Lucene search
K

79 matches found

CVE
CVE
added 2026/06/22 10:16 p.m.34 views

CVE-2026-54232

vLLM prior to 0.22.1 is affected by a dependency confusion flaw in its Dockerfile. The vulnerability arises from installing flashinfer-jit-cache from a private index (flashinfer.ai/whl/) via --extra-index-url while the package name was not registered on PyPI and UV_INDEX_STRATEGY is set to unsafe...

8.8CVSS6.2AI score0.00304EPSS
Exploits1References1Affected Software1
The Hacker News
The Hacker News
added 2026/06/22 6:0 p.m.11 views

ShapedPlugin WordPress Pro Plugins Backdoored in Supply Chain Attack

Multiple WordPress plugins from ShapedPlugin were compromised in a supply chain attack after unknown threat actors managed to tamper with the official release channels and push backdoor code. "Attackers compromised the vendor's build and distribution pipeline, injecting backdoor code into Pro...

7.5CVSS6.2AI score0.00387EPSS
Exploits1
Packet Storm News
Packet Storm News
added 2026/06/01 12:0 a.m.9 views

Patcher: Post-Hoc Patching of Backdoored Large Language Models

Large language models remain vulnerable to jailbreak backdoor attacks, where adversaries poison safety alignment data to embed hidden triggers that bypass safety mechanisms. Existing defenses often require comprehensive attack information or multiple triggered examples, making them impractical wh...

5.8AI score
Exploits0
Snyk
Snyk
added 2026/05/31 9:0 p.m.7 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code linked to the "Miasma" supply chain attack targeting the @redhat-cloud-services npm namespace. A malicious actor compromised the publication pipeline and published versions containing malicious code that includes...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/05/31 9:0 p.m.18 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code linked to the "Miasma" supply chain attack targeting the @redhat-cloud-services npm namespace. A malicious actor compromised the publication pipeline and published versions containing malicious code that includes...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/05/31 9:0 p.m.19 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code linked to the "Miasma" supply chain attack targeting the @redhat-cloud-services npm namespace. A malicious actor compromised the publication pipeline and published versions containing malicious code that includes...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/05/31 9:0 p.m.10 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code linked to the "Miasma" supply chain attack targeting the @redhat-cloud-services npm namespace. A malicious actor compromised the publication pipeline and published versions containing malicious code that includes...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/05/31 9:0 p.m.11 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code linked to the "Miasma" supply chain attack targeting the @redhat-cloud-services npm namespace. A malicious actor compromised the publication pipeline and published versions containing malicious code that includes...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/05/31 9:0 p.m.14 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code linked to the "Miasma" supply chain attack targeting the @redhat-cloud-services npm namespace. A malicious actor compromised the publication pipeline and published versions containing malicious code that includes...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/05/31 9:0 p.m.9 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code linked to the "Miasma" supply chain attack targeting the @redhat-cloud-services npm namespace. A malicious actor compromised the publication pipeline and published versions containing malicious code that includes...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/05/31 9:0 p.m.10 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code linked to the "Miasma" supply chain attack targeting the @redhat-cloud-services npm namespace. A malicious actor compromised the publication pipeline and published versions containing malicious code that includes...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/05/31 9:0 p.m.10 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code linked to the "Miasma" supply chain attack targeting the @redhat-cloud-services npm namespace. A malicious actor compromised the publication pipeline and published versions containing malicious code that includes...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/05/31 9:0 p.m.9 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code linked to the "Miasma" supply chain attack targeting the @redhat-cloud-services npm namespace. A malicious actor compromised the publication pipeline and published versions containing malicious code that includes...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/05/31 9:0 p.m.11 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code linked to the "Miasma" supply chain attack targeting the @redhat-cloud-services npm namespace. A malicious actor compromised the publication pipeline and published versions containing malicious code that includes...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/05/31 9:0 p.m.10 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code linked to the "Miasma" supply chain attack targeting the @redhat-cloud-services npm namespace. A malicious actor compromised the publication pipeline and published versions containing malicious code that includes...

9.8CVSS5.8AI score
Exploits0References2
OSV
OSV
added 2026/05/20 5:29 p.m.18 views

MAL-2026-4773 Malicious code in vlifegram (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8771013473b84f29159a80ec15ce3e9897bc69908ddfa2438845811dd276d87c VLifeGram is published under its own name on PyPI but installs into the pyrogram/ namespace and ships a Pyrogram fork at version 2.1.2.4. It adds an...

6.2AI score
Exploits0References1
The Hacker News
The Hacker News
added 2026/04/10 6:28 a.m.4 views

Backdoored Smart Slider 3 Pro Update Distributed via Compromised Nextend Servers

Unknown threat actors have hijacked the update system for the Smart Slider 3 Pro plugin for WordPress and Joomla to push a poisoned version containing a backdoor. The incident impacts Smart Slider 3 Pro version 3.5.1.35 for WordPress, per WordPress security company Patchstack. Smart Slider 3 is a...

6.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/04/08 12:0 a.m.5 views

SkillTrojan: Backdoor Attacks on Skill-Based Agent Systems

Skill-based agent systems tackle complex tasks by composing reusable skills, improving modularity and scalability while introducing a largely unexamined security attack surface. We propose SkillTrojan, a backdoor attack that targets skill implementations rather than model parameters or training...

6AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/04/07 12:0 a.m.6 views

Your LLM Agent Can Leak Your Data: Data Exfiltration Via Backdoored Tool Use

Tool-use large language model LLM agents are increasingly deployed to support sensitive workflows, relying on tool calls for retrieval, external API access, and session memory management. While prior research has examined various threats, the risk of systematic data exfiltration by backdoored...

5.9AI score
Exploits0
Wired Threat Level
Wired Threat Level
added 2026/02/04 7:52 p.m.8 views

Notepad++ Users, You May Have Been Hacked by China

Suspected Chinese state-backed hackers hijacked the Notepad++ update infrastructure to deliver a backdoored version of the popular free source code editor and note-taking app for Windows...

5.5AI score
Exploits0
Rows per page
Query Builder