Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

8 matches found

Snyk
Snykadded 2026/05/11 9:0 p.m.2 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a credential stealer worm. A malicious actor managed to extract a GitHub Actions OIDC token from the runner process and publish tampered versions of 42 @tanstack/ packages to npm, which then spread ...

9.8CVSS5.8AI score
Exploits0References2
OSV
OSVadded 2024/10/24 6:15 p.m.0 views

CVE-2024-38314

IBM Maximo Application Suite - Monitor Component 8.10, 8.11, and 9.0 could disclose information in the form of the hard-coded cryptographic key to an attacker that has compromised environment...

5.9CVSS5.8AI score
Exploits0References1
NVD
NVDadded 2024/10/24 6:15 p.m.6 views

CVE-2024-38314

IBM Maximo Application Suite - Monitor Component 8.10, 8.11, and 9.0 could disclose information in the form of the hard-coded cryptographic key to an attacker that has compromised environment...

5.9CVSS0.00107EPSS
Exploits0References1
Vulnrichment
Vulnrichmentadded 2024/10/24 5:23 p.m.11 views

CVE-2024-38314 IBM Maximo Application Suite - Monitor Component information disclosure

IBM Maximo Application Suite - Monitor Component 8.10, 8.11, and 9.0 could disclose information in the form of the hard-coded cryptographic key to an attacker that has compromised environment...

5.9CVSS6.4AI score0.00107EPSS
Exploits0References1
Github Security Blog
Github Security Blogadded 2022/08/11 3:43 p.m.22 views

`rustdecimal` is a malicious crate

The Rust Security Response WG and the crates.io team were notified1 on 2022-05-02 of the existence of the malicious crate rustdecimal, which contained malware. The crate name was intentionally similar to the name of the popular rustdecimal2 crate, hoping that potential victims would misspell its...

0.6AI score
Exploits0References5Affected Software1
OSV
OSVadded 2020/09/03 7:42 p.m.10 views

GHSA-JCMH-9FVM-J39W Malicious Package in body-parse-xml

This package contained malicious code. The package uploaded system information such as OS and hostname to a remote server. Recommendation Remove the package from your environment. There are no indications of further compromise...

9.8CVSS6.9AI score
Exploits0References1
Cvelist
Cvelistadded 2018/06/07 2:0 a.m.11 views

CVE-2017-16072

nodemailer.js was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm...

7.5AI score0.00257EPSS
Exploits0References1
FireEye
FireEyeadded 2016/03/23 8:0 a.m.163 views

99 Problems but Two-Factor Ain’t One

Two-factor authentication is a best practice for securing remote access, but it is also a Holy Grail for a motivated red team. Hiding under the guise of a legitimate user authenticated through multiple credentials is one of the best ways to remain undetected in an environment. Many companies rega...

4.3CVSS0.1AI score0.00785EPSS
Exploits0
Rows per page
Query Builder