Malicious Package

Overview @mlspace/profile is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

Malicious code in @cloudplatform-single-spa/advanced (npm)

Part of a dependency confusion attack campaign targeting the @cloudplatform-single-spa and @mlspace npm scopes. The attacker npm user mr.4nd3r50n published 139 scoped packages at the inflated version 99.99.99, which resolves ahead of any private registry version via npm's default version...

Malicious code in express-security-policy (npm)

Package is malicious. It exfiltrates user/host info to a remote server with obfuscation, delayed execution, and error suppression via preinstall script. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector...

MAL-2026-2828 Malicious code in express-security-policy (npm)

Package is malicious. It exfiltrates user/host info to a remote server with obfuscation, delayed execution, and error suppression via preinstall script. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector...

Malicious Package

Overview clawdist is a malicious package. that utilizes typosquatting to infiltrate developer environments via PyPI. Once installed, it executes obfuscated payloads designed to harvest sensitive data, including environment variables, cloud credentials, and SSH keys. This stolen information is...

Malicious Package

Overview polyutil is a malicious package. that utilizes typosquatting to infiltrate developer environments via PyPI. Once installed, it executes obfuscated payloads designed to harvest sensitive data, including environment variables, cloud credentials, and SSH keys. This stolen information is...

Malicious code in telethon2 (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx 2f513e1bd0172cda035284efad9368870bc46158926c112ccd7fc881e6af75be Malicious Typosquatting packages campaign targeting developers, steals cloud service credentials Source: google-open-source-security...

LACK OF deadline CHECK COULD PROMPT DELAYED EXECUTION OF swap OPERATION

Lines of code Vulnerability details Impact The RewardHandler.sellRewards function is used by governance and trusted sellers to sell reward tokens for collateral tokens. This function ensures that none of the collateral should be decreased after the swap by checking their respective balances befor...

SUSE CVE-2010-1447

The Safe aka Safe.pm module 2.26, and certain earlier versions, for Perl, as used in PostgreSQL 7.4 before 7.4.29, 8.0 before 8.0.25, 8.1 before 8.1.21, 8.2 before 8.2.17, 8.3 before 8.3.11, 8.4 before 8.4.4, and 9.0 Beta before 9.0 Beta 2, allows context-dependent attackers to bypass intended 1...

Olympic Destroyer Wiper Changes Up Infection Routine

Olympic Destroyer, the wiper malware that briefly disrupted the Winter Olympic Games in South Korea earlier this year, appears to be back with a new first-stage dropper variant. It contains a few significant changes that indicate an evolution for the APT group behind it, according to researchers...

Maligno - Penetration Testing Tool that Serves Metasploit Payloads

Maligno is an open source penetration testing tool that serves Metasploit payloads. It generates shellcode with msfvenom and transmits it over HTTP or HTTPS. The shellcode is encrypted with AES and encoded with Base64 prior to transmission. Changelog: Metasploit multi-host support, socks4a server...

CVE-2010-1447

The Safe aka Safe.pm module 2.26, and certain earlier versions, for Perl, as used in PostgreSQL 7.4 before 7.4.29, 8.0 before 8.0.25, 8.1 before 8.1.21, 8.2 before 8.2.17, 8.3 before 8.3.11, 8.4 before 8.4.4, and 9.0 Beta before 9.0 Beta 2, allows context-dependent attackers to bypass intended 1...