Lucene search
K

30 matches found

OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/13 9:38 p.m.13 views

Malicious code in @gbrlxvi/ts-form-utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 20e77262ebb59497687fabfba394959da9ce6afbaf436aa5fcf654b2c8a44a32 Package advertises trivial form-validation helpers notEmpty/isEmail/isPhone/maxLen/minLen but on require/import of the main module performs an...

5.8AI score
Exploits0References14
OSV
OSV
added 2026/06/13 9:38 p.m.11 views

MAL-2026-5753 Malicious code in @gbrlxvi/ts-form-utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 20e77262ebb59497687fabfba394959da9ce6afbaf436aa5fcf654b2c8a44a32 Package advertises trivial form-validation helpers notEmpty/isEmail/isPhone/maxLen/minLen but on require/import of the main module performs an...

5.9AI score
Exploits0References14
OSV
OSV
added 2026/06/13 7:7 a.m.7 views

MAL-2026-5730 Malicious code in class-synth (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1aa63407d7400b4819d0739dedad0a32d9ae29b18509693c2e8763cf30275271 class-synth is advertised as a small class/style/date utility library, but its main entry dist/index.js contains a hidden top-level async IIFE init...

5.4AI score
Exploits0References8
OSV
OSV
added 2026/06/10 6:44 p.m.10 views

MAL-2026-5527 Malicious code in check-error-util (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7c25cbbb904c18028cac363ba66eb89d91301bd3204a8347834e52387b4b575e On require/import, index.js executes a top-level resolveConfig that reconstructs a URL from an XOR-obfuscated integer array, AES-256-CBC-decrypts it,...

6.2AI score
Exploits0References6
CVE
CVE
added 2026/06/01 9:37 a.m.16 views

CVE-2026-25600

The CVE describes a local-privilege escalation in the PDBM application caused by a hard-coded secret embedded in PDBM.exe that is reused by encryption routines to decrypt credentials in the configuration file. Because the secret is constant across installations, an attacker with sufficient local ...

6.4CVSS5.8AI score0.00065EPSS
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/26 6:21 a.m.16 views

Malicious code in unique-id-64 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8ab3b19e4bd1602de93ca092a5909f8b69927c01d5a690d3484116024dfc46e2 Package impersonates the well-known sindresorhus/unique-string utility: package.json copies the author block name 'Sindre Sorhus', email...

5.9AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/25 1:2 p.m.14 views

Malicious code in emojifancy-print (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 87a0b34b08697e7c8c67b8111ab442ec2d1168f0981b4680fc327a40ba370d79 The package advertises itself as a colorized logger but ships a backdoor in dist/logger.js that fires automatically when the module is loaded. At...

5.9AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/22 4:50 p.m.11 views

Malicious code in prisma-client-python (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4ba0c0f6a1d1bdb5bffb45ca56fb99b8084fba921cc7689b6e8913c0436fe392 The package's CLI flow ppy generate reads dist/index.enc, a 346 KB AES-encrypted blob, decrypts it using a key extracted from dist/key.enc substring...

6AI score
Exploits0References1
OSV
OSV
added 2026/05/22 4:50 p.m.8 views

MAL-2026-4646 Malicious code in prisma-client-python (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4ba0c0f6a1d1bdb5bffb45ca56fb99b8084fba921cc7689b6e8913c0436fe392 The package's CLI flow ppy generate reads dist/index.enc, a 346 KB AES-encrypted blob, decrypts it using a key extracted from dist/key.enc substring...

6AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/03/15 9:34 a.m.8 views

Malicious code in dgl-cu117 (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 4f9fcfe9f469df3c132eca5b08bac4a30c146c7b1305f506fd900b1e78581b0d During import, package decrypts and runs a malicious executable. The executable is hidden in an encoded and xored form in the JSON resource file. This is a...

5.8AI score
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/03/04 12:0 a.m.5 views

PT-2026-22894

SEPPmail Secure Email Gateway before version 15.0.1 decrypts inline PGP messages without isolating them from surrounding unencrypted content, allowing exposure of sensitive information to an unauthorized actor...

6.9CVSS5.9AI score0.0025EPSS
Exploits0References2
NVD
NVD
added 2025/12/17 8:15 p.m.5 views

CVE-2025-14760

Missing cryptographic key commitment in the AWS SDK for C++ may allow a user with write access to the S3 bucket to introduce a new EDK that decrypts to different plaintext when the encrypted data key is stored in an "instruction file" instead of S3's metadata record. To mitigate this issue, upgra...

6CVSS0.00141EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/10/10 8:22 p.m.4 views

CVE-2017-20203

NetSarang Xmanager Enterprise 5.0 Build 1232, Xmanager 5.0 Build 1045, Xshell 5.0 Build 1322, Xftp 5.0 Build 1218, and Xlpd 5.0 Build 1220 contain a malicious nssock2.dll that implements a multi-stage, DNS-based backdoor. The dormant library contacts a C2 DNS server via a specially crafted TXT...

9.3CVSS7.8AI score0.00608EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 8:54 p.m.5 views

CVE-2021-37587

In Charm 0.43, any single user can decrypt DAC-MACS or MA-ABE-YJ14 data...

6.5CVSS6.6AI score0.00819EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/10/07 12:0 a.m.6 views

PT-2024-38167

Name of the Vulnerable Software and Affected Versions: eWeLink affected versions not specified Description: A local attacker can decrypt TLS communication and extract secrets to clone the device via flashing modified firmware due to a missing SSL pinning implementation. Recommendations: At the...

7CVSS5.8AI score0.00228EPSS
Exploits0References9
CNNVD
CNNVD
added 2023/10/03 12:0 a.m.4 views

Ibermática RPS 2019 Log Information Disclosure Vulnerability

Ibermática RPS 2019 is an ERP software from Ibermática. Ibermática RPS 2019 suffers from a log message disclosure vulnerability that originates from an attacker being able to download a log file that contains a password hash encoded using the AES-CBC-128 bit algorithm, which can be decrypted usin...

8.2CVSS6.7AI score0.00243EPSS
Exploits0References2
OSV
OSV
added 2023/04/11 3:15 a.m.4 views

CVE-2023-28765

An attacker with basic privileges in SAP BusinessObjects Business Intelligence Platform Promotion Management - versions 420, 430, can get access to lcmbiar file and further decrypt the file. After this attacker can gain access to BI user’s passwords and depending on the privileges of the BI user,...

9.8CVSS6.7AI score0.14942EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2023/02/15 4:26 a.m.3 views

SUSE CVE-2018-12404

A cached side channel attack during handshakes using RSA encryption could allow for the decryption of encrypted content. This is a variant of the Adaptive Chosen Ciphertext attack AKA Bleichenbacher attack and affects all NSS versions prior to NSS 3.41...

5.9CVSS6.8AI score0.44398EPSS
Exploits0References17
Packet Storm
Packet Storm
added 2022/09/20 12:0 a.m.363 views

Blink1Control2 2.2.7 Weak Password Encryption

// Exploit Title: Blink1Control2 2.2.7 - Weak Password Encryption // Date: 2022-08-12 // Exploit Author: p1ckzi // Vendor Homepage: https://thingm.com/ // Software Link: https://github.com/todbot/Blink1Control2/releases/tag/v2.2.7 // Vulnerable Version: blink1control2 !/usr/bin/env node const...

7.5CVSS7.6AI score0.0414EPSS
Exploits5
OSV
OSV
added 2021/11/16 7:15 p.m.3 views

CVE-2021-26315

When the AMD Platform Security Processor PSP boot rom loads, authenticates, and subsequently decrypts an encrypted FW, due to insufficient verification of the integrity of decrypted image, arbitrary code may be executed in the PSP when encrypted firmware images are used...

7.8CVSS7.2AI score0.0016EPSS
Exploits0References1
Rows per page
Query Builder