Lucene search
K

205 matches found

Snyk
Snyk
added 2025/08/14 3:31 p.m.1 views

Malicious Package

Overview boardpostingduo is a malicious package. This package contains malicious code, and its content was removed from the official package manager. The package appears to be part of a larger campaign targeting user credentials. It, and several other variations, masquerade as automation tools fo...

8.6CVSS6.9AI score
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2025/08/09 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2022-40617

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - strongSwan before 5.9.8 allows remote attackers to cause a denial of service in the revocation plugin by sending a crafted end-entity and intermediate CA...

7.5CVSS9.1AI score0.01634EPSS
Exploits0References2
OSV
OSV
added 2025/07/02 8:15 p.m.5 views

CVE-2025-34074

An authenticated remote code execution vulnerability exists in Lucee’s administrative interface due to insecure design in the scheduled task functionality. An administrator with access to /lucee/admin/web.cfm can configure a scheduled job to retrieve a remote .cfm file from an attacker-controlled...

9.4CVSS6.6AI score0.01134EPSS
Exploits1References3
CNNVD
CNNVD
added 2025/06/30 12:0 a.m.7 views

Intersections Hotspot Shield VPN 注入漏洞

Intersections Hotspot Shield VPN is a virtual private network VPN service product from Intersections, Inc. Intersections Hotspot Shield VPN suffers from an injection vulnerability that stems from an injection issue in the processing of the Host header, which could result in request redirection or...

2.3CVSS7.2AI score0.00269EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 3:19 a.m.5 views

CVE-2023-23848

Missing permission checks in Synopsys Jenkins Coverity Plugin 3.0.2 and earlier allow attackers with Overall/Read permission to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

4.3CVSS6.7AI score0.0052EPSS
Exploits0References1
OSV
OSV
added 2025/05/22 2:31 p.m.6 views

CVE-2025-0993 Allocation of Resources Without Limits or Throttling in GitLab

An issue has been discovered in GitLab CE/EE affecting all versions before 17.10.7, 17.11 before 17.11.3, and 18.0 before 18.0.1. This could allow an authenticated attacker to cause a denial of service condition by exhausting server resources...

7.5CVSS8.2AI score0.00484EPSS
Exploits0References5
CVE
CVE
added 2025/05/22 2:31 p.m.118 views

CVE-2025-0993

CVE-2025-0993 affects GitLab CE/EE, all versions before 17.10.7, 17.11 before 17.11.3, and 18.0 before 18.0.1. The issue can allow an authenticated attacker to cause a denial of service by exhausting server resources, with high availability impact. The provided documents do not include a concrete...

7.5CVSS7.1AI score0.00484EPSS
Exploits0References2Affected Software1
Debian CVE
Debian CVE
added 2025/05/22 2:31 p.m.7 views

CVE-2025-0993

Removed by vendor...

7.5CVSS7.5AI score0.00484EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/22 10:25 a.m.10 views

CVE-2019-10389

A missing permission check in Jenkins Relution Enterprise Appstore Publisher Plugin 1.24 and earlier allows attackers to have Jenkins initiate an HTTP connection to an attacker-specified server...

4.3CVSS6.7AI score0.00615EPSS
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/04/22 4:49 a.m.6 views

Malicious code in concurrent-hashmap (npm)

This package runs a post-install script that exfils sensitive data to a attacker-controlled server. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b043630941c12131f7d10fdb97608a15c397c2cf21e74116aa2fd89a1840a58e Any computer that has this package installed or runni...

6.8AI score
Exploits0References1
Packet Storm
Packet Storm
added 2025/04/15 12:0 a.m.230 views

📄 SilverStripe 5.3.8 Cross Site Scripting

SilverStripe version 5.34.8 suffers from a persistent cross site scripting vulnerability. Exploit Title: SilverStripe 5.3.8 - Stored Cross Site Scripting XSS Authenticated Date: 2025-01-15 Exploit Author: James Nicoll Vendor Homepage: https://www.silverstripe.org/ Software Link:...

5.4CVSS6.2AI score0.01108EPSS
Exploits2
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/01/30 4:14 p.m.5 views

Malicious code in hardhat-configs (npm)

This package exfiltrates sensitive Ethereum-related data such as mnemonics and private keys to an attacker-controlled server. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 98317ddb2bbad731c7576eb5f64b3a91f7e6f7bd135fa5ef05b7a2ad3da15992 Any computer that has this...

6.8AI score
Exploits0References1
OSV
OSV
added 2025/01/30 4:14 p.m.5 views

MAL-2025-623 Malicious code in @nomicsfondation/hardhat-configs (npm)

This package exfiltrates sensitive Ethereum-related data such as mnemonics and private keys to an attacker-controlled server. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 72a47b5bdfeac96982433856ac791ab0638f2d6f64f388ceb2a284f35597c37a Any computer that has this...

6.9AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/01/30 4:14 p.m.3 views

Malicious code in @nomicsfondation/hardhat-configs (npm)

This package exfiltrates sensitive Ethereum-related data such as mnemonics and private keys to an attacker-controlled server. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 72a47b5bdfeac96982433856ac791ab0638f2d6f64f388ceb2a284f35597c37a Any computer that has this...

6.8AI score
Exploits0References1
CNVD
CNVD
added 2025/01/23 12:0 a.m.2 views

Fortinet FortiPortal SQL Injection Vulnerability (CNVD-2025-14318)

Fortinet FortiPortal is an advanced, feature-rich hosted security analysis and management support tool for Fortinet's FortiGate, FortiWiFi and FortiAP product lines, available as a virtual machine for MSPs. Fortinet FortiPortal suffers from a SQL injection vulnerability that stems from improper...

4.3CVSS7AI score0.00359EPSS
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/01/21 5:53 p.m.5 views

Malicious code in cschalk-next (npm)

This package exfiltrates API keys to an attacker-controlled server. It also has destructive functionality to delete development-related directories. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 91aaf0d72370eff4321359a559af7a578a16bb5aeefeedd6ec52ae25b8297a21 Any...

6.9AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/01/21 5:53 p.m.6 views

Malicious code in achalk-next (npm)

This package exfiltrates API keys to an attacker-controlled server. It also has destructive functionality to delete development-related directories. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b543eb1092108748ab3abd00741f5f1d0b181f326ba147792f883aed8d837697 Any...

6.9AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/01/09 5:22 p.m.3 views

Malicious code in hardhat-dotenv (npm)

The package contains code to exfiltrate environment variables to an attacker-controlled server. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 3339a5b064b412e57a50444acb2bd685d7e5e7684e6d9ceaa0f1c31ff1f97454 Any computer that has this package installed or running...

7.1AI score
Exploits0References1
Snyk
Snyk
added 2024/12/23 7:51 p.m.1 views

Malicious Package

Overview Cometlogger is a malicious package. This package steals sensitive information including tokens, browsing history, and passwords, which are sent to an server under the attacker's control. It uses VM-detection avoidance techniques and dynamic file modification at runtime. Remediation Avoid...

9.8CVSS6.7AI score
Exploits0References2
Snyk
Snyk
added 2024/12/23 7:48 p.m.3 views

Malicious Package

Overview zebo is a malicious package. This package steals information from the victim by logging keystrokes and taking screen captures, which are exfiltrated to a server under the attacker's control. Remediation Avoid using all malicious instances of the zebo package. References - Fortinet Report...

9.8CVSS6.7AI score
Exploits0References2
Rows per page
Query Builder