97 matches found
MAL-2026-5192 Malicious code in weavedb-contracts (npm)
--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security 146faaf0d97c6a533a969bc3f3f117811f9317dc865ed4ab37f1679842ddeaae This package was compromised as part of the IronWorm campaign. This campaign executes a malicious binary payload during installation via a...
CVE-2026-9053
Mothra would respect a default value given by a website for HTML file upload forms. An attacker could craft a website with a malicious default file path, and then conceal this form element...
CVE-2026-35366
A flaw was found in the printenv utility within uutils coreutils. This vulnerability allows an attacker to conceal malicious environment variables by using invalid UTF-8 byte sequences. As a result, security tools and administrators may not detect these hidden variables, which could enable...
Embedded Malicious Code
Overview mgc is a Module Generate Cli Affected versions of this package are vulnerable to Embedded Malicious Code. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and the author of this package. RAT Behavior The package...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a cross-platform remote access trojan by injecting a hidden dependency named plain-crypto-js. RAT Behavior The injected plain-crypto-js dependency automatically executes an obfuscated postinstall...
SUSE SLES12 Security Update : busybox (SUSE-SU-2026:0892-1)
The remote SUSE Linux SLES12 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:0892-1 advisory. - CVE-2023-42363: use-after-free vulnerability in xasprintf function in xfuncsprintf.c bsc1217580. - CVE-2023-42364: use-after-free in the awk....
Winning Against AI-Based Attacks Requires a Combined Defensive Approach
If there's a constant in cybersecurity, it's that adversaries are always innovating. The rise of offensive AI is transforming attack strategies and making them harder to detect. Google's Threat Intelligence Group, recently reported on adversaries using Large Language Models LLMs to both conceal...
CVE-2005-1576
The file download dialog in Mozilla Firefox 0.10.1 and 1.0 for Windows uses the Content-Type HTTP header to determine the file type, but saves the original file extension when "Save to Disk" is selected, which allows remote attackers to hide the real file types of downloaded files...
CVE-1999-0566
An attacker can write to syslog files from any location, causing a denial of service by filling up the logs, and hiding activities...
Webinar: How Attackers Exploit Cloud Misconfigurations Across AWS, AI Models, and Kubernetes
Cloud security is changing. Attackers are no longer just breaking down the door; they are finding unlocked windows in your configurations, your identities, and your code. Standard security tools often miss these threats because they look like normal activity. To stop them, you need to see exactly...
EUVD-2025-198358
IBM Concert 1.0.0 through 2.0.0 could allow a local user to forge log files to impersonate other users or hide their identity due to improper neutralization of output...
EUVD-2002-1818
Malware in sbrugna...
EUVD-2005-3473
Malware in sbrugna...
EUVD-1999-0098
Malware in sbrugna...
EUVD-2002-1854
Malware in sbrugna...
EUVD-2000-1125
Malware in sbrugna...
EUVD-2002-1414
Malware in sbrugna...
EUVD-2021-27992
Malicious code in bioql PyPI...
EUVD-2022-15856
Malicious code in bioql PyPI...
Exploit for Path Traversal in Rarlab Winrar
CVE-2025-8088 WinRAR path traversal tool ⚠ This tool is c...