Lucene search
K

1121 matches found

Snyk
Snyk
added 2026/07/04 9:0 p.m.5 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code and was identified as part of the PolinRider supply chain campaign, linked to North Korean threat actors associated with the Contagious Interview/Famous Chollima activity...

9.8CVSS6AI score
Exploits0References2
Snyk
Snyk
added 2026/07/04 9:0 p.m.2 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code and was identified as part of the PolinRider supply chain campaign, linked to North Korean threat actors associated with the Contagious Interview/Famous Chollima activity...

9.8CVSS6AI score
Exploits0References2
Snyk
Snyk
added 2026/07/04 9:0 p.m.4 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code and was identified as part of the PolinRider supply chain campaign, linked to North Korean threat actors associated with the Contagious Interview/Famous Chollima activity...

9.8CVSS6AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/07/04 12:24 p.m.9 views

Malicious code in yt-api-dlp (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d4710e1aa4fe025aaed51f4958f3b514a6cb950b40069f424c7a5d9a2f85591c Package name yt-api-dlp is a single-token insertion away from the widely-used yt-dlp package, and the tarball contains a near-verbatim copy of the...

6AI score
Exploits0References6
OSV
OSV
added 2026/07/04 12:24 p.m.6 views

MAL-2026-6754 Malicious code in yt-api-dlp (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d4710e1aa4fe025aaed51f4958f3b514a6cb950b40069f424c7a5d9a2f85591c Package name yt-api-dlp is a single-token insertion away from the widely-used yt-dlp package, and the tarball contains a near-verbatim copy of the...

6.1AI score
Exploits0References6
The Hacker News
The Hacker News
added 2026/06/29 5:36 a.m.62 views

Hijacked npm and Go Packages Use VS Code Tasks to Deploy Python Infostealer

Cybersecurity researchers have uncovered two hijacked npm packages and a cluster of Go packages that are designed to deploy a Python-based information stealer on compromised Windows, Linux, and macOS hosts. "This attack avoids the most common npm execution paths through lifecycle scripts, perhaps...

6.3AI score
Exploits0
The Hacker News
The Hacker News
added 2026/06/26 11:5 a.m.6 views

Miasma Malware Targets npm Packages and GitHub Actions in Supply Chain Attack

Cybersecurity researchers have flagged yet another evolution of the supply chain attack linked to the Mini Shai-Hulud, Miasma, and Hades malware family that has compromised a new set of npm packages, even as it has propagated to the Go ecosystem. "The latest activity includes malicious npm releas...

6.5AI score
Exploits0
OSV
OSV
added 2026/06/25 6:43 p.m.10 views

MAL-2026-6472 Malicious code in tailwindcss-effector (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4780f88b1924c1d5104a4ea18803a0180e9339e5c9a9bf787f9ed4901e1729e3 src/index.js appends a heavily obfuscated async IIFE after a legitimate-looking TailwindCSS plugin. On import, the IIFE issues HTTPS requests to remo...

6AI score
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/11 2:59 a.m.13 views

CVE-2026-46540

Nimiq is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. Prior to version 1.4.0, when LightBlockchain::rebranch adopts a fork chain whose tip is a macro block checkpoint or election, it only updates self.head but fails to update self.macrohea...

6.5CVSS5.3AI score0.00259EPSS
Exploits0References1
OSV
OSV
added 2026/06/11 2:53 a.m.11 views

MAL-2026-5557 Malicious code in janus-ft (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8d7caaba8f20d0f04bcb79ab4046d34bea20b858ed3fc37931c76109b366835f On npm install, the package's postinstall.js script harvests installer-side secrets and ships them to a hardcoded bare-IP C2 endpoint. Specifically, ...

5.6AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/11 2:53 a.m.14 views

Malicious code in janus-ft (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8d7caaba8f20d0f04bcb79ab4046d34bea20b858ed3fc37931c76109b366835f On npm install, the package's postinstall.js script harvests installer-side secrets and ships them to a hardcoded bare-IP C2 endpoint. Specifically, ...

5.6AI score
Exploits0References2
CVE
CVE
added 2026/06/09 11:47 p.m.25 views

CVE-2026-46543

CVE-2026-46543 (Nimiq blockchain) affects the Rust implementation

5.3CVSS5.5AI score0.00291EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/06/09 11:47 p.m.9 views

CVE-2026-46543 nimiq-blockchain: Genesis batch set request

Nimiq is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. Prior to version 1.5.0, a remote peer can crash any full node by sending a RequestBatchSet message containing the genesis block's hash. The handler calls getepochchunks which iterates...

5.3CVSS5.5AI score0.00291EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/09 11:45 p.m.11 views

EUVD-2026-35882

Nimiq is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. Prior to version 1.4.0, iIn handledhtget, the DhtResults accumulator is only initialized when the first DHT record passes verification. If the first record fails from a malicious DHT...

7.5CVSS5.4AI score0.00346EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/09 11:45 p.m.35 views

CVE-2026-46540 Nimiq light-blockchain: Light blockchain rebranch issue

Nimiq is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. Prior to version 1.4.0, when LightBlockchain::rebranch adopts a fork chain whose tip is a macro block checkpoint or election, it only updates self.head but fails to update self.macrohea...

6.5CVSS0.00259EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/06/09 11:45 p.m.9 views

CVE-2026-46540 Nimiq light-blockchain: Light blockchain rebranch issue

Nimiq is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. Prior to version 1.4.0, when LightBlockchain::rebranch adopts a fork chain whose tip is a macro block checkpoint or election, it only updates self.head but fails to update self.macrohea...

6.5CVSS5.3AI score0.00259EPSS
Exploits0References3
CVE
CVE
added 2026/06/09 11:45 p.m.21 views

CVE-2026-46540

Nimiq light-blockchain (Rust, Albatross) had a bug in LightBlockchain::rebranch() before v1.4.0: when forking to a macro-block tip (checkpoint or election), it updated only head and did not refresh macro_head, election_head, current_validators, or store the election header. This mismatch with the...

6.5CVSS5.3AI score0.00259EPSS
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/09 7:53 a.m.11 views

Malicious code in blockchain-helper-0 (npm)

Note: This report is updated by a verification record Crypto/SSH/wallet stealer self-labeled "CRYPTO STEALER". postinstall scripts/postinstall.js auto-execs, src/index.js harvests /.ssh/idrsa + wallet keys/seeds + env and exfils to hardcoded Telegram bot...

6AI score
Exploits0References2
OSV
OSV
added 2026/06/09 7:53 a.m.9 views

MAL-2026-5352 Malicious code in blockchain-helper-0 (npm)

Note: This report is updated by a verification record Crypto/SSH/wallet stealer self-labeled "CRYPTO STEALER". postinstall scripts/postinstall.js auto-execs, src/index.js harvests /.ssh/idrsa + wallet keys/seeds + env and exfils to hardcoded Telegram bot...

6.1AI score
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/05 7:38 p.m.10 views

CVE-2026-34066

nimiq-blockchain provides persistent block storage for Nimiq's Rust implementation. Prior to version 1.3.0, HistoryStore::puthistorictxns uses an assert! to enforce invariants about HistoricTransaction.blocknumber must be within the macro block being pushed and within the same epoch. During histo...

5.3CVSS5.5AI score0.00242EPSS
Exploits0References1
Rows per page
Query Builder