Lucene search
K

317 matches found

OSSF Malicious Packages
OSSF Malicious Packages
added 4 days ago8 views

Malicious code in fastify-addone (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 21b9e477cff478ab071039c18c3adb6577a07cc1d82687b9e7d7cd2594dc9ddf The package presents itself as fastify-plugin name fastify-addone, repository/homepage/bugs fields point at fastify/fastify-plugin and copies that...

6AI score
Exploits0References2
Cvelist
Cvelist
added 4 days ago38 views

CVE-2026-60108 Zeek < 8.0.9 Uncontrolled Memory Consumption DoS via FTP Analyzer

Zeek before 8.0.9 contains an uncontrolled memory consumption vulnerability in the FTP analyzer that allows unauthenticated remote attackers to cause process termination by sending a crafted FTP control session negotiating AUTH GSSAPI followed by a large ADAT control line. Attackers can exploit t...

8.7CVSS0.00436EPSS
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 6 days ago6 views

Malicious code in express-mongo-limit (npm)

The npm package express-mongo-limit masquerades as an Express/MongoDB payload sanitization middleware likely typosquatting express-mongo-sanitize but is a credential stealer, remote-code-execution backdoor, crypto clipboard hijacker, and screenshot spyware. It declares a postinstall: node index.j...

6.2AI score
Exploits0References7
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/29 4:9 a.m.11 views

Malicious code in date-uuid (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 58dffbe61370f78deed5bacbc8f6bc46a8a989f03da218643a41b52ed025fa6a Package advertised as a UUIDv7 helper, but on require/import it auto-invokes extractDateISO in bootstrap.js, which reads README.md from process.cwd,...

5.8AI score
Exploits0References5
OSV
OSV
added 2026/06/29 4:9 a.m.7 views

MAL-2026-6566 Malicious code in date-uuid (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 58dffbe61370f78deed5bacbc8f6bc46a8a989f03da218643a41b52ed025fa6a Package advertised as a UUIDv7 helper, but on require/import it auto-invokes extractDateISO in bootstrap.js, which reads README.md from process.cwd,...

5.8AI score
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2026/06/27 12:0 a.m.8 views

SUSE SLES12: libpython2_7-1_0 / libpython2_7-1_0-32bit / python / python-32bit / etc (SUSE-SU-2026:2664-1)

The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2664-1 advisory. This update for python, python-base, python-doc fixes the following issues Security fixes: - CVE-2026-1703: files may be extracted outside the...

9.1CVSS7.8AI score0.00579EPSS
Exploits2References23
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/26 9:19 p.m.11 views

Malicious code in db-query-log (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4928f7d380b79104d997e7666603726873158508c38d2c75a90c7529dd196be3 The package presents itself as a database query helper but index.js defines a method queryDBConnect that base64-decodes a hardcoded URL pointing to...

6.2AI score
Exploits0References3
OSV
OSV
added 2026/06/26 12:23 p.m.2 views

SUSE-SU-2026:2655-1 Security update for python36

This update for python36 fixes the following issues: - CVE-2026-3446: Base64 decoding stops at first padded quad by default bsc1261970...

6CVSS5.8AI score0.00188EPSS
Exploits0References4
NVD
NVD
added 2026/06/24 4:16 p.m.7 views

CVE-2026-56121

Feast before 0.63.0 contains an unsafe deserialization vulnerability that allows unauthenticated or unauthorized attackers to achieve remote code execution by sending a crafted gRPC request to the registry server. The userdefinedfunction.body field of an OnDemandFeatureView spec is decoded from...

9.8CVSS0.00862EPSS
Exploits1References7
Vulnrichment
Vulnrichment
added 2026/06/24 2:49 p.m.16 views

CVE-2026-56121 Feast < 0.63.0 Unauthenticated RCE via ApplyFeatureView gRPC Deserialization

Feast before 0.63.0 contains an unsafe deserialization vulnerability that allows unauthenticated or unauthorized attackers to achieve remote code execution by sending a crafted gRPC request to the registry server. The userdefinedfunction.body field of an OnDemandFeatureView spec is decoded from...

9.8CVSS6.8AI score0.00862EPSS
Exploits1References4
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/24 3:58 a.m.11 views

Malicious code in rollup-runtime-polyfill-core (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 90dc8536f81ef2ffbd391877bbe1eefbefc900081ef6eaa9848548177c233167 Package name mimics the legitimate rollup-plugin-polyfill-node and copies its source the repository field in package.json points to...

6.3AI score
Exploits0References4
OSV
OSV
added 2026/06/24 3:58 a.m.19 views

MAL-2026-6372 Malicious code in rollup-runtime-polyfill-core (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 90dc8536f81ef2ffbd391877bbe1eefbefc900081ef6eaa9848548177c233167 Package name mimics the legitimate rollup-plugin-polyfill-node and copies its source the repository field in package.json points to...

6.3AI score
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.18 views

PT-2026-51837

Name of the Vulnerable Software and Affected Versions Feast versions prior to 0.63.0 Description An unsafe deserialization issue exists in the registry server that allows unauthenticated or unauthorized attackers to achieve remote code execution. By sending a crafted gRPC request, an attacker can...

9.8CVSS6.3AI score0.00862EPSS
Exploits1References10
OSV
OSV
added 2026/06/23 4:11 p.m.7 views

MAL-2026-6317 Malicious code in ts-bn-lint (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e591f0b407bc22e3abe20da9207df2d2922f75d98ab97aaa62557ca88b8fc349 [email protected] is a credential harvester disguised as a TypeScript/lint utility. index.js defines decodeStr which base64-decodes all operationally...

5.9AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/22 9:53 p.m.14 views

Malicious code in zod-pino (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c536e5a7ee3d5542e1ac822b30ba4525e52b2ae0c964d0c2470468d91b9b41c8 The package is published under a name suggesting a Pino logger integration for Zod, but the tarball contents do not match that purpose and exhibit...

5.9AI score
Exploits0References7
OSV
OSV
added 2026/06/22 9:53 p.m.9 views

MAL-2026-6273 Malicious code in zod-pino (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c536e5a7ee3d5542e1ac822b30ba4525e52b2ae0c964d0c2470468d91b9b41c8 The package is published under a name suggesting a Pino logger integration for Zod, but the tarball contents do not match that purpose and exhibit...

5.9AI score
Exploits0References7
OSV
OSV
added 2026/06/19 3:0 p.m.12 views

MAL-2026-6218 Malicious code in chai-as-attested (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 88e27467366a90f482eb47476458b1f74d5a41ac63371572e527f2e60e4e0b51 Package impersonates a pino-style logger exports module.exports.pino, ships pino-like DEFAULTLEVELS, keywords fast/logger/stream/json but the exporte...

5.9AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/19 2:13 p.m.11 views

Malicious code in new-ts-helper (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c3721ae4cecdfa22793382d07d28a25ba5fabd54ac405cb94e642a1f96faee80 index.js imports childprocess and at lines 101 and 117 invokes execSync to run bash and zsh commands. Lines 9, 194, and 195 use Buffer.from...,...

5.9AI score
Exploits0References2
OSV
OSV
added 2026/06/19 9:44 a.m.4 views

SUSE-SU-2026:2464-1 Security update for python313

This update for python313 fixes the following issues Security issues: - CVE-2026-1502: HTTP client proxy tunnel headers not validated for CR/LF bsc1261969. - CVE-2026-3446: Base64 decoding stops at first padded quad by default bsc1261970. - CVE-2026-4786: oss-security CPython: Incomplete mitigati...

9.1CVSS6.3AI score0.00579EPSS
Exploits1References13
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/19 3:59 a.m.9 views

Malicious code in mjs-eslint-helper (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3320fa37492448acdf24a86f8a8735a3fc4d3b329ad156e299a8089df39e2f28 The package decodes base64 string literals via Buffer.from..., 'base64'.toString and pipes the resulting content into execSync'bash...' and...

6.4AI score
Exploits0References2
Rows per page
Query Builder