Lucene search
+L

4 matches found

OSSF Malicious Packages
OSSF Malicious Packages
added 4 days ago11 views

Malicious code in chain-sdk-js (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cb94ce743d92fe81015db70380ba325e78e4271b78689a9a6998cda4e6bdc038 chain-sdk-js is a typosquat of @thetalabs/theta-js package name, description, author 'Theta Labs', and bundle filenames thetajs.cjs.js/thetajs.umd.js...

6.2AI score
Exploits0References6
Cvelist
Cvelist
added 2026/03/27 12:25 a.m.30 views

CVE-2026-33728 dd-trace-java: Unsafe deserialization in RMI instrumentation may lead to remote code execution

dd-trace-java is a Datadog APM client for Java. In versions of dd-trace-java 0.40.0 through prior to 1.60.2, the RMI instrumentation registered a custom endpoint that deserialized incoming data without applying serialization filters. On JDK version 16 and earlier, an attacker with network access ...

9.3CVSS0.00622EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/03/26 12:0 a.m.13 views

PT-2026-28514

Name of the Vulnerable Software and Affected Versions dd-trace-java versions 0.40.0 through prior to 1.60.2 Description dd-trace-java is a Datadog APM client for Java. The RMI instrumentation in affected versions registered a custom endpoint that deserialized incoming data without applying...

9.3CVSS6.6AI score0.00622EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2026/03/25 12:0 a.m.13 views

PT-2026-28180

Name of the Vulnerable Software and Affected Versions OpenTelemetry Java Instrumentation versions prior to 2.26.1 Description The Java instrumentation for OpenTelemetry registers a custom endpoint that deserializes incoming data without applying serialization filters. An attacker with network...

9.3CVSS6.7AI score0.00933EPSS
Exploits1References13
Rows per page
Query Builder