Lucene search
+L

48180 matches found

OSSF Malicious Packages
OSSF Malicious Packages
added 4 days ago12 views

Malicious code in crypto-hasher (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5162012006c5d2576c6f93540445f10185d44acfb5cef39764f7a2b45c45d205 [email protected] impersonates the hash-wasm library. Its main entrypoint dist/index.umd.js injects code into the WASM Interface update method so...

6.5AI score
Exploits0References2
OSV
OSV
added 4 days ago8 views

MAL-2026-10659 Malicious code in @sauruslord/libsignal (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b0c2cf2672d98396a7b66cb732741d269732f5faae72293ea46e06b879e7a45b Package name impersonates Open Whisper Systems' libsignal-node but ships unrelated code. On require of index.js, after a 1-second delay, install.js...

6.1AI score
Exploits0References2
OSV
OSV
added 4 days ago8 views

MAL-2026-10662 Malicious code in ssweb-wp (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4cdc75de95852418c3d695299d52199b24e52202b2e5595089b3107a73c1e86b The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...

6.1AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 4 days ago9 views

Malicious code in @sauruslord/libsignal (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b0c2cf2672d98396a7b66cb732741d269732f5faae72293ea46e06b879e7a45b Package name impersonates Open Whisper Systems' libsignal-node but ships unrelated code. On require of index.js, after a 1-second delay, install.js...

6.1AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 4 days ago8 views

Malicious code in sauruslord-baileys (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 474b90ec19af5dbbc5bf3c8d27c0c4d079c7d980d6e3316dad3bbf5682abbe52 The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...

6.1AI score
Exploits0References4
OSV
OSV
added 4 days ago5 views

MAL-2026-10648 Malicious code in @hkyyy/portal-widget-helper-0601 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f72e27d8bfbf5b9bfefe661d642be934399a38031c1bee028a20ed3282e0f482 The package has no real functionality — index.js only exports ok: true — and its sole effect is to run a postinstall reconnaissance script...

6.1AI score
Exploits0References2
Positive Technologies
Positive Technologies
added 4 days ago10 views

PT-2026-60319

Name of the Vulnerable Software and Affected Versions Wekan versions prior to 9.32 Description The Accounts.onCreateUser function in server/models/users.js merges OIDC logins into existing accounts when the OIDC email or username matches an existing user without verifying ownership or checking th...

9.2CVSS6.1AI score0.00302EPSS
Exploits0References5
OSV
OSV
added 5 days ago6 views

MAL-2026-10651 Malicious code in iwsdk (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 66af3674e89512532e1448a9421b3318388094ff91bb2e8c32714670a7f5f2cc The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...

6.1AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 5 days ago12 views

Malicious code in iwsdk (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 66af3674e89512532e1448a9421b3318388094ff91bb2e8c32714670a7f5f2cc The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...

6.1AI score
Exploits0References2
NVD
NVD
added 5 days ago6 views

CVE-2026-15778

Insufficient validation of untrusted input in Navigation in Google Chrome prior to 150.0.7871.125 allowed a remote attacker who had compromised the renderer process to bypass navigation restrictions via a crafted HTML page. Chromium security severity: Medium...

6.5CVSS0.00263EPSS
Exploits0References2
NVD
NVD
added 5 days ago4 views

CVE-2026-15769

Insufficient validation of untrusted input in Linux Toolkit Theming in Google Chrome on Linux prior to 150.0.7871.125 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

8.3CVSS0.00236EPSS
Exploits0References2
NVD
NVD
added 5 days ago6 views

CVE-2026-15772

Use after free in GPU in Google Chrome on Android prior to 150.0.7871.125 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

8.3CVSS0.00221EPSS
Exploits0References2
OSV
OSV
added 5 days ago5 views

MAL-2026-10598 Malicious code in monitoring-service-util (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6fb0e7dea7e0302bc22488fbaf436dd36c0763f05ef494977822e8a1b7b3a1ab The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...

6.1AI score
Exploits0References2
OSV
OSV
added 5 days ago3 views

CVE-2026-15699 spencermountain compromise Public Root API extend.js nlp.extend prototype pollution

A vulnerability was identified in spencermountain compromise up to 14.15.1. Affected is the function nlp.extend of the file src/API/extend.js of the component Public Root API. The manipulation of the argument plugin leads to improperly controlled modification of object prototype attributes. Remot...

5.3CVSS6.2AI score0.00256EPSS
Exploits0References9
OSV
OSV
added 5 days ago4 views

MAL-2026-10595 Malicious code in nodemon-plint (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8c287effa0f498762ab73bfc0e4428b4d0afbc05435b1613459f9024d0b97927 The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...

6.1AI score
Exploits0References2
NVD
NVD
added 5 days ago8 views

CVE-2026-15416

A flaw was identified in Argo CD, the GitOps engine used by Red Hat OpenShift GitOps, that could allow an unauthenticated attacker with network access to the Argo CD repo-server to achieve remote code execution. Under certain conditions, the attacker may then manipulate cached data to deploy...

8.9CVSS0.00281EPSS
Exploits0References6
EUVD
EUVD
added 5 days ago6 views

EUVD-2026-43648

A flaw was identified in Argo CD, the GitOps engine used by Red Hat OpenShift GitOps, that could allow an unauthenticated attacker with network access to the Argo CD repo-server to achieve remote code execution. Under certain conditions, the attacker may then manipulate cached data to deploy...

8.9CVSS6.2AI score0.00281EPSS
Exploits0References6
Cvelist
Cvelist
added 5 days ago24 views

CVE-2026-15416 Argo-cd: argo cd unauthenticated remote code execution in repo-server via generatemanifest grpc endpoint

A flaw was identified in Argo CD, the GitOps engine used by Red Hat OpenShift GitOps, that could allow an unauthenticated attacker with network access to the Argo CD repo-server to achieve remote code execution. Under certain conditions, the attacker may then manipulate cached data to deploy...

8.9CVSS0.00281EPSS
Exploits0References6
CVE
CVE
added 5 days ago26 views

CVE-2026-15416

Affected software/component: Argo CD repo-server (GitOps engine used by Red Hat OpenShift GitOps). The CVE-2026-15416 entry describes an unauthenticated attacker with network access who can achieve remote code execution on the Argo CD repo-server. Under certain conditions, this may allow the atta...

8.9CVSS6.2AI score0.00281EPSS
Exploits0References6
OSV
OSV
added 5 days ago4 views

CVE-2026-15416 Argo-cd: argo cd unauthenticated remote code execution in repo-server via generatemanifest grpc endpoint

A flaw was identified in Argo CD, the GitOps engine used by Red Hat OpenShift GitOps, that could allow an unauthenticated attacker with network access to the Argo CD repo-server to achieve remote code execution. Under certain conditions, the attacker may then manipulate cached data to deploy...

8.9CVSS6.3AI score0.00284EPSS
Exploits0References10
Rows per page
Query Builder