Lucene search
K

1241 matches found

OSSF Malicious Packages
OSSF Malicious Packages
added 2 days ago4 views

Malicious code in sixseven9 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b1ed9c23f2c82d9e91d783110274aff10788de9e0e9a783964702ea26c7b1cc4 The package declares no install/postinstall/preinstall lifecycle scripts, and its declared main is sw.js — a browser ServiceWorker that uses...

6.2AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2 days ago4 views

Malicious code in ishowfeet9 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 248f82bac5fecfd3cc8e27d3c4cc6f48f310aef9c069e64cc33a407cd79369bb The tarball ships auto-publish.sh, a script that republishes the same payload under 100 distinct npm names ishowfeet1-ishowfeet20, nottuff1-nottuff30...

6.2AI score
Exploits0References4
RedhatCVE
RedhatCVE
added last week5 views

CVE-2026-11856

A flaw was found in curl. When libcurl performs a transfer to an HTTP origin using Digest authentication and then reuses the same connection handle for a subsequent transfer to a different origin, it may incorrectly send the authentication header intended for the first origin to the second. This...

9.8CVSS5.8AI score0.01064EPSS
Exploits1References6
OSV
OSV
added 2026/07/07 3:34 p.m.7 views

MAL-2026-6934 Malicious code in load-nuxt (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d5e95bb337136d6bfafcd6f21bb8cb1d98da703f7e20b851b3af82876018ffac Package name resembles the Nuxt ecosystem's helper naming 'load-nuxt' and is published at version 99.0.3, a version-number shape frequently used in...

6.2AI score
Exploits0References2
OSV
OSV
added 2026/07/07 3:34 p.m.6 views

MAL-2026-6937 Malicious code in nuxt-fonts-devtools (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d6ede5024b6ee71356eedb3dfb3bb648682901bf6b966bbe353daff6082ecc85 Package ships only a package.json and a readme; there is no main entry, no bin, no scripts, no dependencies, and no executable code. The readme...

6.2AI score
Exploits0References2
OSV
OSV
added 2026/07/07 3:34 p.m.8 views

MAL-2026-6941 Malicious code in shopify-internel (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3eb1d4e4e70cff6efbfec48cbf205e071c73a70003863e2293dbf7035547f560 Package name 'shopify-internel' is a one-character misspelling of 'shopify-internal' and appears to squat on the Shopify namespace. The tarball...

6.3AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/07/07 3:34 p.m.9 views

Malicious code in some-theme (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 97420170b95f54c404226b47901bbd45ec03ed0a427369b50add75297a2dcb80 Package [email protected] was scanned across 2 files with no a static rule matches and no behavioral findings. No install-time lifecycle execution, n...

5.9AI score
Exploits0References2
OSV
OSV
added 2026/07/07 1:59 p.m.5 views

MAL-2026-6922 Malicious code in mcp-server-pg (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 22d68bdfced357622e33e4608bd35ded4d8988ea6dc7da073b3a83075978815d On npm install, scripts/postinstall.js unconditionally reads a range of installer-owned identity and configuration files and POSTs a JSON payload to ...

6.1AI score
Exploits0References22
OSV
OSV
added 2026/07/06 7:0 p.m.6 views

MAL-2026-6905 Malicious code in winston-prism (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 06134c2a9c642914c91312e4d0184158fda282ec1bb3715fc143e7834993e266 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.9AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/07/06 6:57 p.m.7 views

Malicious code in secure-box (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1fac79042697157915144f205c342b79f8a019218c45580224a85c045c03fea9 The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...

5.9AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/07/06 6:56 p.m.7 views

Malicious code in pino-pretty-logs (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f7864fcfe92b62b2ddc003e696cbe02d18e0979f4336bff4cc9352f318b260fa Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.9AI score
Exploits0References2
OSV
OSV
added 2026/07/06 6:55 p.m.5 views

MAL-2026-6857 Malicious code in npm-doc-dev (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware cd9478699eb0ff355280d938bef68818018c0c5cb579b3c144f6c0e134dfad1b Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.9AI score
Exploits0References1
OSV
OSV
added 2026/07/03 7:16 a.m.5 views

ALPINE-CVE-2026-8458

libcurl might in some circumstances reuse the wrong connection when asked to do Negotiate-authenticated ones, even when they are set to use different 'services'. libcurl features a pool of recent connections so that subsequent requests can reuse an existing connection to avoid overhead. When...

6.5CVSS6AI score0.00543EPSS
Exploits1References1
NVD
NVD
added 2026/07/03 7:16 a.m.14 views

CVE-2026-8458

libcurl might in some circumstances reuse the wrong connection when asked to do Negotiate-authenticated ones, even when they are set to use different 'services'. libcurl features a pool of recent connections so that subsequent requests can reuse an existing connection to avoid overhead. When...

6.5CVSS0.00543EPSS
Exploits1References3
Cvelist
Cvelist
added 2026/07/03 6:14 a.m.52 views

CVE-2026-8458 wrong reuse for different services

libcurl might in some circumstances reuse the wrong connection when asked to do Negotiate-authenticated ones, even when they are set to use different 'services'. libcurl features a pool of recent connections so that subsequent requests can reuse an existing connection to avoid overhead. When...

0.00543EPSS
Exploits1References3
EUVD
EUVD
added 2026/07/03 6:14 a.m.9 views

EUVD-2026-41504

libcurl might in some circumstances reuse the wrong connection when asked to do Negotiate-authenticated ones, even when they are set to use different 'services'. libcurl features a pool of recent connections so that subsequent requests can reuse an existing connection to avoid overhead. When...

6AI score0.00543EPSS
Exploits1References3
AlpineLinux
AlpineLinux
added 2026/07/03 6:14 a.m.7 views

CVE-2026-8458

libcurl might in some circumstances reuse the wrong connection when asked to do Negotiate-authenticated ones, even when they are set to use different 'services'. libcurl features a pool of recent connections so that subsequent requests can reuse an existing connection to avoid overhead. When...

6.5CVSS6AI score0.00543EPSS
Exploits1References3
CVE
CVE
added 2026/07/03 6:14 a.m.20 views

CVE-2026-8458

CVE-2026-8458 affects libcurl where, under Negotiate-authenticated requests, a logical error can cause a reused connection to be authenticated for a different service. This could allow a request to be served using credentials for another service, impacting integrity (high) and potentially exposin...

6.5CVSS6AI score0.00543EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2026/07/03 6:14 a.m.3 views

CVE-2026-8458 wrong reuse for different services

libcurl might in some circumstances reuse the wrong connection when asked to do Negotiate-authenticated ones, even when they are set to use different 'services'. libcurl features a pool of recent connections so that subsequent requests can reuse an existing connection to avoid overhead. When...

6.5CVSS6.1AI score0.00543EPSS
Exploits1References5
EUVD
EUVD
added 2026/07/01 1:45 p.m.7 views

EUVD-2026-40995

We found a chain of combining multiple weaknesses in the product that could allow an attacker to become any user in the backend and access any data: The payment integration plugins Stripe included in the core system, pretix-mollie, pretix-oppwa, pretix-bitpay, pretix-payone, pretix-secuconnect,...

9.4CVSS6AI score0.00239EPSS
Exploits0References1
Rows per page
Query Builder