE HTTP header nor the CSRF-NONCE cookie...

8.1CVSS5.9AI score0.00187EPSS
Exploits0References3
OSV
OSV
added 2025/09/09 4:29 p.m.3 views

MAL-2025-46989 Malicious code in ifood-faster-remote-config (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 3b47856b6547efd8d456abded39dc3e710dfa04600ceb26aeeffdae16c33aa4f The OpenSSF Package Analysis project identified...

6.9AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/09/09 4:29 p.m.4 views

Malicious code in ifood-faster-remote-config (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 3b47856b6547efd8d456abded39dc3e710dfa04600ceb26aeeffdae16c33aa4f The OpenSSF Package Analysis project identified...

6.9AI score
Exploits0
CNNVD
CNNVD
added 2025/05/05 12:0 a.m.5 views

Baidu BRCC 安全漏洞

Baidu BRCC Baidu Better Remote Config Center is a distributed configuration center of China's Baidu Baidu, which is used to unify the management of configuration information of application services, to avoid all kinds of resources scattered in various projects, and to simplify the maintenance cos...

9.8CVSS6.3AI score0.00365EPSS
Exploits1References2
Rows per page
Query Builder