Lucene search
K

412 matches found

EUVD
EUVD
added 14 hours ago5 views

EUVD-2026-43587

SAP NetWeaver Application Server Java allows an unauthenticated attacker to inject malicious JavaScript through crafted URLs. When a victim accesses such a URL, the script executes in the user's browser, allowing the attacker to access sensitive session information and modify non-sensitive data...

8.2CVSS6.1AI score
Exploits0References2
OSV
OSV
added 2026/07/06 3:6 a.m.4 views

MAL-2026-6794 Malicious code in zod-pino434 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 599a5d533bf699156b78f5296f643227bf3e43d8e46f2adabfe250205a05bd26 Package name zod-pino434 and package.json description Node.js integration layer for Autodesk Forge do not match the shipped code. On npm install, the...

6AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/28 11:3 a.m.9 views

Malicious code in fsociety-tools (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 88731d75288f663967fc64dde12b04eb43a2eb3d4113486bf35b1cf3d89ae537 On import, fsocietytools/init.py loads tokens.py, which at module load time instantiates TokenManager. The constructor concatenates eight large strin...

5.9AI score
Exploits0References4
OSV
OSV
added 2026/06/28 11:3 a.m.6 views

MAL-2026-6558 Malicious code in fsociety-tools (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 88731d75288f663967fc64dde12b04eb43a2eb3d4113486bf35b1cf3d89ae537 On import, fsocietytools/init.py loads tokens.py, which at module load time instantiates TokenManager. The constructor concatenates eight large strin...

5.9AI score
Exploits0References4
OSV
OSV
added 2026/06/27 8:52 p.m.11 views

MAL-2026-6549 Malicious code in discord-token-generator (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ebd016cfcb52b59c0141268099b96c1336a15ca1d0afce46f367c7fe376f57de discordtokengenerator/init.py imports tokens.py, which instantiates TokenManager at module load. The constructor calls notin, which concatenates eigh...

5.9AI score
Exploits0References6
OSV
OSV
added 2026/06/20 7:24 p.m.10 views

MAL-2026-6246 Malicious code in d0rk3r (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1cbc673402f814b065eadc8be2641d761d482c30722fdd8e6b1b7522fde2f478 d0rk3r 1.0.5 is advertised as a Shodan IP scraper with proxy rotation, but the sdist ships no Python source — only LICENSE, README, pyproject.toml,...

6.1AI score
Exploits0References17
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/20 7:24 p.m.12 views

Malicious code in d0rk3r (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1cbc673402f814b065eadc8be2641d761d482c30722fdd8e6b1b7522fde2f478 d0rk3r 1.0.5 is advertised as a Shodan IP scraper with proxy rotation, but the sdist ships no Python source — only LICENSE, README, pyproject.toml,...

6AI score
Exploits0References17
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/20 7:8 p.m.16 views

Malicious code in d0rk3r-telemetry (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector da4542d225ef144ecc5df2f578104ffc12659196c57b2214ecb54f60620601c6 On import d0rk3rtelemetry, the package spawns a background thread that reads installer-owned secrets and POSTs them to an attacker-controlled endpoin...

6AI score
Exploits0References3
OSV
OSV
added 2026/06/20 7:8 p.m.10 views

MAL-2026-6244 Malicious code in d0rk3r-telemetry (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector da4542d225ef144ecc5df2f578104ffc12659196c57b2214ecb54f60620601c6 On import d0rk3rtelemetry, the package spawns a background thread that reads installer-owned secrets and POSTs them to an attacker-controlled endpoin...

6AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/20 6:47 p.m.11 views

Malicious code in request-cache-py (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector eafb96e46544cb1351d26caf52bff79055bc205a1f8454737b677fff8fbc6fea request-cache-py impersonates the legitimate requests-cache HTTP caching library. On import requestcachepy, the package's init.py starts a background...

6.1AI score
Exploits0References12
OSV
OSV
added 2026/06/20 6:47 p.m.8 views

MAL-2026-6245 Malicious code in request-cache-py (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector eafb96e46544cb1351d26caf52bff79055bc205a1f8454737b677fff8fbc6fea request-cache-py impersonates the legitimate requests-cache HTTP caching library. On import requestcachepy, the package's init.py starts a background...

6.1AI score
Exploits0References12
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/17 9:32 p.m.13 views

Malicious code in syncagents (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector aebf468a6887fb09002d4ae4aceab77e347034b389b02e252844f7d0d81fabd6 The PyPI package 'syncagents' impersonates the legitimate PyPI package 'agentsync' — the README, PKG-INFO, CHANGELOG, and project URLs all point at...

5.9AI score
Exploits0References6
OSV
OSV
added 2026/06/17 9:32 p.m.19 views

MAL-2026-6083 Malicious code in syncagents (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector aebf468a6887fb09002d4ae4aceab77e347034b389b02e252844f7d0d81fabd6 The PyPI package 'syncagents' impersonates the legitimate PyPI package 'agentsync' — the README, PKG-INFO, CHANGELOG, and project URLs all point at...

5.9AI score
Exploits0References6
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/15 3:50 p.m.13 views

Malicious code in sam-package (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 26e593046a8f405a1a571d19aaa6bd46db57c4a22fce4b9acfc114dd4eb8ffb6 [email protected] is a malicious package whose only purpose is to deliver a prompt-injection payload targeting AI coding assistants Copilot, Cursor,...

5.4AI score
Exploits0References19
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/11 9:23 p.m.13 views

Malicious code in pylogxo (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bbeee018f429f5a978b85aa3999c8e24251a85dc787b1e4fd673abcabf157800 On import pylogx, the package spawns a background thread that sleeps 5-20 seconds, force-installs sensitive third-party packages cryptography,...

5.9AI score
Exploits0References3
OSV
OSV
added 2026/06/11 9:23 p.m.12 views

MAL-2026-5679 Malicious code in pylogxo (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bbeee018f429f5a978b85aa3999c8e24251a85dc787b1e4fd673abcabf157800 On import pylogx, the package spawns a background thread that sleeps 5-20 seconds, force-installs sensitive third-party packages cryptography,...

6AI score
Exploits0References3
OSV
OSV
added 2026/06/09 3:16 p.m.10 views

MAL-2026-5342 Malicious code in kecak256 (npm)

kecak256 is a typosquat of the popular keccak256 package one c dropped that ships a credential-stealing payload executed automatically on install. The package spoofs the legitimate keccak256 project — author "Miguel Mota", matching description, README, and keywords — and includes a benign decoy...

6.2AI score
Exploits0References6
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/08 7:20 p.m.16 views

Malicious code in nerfstudio-gs (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 68238d06ff6ba3548296464666c6d1390341e99d19ee053f7b36170a5e266d71 No suspicious behaviors were observed in this package version. No install-time network activity, no credential or environment scraping, no obfuscated...

6.2AI score
Exploits0References2
OSV
OSV
added 2026/06/08 7:20 p.m.11 views

MAL-2026-5333 Malicious code in nerfstudio-gs (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 68238d06ff6ba3548296464666c6d1390341e99d19ee053f7b36170a5e266d71 No suspicious behaviors were observed in this package version. No install-time network activity, no credential or environment scraping, no obfuscated...

6.3AI score
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/05 7:42 p.m.9 views

CVE-2025-10503

The authentication endpoint accepts user-supplied input without enforcing expected validation constraints, leading to a lack of proper output encoding. This allows for the injection of malicious JavaScript payloads, enabling reflected cross-site scripting. An attacker can leverage this...

6.1CVSS5AI score0.00173EPSS
Exploits0References1
Rows per page
Query Builder