Lucene search
+L

7788 matches found

ossf
ossf
added 2026/07/01 6:35 p.m.7 views

Malicious code in svgson-lite (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ceb1026a96918a3f4ed4c7c4f0aa75411c3869f1ad14405174e396b4e67907d2 index.js exports an undocumented getPlugin function which, when invoked, performs an HTTP GET to https://shorturl.at/147uq, JSON-parses the response...

6.4AI score
Exploits0References8
osv
osv
added 2026/07/01 6:35 p.m.8 views

MAL-2026-6707 Malicious code in svgson-lite (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ceb1026a96918a3f4ed4c7c4f0aa75411c3869f1ad14405174e396b4e67907d2 index.js exports an undocumented getPlugin function which, when invoked, performs an HTTP GET to https://shorturl.at/147uq, JSON-parses the response...

6.4AI score
Exploits0References8
ossf
ossf
added 2026/06/27 7:12 p.m.14 views

Malicious code in ts-ankle (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1695e2ffa9252abe1053fc13895a071bd87cb27eb009eeb2262aae1a27da4ea5 On npm install, [email protected] runs a postinstall hook node test.js that executes two hostile flows against the installer's machine without user...

5.8AI score
Exploits0References2
osv
osv
added 2026/06/27 7:12 p.m.13 views

MAL-2026-6548 Malicious code in ts-ankle (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1695e2ffa9252abe1053fc13895a071bd87cb27eb009eeb2262aae1a27da4ea5 On npm install, [email protected] runs a postinstall hook node test.js that executes two hostile flows against the installer's machine without user...

5.8AI score
Exploits0References2
nvd
nvd
added 2026/06/26 3:16 p.m.6 views

CVE-2026-54833

Unauthenticated Backdoor in Enable CORS = 2.0.3 versions...

7.4CVSS0.00236EPSS
Exploits0References1
cvelist
cvelist
added 2026/06/26 2:52 p.m.33 views

CVE-2026-54833 WordPress Enable CORS plugin <= 2.0.3 - Backdoor vulnerability

Unauthenticated Backdoor in Enable CORS = 2.0.3 versions...

7.4CVSS0.00236EPSS
Exploits0References1
euvd
euvd
added 2026/06/26 2:52 p.m.5 views

EUVD-2026-39677

Unauthenticated Backdoor in Enable CORS = 2.0.3 versions...

7.4CVSS5.8AI score0.00236EPSS
Exploits0References1
cve
cve
added 2026/06/26 2:52 p.m.20 views

CVE-2026-54833

CVE-2026-54833 concerns the WordPress Enable CORS plugin

7.4CVSS5.8AI score0.00236EPSS
Exploits0References1
osv
osv
added 2026/06/26 2:16 p.m.8 views

MAL-2026-6524 Malicious code in ts-einkle (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fa992a8f9afcf95d3c0e35b6abc290ff565b450663f6d43511467cd370eefce8 [email protected] ships a comprehensive installer-side stealer in its main module peer-math.js. On require, syncSession runs a chain packProjectBundle,...

5.8AI score
Exploits0References5
ossf
ossf
added 2026/06/26 10:50 a.m.9 views

Malicious code in inlifegram (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3975a0998bf76dddc25f0138b1d4b408bb06304b3203dc1e62e0110b2b56425f InLifeGram distributes a modified copy of the pyrogram Telegram client library and installs it into the top-level pyrogram import namespace, so impor...

6AI score
Exploits0References3
osv
osv
added 2026/06/26 10:50 a.m.6 views

MAL-2026-6516 Malicious code in inlifegram (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3975a0998bf76dddc25f0138b1d4b408bb06304b3203dc1e62e0110b2b56425f InLifeGram distributes a modified copy of the pyrogram Telegram client library and installs it into the top-level pyrogram import namespace, so impor...

6AI score
Exploits0References3
thn
thn
added 2026/06/26 7:15 a.m.13 views

Google Details Turla's New STOCKSTAY Backdoor Used in Ukraine Espionage Attacks

The Russian state-sponsored threat actor known as Turla has been attributed to a previously undocumented .NET backdoor called STOCKSTAY that has been deployed against government and military organizations in Ukraine, and entities that have an interest in Italian foreign policy. Describing the...

8.8CVSS7.4AI score0.80906EPSS
Exploits35
ossf
ossf
added 2026/06/25 8:40 p.m.8 views

Malicious code in ref-slot (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1e1ef3e785cf6cb007c0b33be2ed43ebe49d64f476bb4fb3a66b914b06def5e1 On npm install, the package's postinstall hook runs node test.js which invokes index.js to perform multi-stage installer compromise. 1 Credential...

5.9AI score
Exploits0References2
osv
osv
added 2026/06/25 8:40 p.m.10 views

MAL-2026-6474 Malicious code in ref-slot (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1e1ef3e785cf6cb007c0b33be2ed43ebe49d64f476bb4fb3a66b914b06def5e1 On npm install, the package's postinstall hook runs node test.js which invokes index.js to perform multi-stage installer compromise. 1 Credential...

5.8AI score
Exploits0References2
ossf
ossf
added 2026/06/25 5:29 a.m.8 views

Malicious code in tokenization-util (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 81f8a194aa79844110dede95f5f8c798d05c04c08f1a4f5d8822124b17c65fa6 The package advertises plain math/formatter helpers but index.js contains a heavily obfuscated payload concealed inside the calculateTokenPrice...

6.1AI score
Exploits0References4
cvelist
cvelist
added 2026/06/24 6:0 a.m.37 views

CVE-2026-10735 ShapedPlugin Multiple Pro Plugins - Backdoor via Compromised Vendor Update Server

Multiple Shapedsmart-post-show-pro WordPress plugin before 4.0.2, Real Testimonials Pro WordPress plugin before 3.2.5, Product Slider for WooCommerce Pro WordPress plugin before 3.5.3 Pro smart-post-show-pro WordPress plugin before 4.0.2, Real Testimonials Pro WordPress plugin before 3.2.5, Produ...

0.00387EPSS
Exploits1References1
ossf
ossf
added 2026/06/23 3:24 p.m.8 views

Malicious code in hashd-edu (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0f8480ae1ab46f8b6f61848c271af2819d88644df8d8f36b04b458103c5d5454 The package ships a full remote-shell backdoor that fires both at install time and at module load time. postinstall.js forks itself as a detached...

6.1AI score
Exploits0References6
osv
osv
added 2026/06/23 3:24 p.m.5 views

MAL-2026-6302 Malicious code in hashd-edu (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0f8480ae1ab46f8b6f61848c271af2819d88644df8d8f36b04b458103c5d5454 The package ships a full remote-shell backdoor that fires both at install time and at module load time. postinstall.js forks itself as a detached...

6.1AI score
Exploits0References6
osv
osv
added 2026/06/23 6:19 a.m.7 views

MAL-2026-6276 Malicious code in node-core-libs (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d33f74e3f73fd5580ecf994b7db0349ee540754d65d4467b8b04b8c79e3d257b scripts/postinstall.js runs automatically on npm install Windows only and behaves as a classic install-time dropper. It XOR-decodes key 0x5A a...

6.4AI score
Exploits0References3
osv
osv
added 2026/06/22 12:0 p.m.13 views

MAL-2026-6279 Malicious code in forge-jsx4 (npm)

forge-jsx4 is a remote access trojan RAT published to the public npm registry by the account rafaelsilva [email protected]. Versions 1.0.122 and 1.0.123 were published on June 21-22, 2026 as a reconstitution of the forge-jsx / forge-jsxy campaign, reusing the same command-and-control...

6.1AI score
Exploits0References3
Rows per page
Query Builder