Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7 matches found

OSSF Malicious Packages
OSSF Malicious Packagesadded 2026/05/19 12:0 a.m.8 views

Malicious code in @antv/stat (npm)

Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...

5.8AI score
Exploits0References4
The Hacker News
The Hacker Newsadded 2026/04/30 4:31 p.m.10 views

PyTorch Lightning and Intercom-client Hit in Supply Chain Attacks to Steal Credentials

In yet another software supply chain attack, threat actors have managed to compromise the popular Python package Lightning to push two malicious versions to conduct credential theft. According to Aikido Security, OX Security, Socket, and StepSecurity, the two malicious versions are versions 2.6.2...

6AI score
Exploits0
Cvelist
Cvelistadded 2023/03/10 8:56 p.m.15 views

CVE-2023-27577 Path Traversal Vulnerability in `LESS` Parser allows reading of sensitive server files in flarum

flarum is a forum software package for building communities. In versions prior to 1.7.0 an admin account which has already been compromised by an attacker may use a vulnerability in the LESS parser which can be exploited to read sensitive files on the server through the use of path traversal...

6.6CVSS6.6AI score0.00851EPSS
Exploits0References2
Hacker One
Hacker Oneadded 2023/01/13 2:47 p.m.63 views

U.S. Dept Of Defense: Reflected XSS at ████████

A reflected cross-site scripting XSS vulnerability was discovered in the dochelper feature of a certain domain. An attacker could inject a crafted script into the userId parameter, which would execute when the victim user accessed the page, potentially allowing the attacker to steal the victim's...

6.1CVSS5.9AI score0.01028EPSS
Exploits0
Hacker One
Hacker Oneadded 2021/05/13 6:21 a.m.15 views

Reddit: User Account has been taken out

By using BruteForce with random passwords, we have succedded the account Impact Account can be taken out...

3.3AI score
Exploits0
The Hacker News
The Hacker Newsadded 2011/05/12 8:0 a.m.7 views

Script that gives hackers access to user accounts floods Facebook !

A widespread hack spread across Facebook early Thursday morning and shows no signs of abating as of yet. It comes in the form of a script that posts heavily profanity-laden wall posts continuously, instructing you that the only way to remove the posts is to click a 'Remove This App' link...

6.8AI score
Exploits0
The Hacker News
The Hacker Newsadded 2011/03/23 9:50 p.m.6 views

Email & Bank Account of DIRECTOR,Indian Ministry of Communications & IT Hacked by Zcompany Hacking Crew !

Email & Bank Account of DIRECTOR,Indian Ministry of Communications & IT Hacked by Zcompany Hacking Crew ! Last Night 24 March,2011 we The Hacker News got an email from id of Amar Singh Meena,DIRECTOR TTEC, Ministry of Communications & IT. But this email was sent by a Hacker from his email id havi...

6.8AI score
Exploits0
Rows per page
Query Builder