Lucene search
K

9114 matches found

OSSF Malicious Packages
OSSF Malicious Packages
added last week6 views

Malicious code in @node-cloud/create (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e66147a84e0fc5236544fe38349b5a8cd03c3988695c485bd0e7c270dffd2cb2 index.js unconditionally requires @sql-trigger/nodesql at the top of the main file var ins = require'@sql-trigger/nodesql'; but never references the...

6AI score
Exploits0References8
RedHat Linux
RedHat Linux
added 2026/07/01 7:58 p.m.6 views

vim: zip.vim: Vim zip.vim plugin: Arbitrary file overwrite via path traversal bypass

A flaw was found in Vim's zip.vim plugin. A local user could be tricked into opening a specially crafted zip archive, which would allow a path traversal bypass. This vulnerability enables an attacker to overwrite arbitrary files on the system, potentially leading to data integrity issues or furth...

7.1CVSS5.9AI score0.00126EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/07/01 7:34 p.m.6 views

vim: zip.vim: Vim zip.vim plugin: Arbitrary file overwrite via path traversal bypass

A flaw was found in Vim's zip.vim plugin. A local user could be tricked into opening a specially crafted zip archive, which would allow a path traversal bypass. This vulnerability enables an attacker to overwrite arbitrary files on the system, potentially leading to data integrity issues or furth...

7.1CVSS5.9AI score0.00126EPSS
Exploits0References5
OSV
OSV
added 2026/07/01 4:57 p.m.5 views

USN-8492-1 linux, linux-aws, linux-aws-fips, linux-gcp, linux-gcp-fips, linux-ibm, linux-nvidia, linux-nvidia-6.8, linux-oracle, linux-realtime, linux-realtime-6.8 vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - MIPS architecture; - PowerPC architecture; - x86 architecture; - Block layer subsystem; -...

9.8CVSS6.4AI score0.00686EPSS
Exploits4References300
Cvelist
Cvelist
added 2026/07/01 2:41 p.m.33 views

CVE-2026-58127 PACSgear MediaWriter 5.2.1 Unauthenticated RCE via .NET Remoting TCP Service

PACSgear MediaWriter 5.2.1 exposes a .NET Remoting TCP service on port 9000 via PacsgearMediaServerEngine.dll, registered with ObjectURIs RemoteObj and UIRemoteObj, without any authentication requirement. By exploiting the MarshalByRefObject object unmarshalling technique and implementing .NET...

9.8CVSS0.00985EPSS
Exploits1References3
EUVD
EUVD
added 2026/06/30 7:13 p.m.7 views

EUVD-2026-40381

IBM Langflow OSS 1.0.0 through 1.10.0 allows authenticated attackers to execute arbitrary OS commands and read sensitive files including credentials, enabling complete system compromise and lateral movement...

9.9CVSS6AI score0.00294EPSS
Exploits0References1
OSV
OSV
added 2026/06/30 2:10 p.m.8 views

MAL-2026-6677 Malicious code in ts-lint-builders-v2.1 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7fc4c23edadea0930347028a24b67219dad6d3cbc4ec0fe1f93e8954425107ad On npm install, the package's postinstall hook node test.js executes a multi-stage attack against the installer. 1 It recursively scans the current...

5.8AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/30 2:10 p.m.6 views

Malicious code in terminal-prettier (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 8c7e821d2559361693f75e32b42a5e7a0eef5d99c723d0e35b06f12fd91e9600 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.8AI score
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/30 12:0 a.m.11 views

PT-2026-53949

Name of the Vulnerable Software and Affected Versions IBM Langflow OSS versions 1.0.0 through 1.10.0 Description Authenticated attackers can execute arbitrary OS commands and read sensitive files, including credentials. This can lead to complete system compromise and lateral movement within the...

9.9CVSS6.1AI score0.00294EPSS
Exploits0References4
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/29 4:53 p.m.9 views

Malicious code in @digitalpharmacist/http-error-util (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware bd3874246d23d6027bd09962515c8e79a0246740ff5fc6f853270c0a40271d18 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.8AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/29 4:53 p.m.8 views

Malicious code in @deel-core/client-payroll-onboarding-types (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 3dfba47c3f4cac91620ccf85b9ffb1923927bd4489f5a4710c89e1d693ac2e61 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.8AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/29 4:53 p.m.10 views

Malicious code in @bscom/styling (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 3b4a6eb2b93e7ac0b6e45f2cc44f23127ef61b7d605b6c64f6bcbc58bdbe4543 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.8AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/29 4:53 p.m.9 views

Malicious code in @concerns/i18n (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b727ee2cbb3fadb59ee0ec7febb6db24f25e775ee3957c6765800a61de44289f Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.8AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/29 4:53 p.m.11 views

Malicious code in @img-hls/vtt.js (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ad530c5830e0148f1b5b34ac28336c1b1468d5a11ffa2ff265368e13199cceb4 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.8AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/29 4:53 p.m.9 views

Malicious code in @e50/utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 10a4c9b9b6682e1c953dc27df1a9f353955b087e65f242c7d03a20f32341dc87 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.8AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/29 4:53 p.m.8 views

Malicious code in @contenteditor-shared/content-editor-common (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware d9fc086285355b04152703d1c9de2c2a48e3b70580c5f8cb02fa60918e52f47a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.8AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/29 4:50 p.m.8 views

Malicious code in @live-backstage-im/communication-chat (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ad217e6f53767b755ad267a2052b4bc35add8ba6cdb6532dfec034c83e3d3426 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.8AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/29 4:48 p.m.7 views

Malicious code in @anna-money/anna-web-lib (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 51ad1206f707247b245f3a828c780fbe27239f1fa15c8a90782617144669af5f Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.8AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/29 4:44 p.m.7 views

Malicious code in wac-atl-context (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 134ebb06205351f90ad8f5b88029b397861c8fd42c9377b993efea372edfa0f9 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.8AI score
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/29 12:33 p.m.8 views

CVE-2026-12856

A flaw was found in the vscode-java extension, which provides Java language support for Visual Studio Code. The extension incorrectly trusts all Markdown content in JavaDoc hovers, allowing a malicious Java file to include hidden commands. If a user clicks a specially crafted link within a JavaDo...

8.8CVSS6.1AI score0.00292EPSS
Exploits0References5
Rows per page
Query Builder