Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7 matches found

OSSF Malicious Packages
OSSF Malicious Packagesadded 2026/05/20 7:13 p.m.6 views

Malicious code in bolt-delivery-menu-app (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cc39247db76b4edd80084e400324518739f141dafda621d368c3e5a9ac41f791 Package executes a DNS-based beacon at both install time package.json scripts.install runs node index.js and on every require of the module...

5.8AI score
Exploits0References1
The Hacker News
The Hacker Newsadded 2025/12/18 7:43 a.m.12 views

Kimsuky Spreads DocSwap Android Malware via QR Phishing Posing as Delivery App

The North Korean threat actor known as Kimsuky has been linked to a new campaign that distributes a new variant of Android malware called DocSwap via QR codes hosted on phishing sites mimicking Seoul-based logistics firm CJ Logistics formerly CJ Korea Express. "The threat actor leveraged QR codes...

7.8CVSS7.2AI score0.73233EPSS
Exploits4
EUVD
EUVDadded 2025/10/03 8:7 p.m.1 views

EUVD-2023-26592

Malicious code in bioql PyPI...

7.8CVSS5.6AI score0.00042EPSS
Exploits0References2
OSV
OSVadded 2023/04/11 9:15 a.m.1 views

CVE-2023-22429

Android App 'Wolt Delivery: Food and more' version 4.27.2 and earlier uses hard-coded credentials API key for an external service, which may allow a local attacker to obtain the hard-coded API key via reverse-engineering the application binary...

7.8CVSS6.3AI score
Exploits0References2
Malwarebytes
Malwarebytesadded 2019/12/09 4:47 p.m.40 views

A week in security (December 2 – December 8)

Last week on Malwarebytes Labs, we took a look at a new version of the IcedID Trojan, described web skimmers up to no good, and took a deep dive into containerization. We also explored a report bringing bad news for organizations and insider threats, and threw a spotlight on a video game phish...

Exploits0
Hacker One
Hacker Oneadded 2015/10/15 8:38 p.m.31 views

Shopify: Arbitrary read on s3://shopify-delivery-app-storage/files

Short ==== An attacker is able to read arbitrary files from the delivery app storage if the bucket key is known to him. Vector ==== 1 The victim uploads a.png to a product his shop located at https://myhackeronestore.myshopify.com. 1a The file is stored at...

0.2AI score
Exploits0
Hacker One
Hacker Oneadded 2015/10/13 7:22 p.m.18 views

Shopify: Arbitrary write on s3://shopify-delivery-app-storage/files

Short ==== The policy used to upload files via the Delivery app is too generic which results in an arbitrary write and replace of files in the files/ directory. Disclaimer: While I was unable to create a second store to fully test this I can't create new development stores right now, support is...

0.1AI score
Exploits0
Rows per page
Query Builder