Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

302047 matches found

OSSF Malicious Packages
OSSF Malicious Packagesadded 2026/06/09 5:44 p.m.15 views

Malicious code in grateful-checkout (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c2a9600ad3ee3fddd9f06425260c94edf660263800080787155a63d3e5212d12 On npm install, the postinstall hook in src/canary.js performs a DNS lookup and an HTTPS GET to a serveo tunnel host...

5.5AI score
Exploits0References1
OSV
OSVadded 2026/06/09 5:44 p.m.9 views

MAL-2026-5444 Malicious code in grateful-checkout (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c2a9600ad3ee3fddd9f06425260c94edf660263800080787155a63d3e5212d12 On npm install, the postinstall hook in src/canary.js performs a DNS lookup and an HTTPS GET to a serveo tunnel host...

5.5AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packagesadded 2026/06/09 5:44 p.m.9 views

Malicious code in checkout-signer (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f6add4dfcaaf79ce107ac8026032b47540def183a121be2266891644c90f10c8 Package replicates the API surface of an internal Exodus package generateMnemonicSigningKeys, signDirectPaymentMultiChain, signCapture, signRefund,...

5.3AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packagesadded 2026/06/09 5:41 p.m.7 views

Malicious code in @nstrlabs/utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 36d8d7c327560bb7a4c08d906db240a2dc146e20f828d9dfc5ab79497b155355 On npm install, the package's preinstall script node index.js || true executes automatically and collects host identifiers from the installer's machi...

5.5AI score
Exploits0References2
OSV
OSVadded 2026/06/09 5:40 p.m.6 views

MAL-2026-5416 Malicious code in @klapp-otp/routes (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9246974efd1a626094dd3f2027df2e8f1468ce45ebcba42e5207a06c5c9e16ee On npm install, this package auto-executes index.js via the preinstall lifecycle hook. The script collects os.hostname, os.userInfo, dirname,...

5.5AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packagesadded 2026/06/09 5:40 p.m.8 views

Malicious code in @klapp-otp/routes (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9246974efd1a626094dd3f2027df2e8f1468ce45ebcba42e5207a06c5c9e16ee On npm install, this package auto-executes index.js via the preinstall lifecycle hook. The script collects os.hostname, os.userInfo, dirname,...

5.5AI score
Exploits0References2
OSV
OSVadded 2026/06/09 5:39 p.m.10 views

MAL-2026-5420 Malicious code in @nstrlabs/ixel (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 64b10f7a8ca25ac33a6d1e94038d1dbfd68d113d9ab7d7a428d97417b3409c7d On npm install, the package runs node index.js via a preinstall lifecycle hook declared as "preinstall": "node index.js || true" so failures are...

5.5AI score
Exploits0References2
OSV
OSVadded 2026/06/09 5:39 p.m.6 views

MAL-2026-5421 Malicious code in @nstrlabs/sdk (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a0b1375de7b44594cd3760efb91cb94c8c8b7137322f4597114e314ce5e14e45 On npm install, package.json runs preinstall: node index.js || true, unconditionally executing index.js. The script collects host identity fields...

5.5AI score
Exploits0References2
OSV
OSVadded 2026/06/09 5:38 p.m.7 views

MAL-2026-5419 Malicious code in @nstrlabs/auth (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 608be3457e7c809e60c1b76b9406489652f0ef708bfb97db2b6e0bb92b6836c2 On npm install, the package's preinstall hook node index.js || true, declared in package.json automatically collects host identifiers — os.hostname,...

5.5AI score
Exploits0References2
OSV
OSVadded 2026/06/09 5:37 p.m.8 views

MAL-2026-5412 Malicious code in @klapp-kyc/routes (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ca32e3aa7685d93e36eca726e08096bd0c5ba425172ef254fdf769cc09b46887 On npm install, the package's preinstall hook executes node index.js, which collects the installer's hostname, OS username, current working directory...

5.5AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packagesadded 2026/06/09 5:37 p.m.7 views

Malicious code in @klapp-kyc/routes (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ca32e3aa7685d93e36eca726e08096bd0c5ba425172ef254fdf769cc09b46887 On npm install, the package's preinstall hook executes node index.js, which collects the installer's hostname, OS username, current working directory...

5.5AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packagesadded 2026/06/09 5:35 p.m.6 views

Malicious code in @card-pci-data/store (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9a82d7b7e7588c4b773e2948eb1707e62f2fcece2bec37a23eda5d5058eae871 On npm install, the package's preinstall hook scripts.preinstall: node index.js || true runs index.js which collects host identity — os.hostname,...

5.5AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packagesadded 2026/06/09 5:35 p.m.6 views

Malicious code in @klapp-about/routes (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 715f07e0a1984fc9eb7d6432fc2491b08139755426b3c8905ba2d9274e2d4875 On npm install, the package's preinstall hook node index.js collects host and user identity data — os.hostname, os.userInfo.username, dirname,...

5.4AI score
Exploits0References3
OSV
OSVadded 2026/06/09 5:35 p.m.8 views

MAL-2026-5411 Malicious code in @klapp-about/routes (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 715f07e0a1984fc9eb7d6432fc2491b08139755426b3c8905ba2d9274e2d4875 On npm install, the package's preinstall hook node index.js collects host and user identity data — os.hostname, os.userInfo.username, dirname,...

5.4AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packagesadded 2026/06/09 5:35 p.m.8 views

Malicious code in @klapp-login-platform/native-sdk (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3b3bc8633d15b44abc90074d3362fd9399f53d10a88e24264caee9d924a72bb6 On npm install, the package's preinstall lifecycle hook runs node index.js, which collects installer-side identifiers — os.hostname,...

5.5AI score
Exploits0References2
Microsoft Secure
Microsoft Secureadded 2026/06/09 5:35 p.m.23 views

Reconstructing AI activity in investigations

AI systems are now part of everyday work. Investigators need a consistent way to reconstruct what happened within them. Security teams are already investigating activity involving Microsoft 365 Copilot and Azure AI services—from prompt injection attempts to unexpected data access. Those signals a...

5.5AI score
Exploits0
OSV
OSVadded 2026/06/09 5:35 p.m.7 views

MAL-2026-5415 Malicious code in @klapp-login-platform/routes (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ffe05a6af27bd4b583c0284a40129eb63f4dcb4a6197e74195a8bb85bf71d1e7 On npm install, the package's preinstall lifecycle hook executes index.js, which collects the installer's hostname, username, package install path...

5.5AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packagesadded 2026/06/09 5:34 p.m.4 views

Malicious code in morningstar-design-system (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 18591ac1a5cb5ca3d11e07bde38f230dccc530bb4614d45f9be1f547677a2c9e On npm install, the package's preinstall lifecycle script runs wget against a hardcoded bare-IP HTTP endpoint, passing the output of id, pwd, hostnam...

5.6AI score
Exploits0References3
OSV
OSVadded 2026/06/09 5:34 p.m.6 views

MAL-2026-5449 Malicious code in morningstar-design-system (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 18591ac1a5cb5ca3d11e07bde38f230dccc530bb4614d45f9be1f547677a2c9e On npm install, the package's preinstall lifecycle script runs wget against a hardcoded bare-IP HTTP endpoint, passing the output of id, pwd, hostnam...

5.6AI score
Exploits0References3
Cvelist
Cvelistadded 2026/06/09 5:34 p.m.35 views

CVE-2026-50636 LimeSurvey RemoteControl invite_participants/remind_participants SQL Injection

The RemoteControl API methods inviteparticipants and remindparticipants pass a caller-supplied token-ID array into TokenDynamic::findUninvited, which concatenates the values directly into a tid IN '...' SQL clause without parameterization or input validation. A remote, authenticated attacker...

8.8CVSS0.00358EPSS
Exploits0References3
Rows per page
Query Builder