Lucene search
K

408 matches found

OSV
OSV
added 2026/03/24 8:7 p.m.8 views

MAL-2026-2141 Malicious code in corexloader (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 02fc84ddadc717cbd2dc073832c3c9e438f82d2671927fa79be959fea7031304 During importing, code starts a malicious script performing exfiltration of sensitive data and credentials from e.g. browsers and Discord clients to a remote...

6AI score
Exploits0References1
OSV
OSV
added 2026/03/24 8:7 p.m.10 views

MAL-2026-2140 Malicious code in coreloader (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 f5d7c219be7c779fe573e80949a521df2a096e7358be92f99cee6a50dd252e09 During importing, code starts a malicious script performing exfiltration of sensitive data and credentials from e.g. browsers and Discord clients to a remote...

6AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/03/24 8:7 p.m.8 views

Malicious code in coreloader (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 f5d7c219be7c779fe573e80949a521df2a096e7358be92f99cee6a50dd252e09 During importing, code starts a malicious script performing exfiltration of sensitive data and credentials from e.g. browsers and Discord clients to a remote...

6AI score
Exploits0References1
HackRead
HackRead
added 2026/03/16 10:3 p.m.5 views

FBI Investigates Steam Games Linked to Malware and Crypto Wallet Theft

FBI warns gamers after malware hidden in several Steam games stole browser data and drained cryptocurrency wallets between May 2024 and January 2026...

5.8AI score
Exploits0
Malwarebytes
Malwarebytes
added 2026/03/16 5:15 p.m.7 views

Hacked sites deliver Vidar infostealer to Windows users

In recent years, ClickFix and fake CAPTCHA techniques have become a popular way for cybercriminals to distribute malware. Instead of exploiting a technical vulnerability, these attacks rely on convincing people to run malicious commands themselves. Our researchers have recently detected a campaig...

6AI score
Exploits0
The Hacker News
The Hacker News
added 2026/03/09 6:31 p.m.8 views

Malicious npm Package Posing as OpenClaw Installer Deploys RAT, Steals macOS Credentials

Cybersecurity researchers have discovered a malicious npm package that masquerades as an OpenClaw installer to deploy a remote access trojan RAT and steal sensitive data from compromised hosts. The package, named "@openclaw-ai/openclawai," was uploaded to the registry by a user named "openclaw-ai...

6AI score
Exploits0
EUVD
EUVD
added 2026/03/04 6:31 p.m.2 views

EUVD-2026-9472

A vulnerability in the SAML 2.0 single sign-on SSO feature of Cisco Secure Firewall ASA Software and Cisco Secure Firewall Threat Defense FTD Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against the SAML feature and access sensitive,...

6.1CVSS5.8AI score0.00264EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/03/04 12:0 a.m.8 views

PT-2026-23030

A vulnerability in the SAML 2.0 single sign-on SSO feature of Cisco Secure Firewall ASA Software and Cisco Secure Firewall Threat Defense FTD Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against the SAML feature and access sensitive,...

6.1CVSS5.8AI score0.00264EPSS
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/02/28 8:25 p.m.9 views

Malicious code in myproject-bola (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 f85bf2df7a8a311b7140ca4086746ecf3c26b219843b96c1f9f8c22f505e7edc Starting the module initiates an infostealer with a Telegram bot and RAT-like functionality and hardcoded credentials. The code automatically adds itself to...

6AI score
Exploits0References1
OSV
OSV
added 2026/02/28 8:25 p.m.6 views

MAL-2026-1091 Malicious code in myproject-bola (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 f85bf2df7a8a311b7140ca4086746ecf3c26b219843b96c1f9f8c22f505e7edc Starting the module initiates an infostealer with a Telegram bot and RAT-like functionality and hardcoded credentials. The code automatically adds itself to...

6AI score
Exploits0References1
OSV
OSV
added 2026/02/28 8:22 p.m.6 views

MAL-2026-1090 Malicious code in isb (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 93750cbddba7897fde1d31836971e11082ad2076012c7caf708980de45827840 Starting the module initiates an infostealer with a Telegram bot and RAT-like functionality and hardcoded credentials. The code automatically adds itself to...

6AI score
Exploits0References1
NVD
NVD
added 2026/02/10 4:16 a.m.7 views

CVE-2026-24328

SAP TAFAPPLAUNCHER within Business Server Pages allows unauthenticated attacker to craft malicious links that, when clicked by a victim, redirect them to attacker?controlled sites, potentially exposing or altering sensitive information in the victim�s browser. This results in a low impact on...

6.1CVSS0.00165EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/02/10 12:0 a.m.9 views

PT-2026-7227

Name of the Vulnerable Software and Affected Versions SAP affected versions not specified Description An unauthenticated attacker can create malicious links. Clicking these links by a victim redirects them to attacker-controlled sites, potentially exposing or altering sensitive information within...

6.1CVSS5.4AI score0.00165EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2026/02/09 3:13 a.m.5 views

CVE-2025-66605

A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation. Since there are input fields on this webpage with the autocomplete attribute enabled, the input content could be saved in the browser the user is using. The affected products and versions are as follows:...

2.1CVSS5.3AI score0.00169EPSS
Exploits0References1
OSV
OSV
added 2026/02/06 3:23 p.m.4 views

MAL-2026-808 Malicious code in carcent (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 6672d1df7a6035da8ee0a2c7a4ed9e7e5bace551e5948fd2e7d7d31a18410a1c Package collects and exfiltrates Discord credentials from multiple sources --- Category: MALICIOUS - The campaign has clearly malicious intent, like...

5.5AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/02/06 3:23 p.m.10 views

Malicious code in carcent (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 6672d1df7a6035da8ee0a2c7a4ed9e7e5bace551e5948fd2e7d7d31a18410a1c Package collects and exfiltrates Discord credentials from multiple sources --- Category: MALICIOUS - The campaign has clearly malicious intent, like...

5.3AI score
Exploits0References1
OSV
OSV
added 2026/02/04 5:16 p.m.7 views

CVE-2026-20111

A vulnerability in the web-based management interface of Cisco Prime Infrastructure could allow an authenticated, remote attacker to conduct a stored cross-site scripting XSS attack against users of the interface of an affected system. This vulnerability exists because the web-based management...

4.8CVSS6AI score0.00175EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/01/15 4:32 p.m.2 views

CVE-2026-20075

A vulnerability in the web-based management interface of Cisco Evolved Programmable Network Manager EPNM and Cisco Prime Infrastructure could allow an authenticated, remote attacker to conduct a stored cross-site scripting XSS attack against users of the interface of an affected system. This...

4.8CVSS5.8AI score0.00221EPSS
Exploits0References2Affected Software2
CVE
CVE
added 2026/01/15 4:32 p.m.28 views

CVE-2026-20047

Cisco ISE and ISE-PIC web management interfaces are affected by a cross-site scripting (XSS) vulnerability (CVE-2026-20047) due to insufficient validation of user-supplied input. An authenticated attacker with valid administrative credentials could inject malicious code into specific pages, allow...

4.8CVSS5.8AI score0.00238EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2026/01/15 4:32 p.m.17 views

CVE-2026-20076

Cisco Identity Services Engine (ISE) is affected by a stored XSS vulnerability in its web-based management interface. An authenticated administrator can inject malicious input on specific pages, potentially executing script code in the user’s browser or accessing sensitive information. The issue ...

4.8CVSS5.7AI score0.00238EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder