Lucene search
K

495 matches found

OSSF Malicious Packages
OSSF Malicious Packages
added 2026/02/14 11:56 a.m.10 views

Malicious code in dzuseragents (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 f0be670ad8e17f42129943a744559ebb8818c581bc637c1469cf8553b7b8f8c9 The package downloads an executable and adds it to autostart. The downloaded application then periodically creates a screenshot and sends it to a Discord...

5.6AI score
Exploits0References5
OSV
OSV
added 2026/02/14 11:56 a.m.7 views

MAL-2026-899 Malicious code in dzuseragents (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 f0be670ad8e17f42129943a744559ebb8818c581bc637c1469cf8553b7b8f8c9 The package downloads an executable and adds it to autostart. The downloaded application then periodically creates a screenshot and sends it to a Discord...

5.6AI score
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/02/13 1:30 a.m.4 views

CVE-2026-20640

An inconsistent user interface issue was addressed with improved state management. This issue is fixed in iOS 26.3 and iPadOS 26.3. An attacker with physical access to iPhone may be able to take and view screenshots of sensitive data from the iPhone during iPhone Mirroring with Mac...

4.6CVSS5.3AI score0.00159EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/15 5:22 p.m.3 views

CVE-2026-21889

Weblate is a web based localization tool. Prior to 5.15.2, the screenshot images were served directly by the HTTP server without proper access control. This could allow an unauthenticated user to access screenshots after guessing their filename. This vulnerability is fixed in 5.15.2...

7.5CVSS6.8AI score0.00323EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2026/01/14 4:45 p.m.13 views

Weblate leaks information via screenshots

Impact The screenshot images were served directly by the HTTP server without proper access control. This could allow an unauthenticated user to access screenshots after guessing their filename. Patches https://github.com/WeblateOrg/weblate/pull/17516 References Thanks to Lukas May and Michael Leu...

7.5CVSS7AI score0.00323EPSS
Exploits0References5Affected Software1
EUVD
EUVD
added 2026/01/14 4:28 p.m.11 views

EUVD-2026-2452

Weblate is a web based localization tool. Prior to 5.15.2, the screenshot images were served directly by the HTTP server without proper access control. This could allow an unauthenticated user to access screenshots after guessing their filename. This vulnerability is fixed in 5.15.2...

2.3CVSS6.3AI score0.00323EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/01/14 4:28 p.m.41 views

CVE-2026-21889 Weblate leaks information via screenshots

Weblate is a web based localization tool. Prior to 5.15.2, the screenshot images were served directly by the HTTP server without proper access control. This could allow an unauthenticated user to access screenshots after guessing their filename. This vulnerability is fixed in 5.15.2...

2.3CVSS0.00323EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/01/14 4:28 p.m.7 views

CVE-2026-21889 Weblate leaks information via screenshots

Weblate is a web based localization tool. Prior to 5.15.2, the screenshot images were served directly by the HTTP server without proper access control. This could allow an unauthenticated user to access screenshots after guessing their filename. This vulnerability is fixed in 5.15.2...

2.3CVSS6.4AI score0.00323EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/01/14 4:28 p.m.4 views

CVE-2026-21889

Weblate is a web based localization tool. Prior to 5.15.2, the screenshot images were served directly by the HTTP server without proper access control. This could allow an unauthenticated user to access screenshots after guessing their filename. This vulnerability is fixed in 5.15.2...

7.5CVSS5.5AI score0.00323EPSS
Exploits0References4Affected Software1
Positive Technologies
Positive Technologies
added 2026/01/14 12:0 a.m.9 views

PT-2026-2970

Impact The screenshot images were served directly by the HTTP server without proper access control. This could allow an unauthenticated user to access screenshots after guessing their filename. Patches https://github.com/WeblateOrg/weblate/pull/17516 References Thanks to Lukas May and Michael Leu...

2.3CVSS6.9AI score0.00323EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/01/14 12:0 a.m.21 views

Weblate 访问控制错误漏洞

Weblate is a Copyleft open source web-based free software continuous localization system. An Access Control Error vulnerability exists in Weblate versions prior to 5.15.2 that stems from improper access control of screenshot images, which could lead to unauthenticated users accessing screenshots...

7.5CVSS6.6AI score0.00323EPSS
Exploits0References4
HackRead
HackRead
added 2026/01/12 4:2 p.m.20 views

Everest Ransomware Claims Breach at Nissan, Says 900GB of Data Stolen

Everest ransomware claims to have breached Nissan Motor Corporation, alleging the theft of 900GB of internal data, including documents and screenshots...

7AI score
Exploits0
The Hacker News
The Hacker News
added 2025/12/09 8:7 a.m.12 views

Researchers Find Malicious VS Code, Go, npm, and Rust Packages Stealing Developer Data

Cybersecurity researchers have discovered two new extensions on Microsoft Visual Studio Code VS Code Marketplace that are designed to infect developer machines with stealer malware. The VS Code extensions masquerade as a premium dark theme and an artificial intelligence AI-powered coding assistan...

6.9AI score
Exploits0
CNNVD
CNNVD
added 2025/12/09 12:0 a.m.6 views

MiniDVBLinux 访问控制错误漏洞

MiniDVBLinux is a multimedia center software from the German company MiniDVBLinux. An access control error vulnerability exists in MiniDVBLinux version 5.4 that originates from unauthorized access and could result in the generation of live screenshots...

8.7CVSS6.6AI score0.0048EPSS
Exploits1References5
HackRead
HackRead
added 2025/12/04 10:14 p.m.6 views

Qilin Ransomware Claims Data Theft from Church of Scientology

Qilin ransomware claims it stole internal data from the Church of Scientology, sharing 22 screenshots as proof. The breach remains unconfirmed by the organization...

7AI score
Exploits0
Snyk
Snyk
added 2025/11/30 1:14 p.m.1 views

Malicious Package

Overview tailwindcss-bootstrap-color is a malicious package. This package contains malicious code associated with a social engineering campaign called "Contagious Interview." The attackers target developers through fake job interviews or coding test assignments that require the installation of th...

9.8CVSS7.2AI score
Exploits0References3
Snyk
Snyk
added 2025/11/30 1:14 p.m.3 views

Malicious Package

Overview tailwind-gradient-image is a malicious package. This package contains malicious code associated with a social engineering campaign called "Contagious Interview." The attackers target developers through fake job interviews or coding test assignments that require the installation of this...

9.8CVSS7.2AI score
Exploits0References3
Snyk
Snyk
added 2025/11/30 1:14 p.m.1 views

Malicious Package

Overview pixel-bloom is a malicious package. This package contains malicious code associated with a social engineering campaign called "Contagious Interview." The attackers target developers through fake job interviews or coding test assignments that require the installation of this package. Once...

9.8CVSS7.2AI score
Exploits0References3
Snyk
Snyk
added 2025/11/30 1:14 p.m.2 views

Malicious Package

Overview tailwind-morph is a malicious package. This package contains malicious code associated with a social engineering campaign called "Contagious Interview." The attackers target developers through fake job interviews or coding test assignments that require the installation of this package...

9.8CVSS7.2AI score
Exploits0References3
Snyk
Snyk
added 2025/11/30 1:14 p.m.2 views

Malicious Package

Overview tailwindcss-setflexgrid is a malicious package. This package contains malicious code associated with a social engineering campaign called "Contagious Interview." The attackers target developers through fake job interviews or coding test assignments that require the installation of this...

9.8CVSS7.2AI score
Exploits0References3
Rows per page
Query Builder