Lucene search
K

269 matches found

OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/24 2:5 p.m.9 views

Malicious code in signup-embedder (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c48f398f700b78d1893db4570d5d6f16985d937ee79677aab97e673a1cf86e7e [email protected] ships preinstall.js and postinstall.js lifecycle scripts that auto-execute on npm install. preinstall.js collects...

5.8AI score
Exploits0References3
OSV
OSV
added 2026/06/24 2:5 p.m.9 views

MAL-2026-6396 Malicious code in signup-embedder (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c48f398f700b78d1893db4570d5d6f16985d937ee79677aab97e673a1cf86e7e [email protected] ships preinstall.js and postinstall.js lifecycle scripts that auto-execute on npm install. preinstall.js collects...

5.8AI score
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/06/23 9:22 p.m.8 views

jackson-databind: InetSocketAddress deserialization triggers eager DNS resolution (SSRF)

Summary JDKFromStringDeserializer constructed InetSocketAddress with new InetSocketAddresshost, port, which performs eager DNS name resolution for hostname inputs at deserialization time. An application that binds untrusted JSON into a type containing an InetSocketAddress field issues an...

5.3CVSS5.9AI score0.00219EPSS
Exploits0References4Affected Software2
NVD
NVD
added 2026/06/23 9:17 p.m.8 views

CVE-2026-54514

jackson-databind contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. From 2.0.0 until 2.18.8, 2.21.4, and 3.1.4, JDKFromStringDeserializer constructed InetSocketAddress with new InetSocketAddresshost, port, which performs eager DNS name resolution fo...

5.3CVSS0.00219EPSS
Exploits0References3
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.6 views

Astra Linux – Vulnerability in qtbase-opensource-src

A issue was discovered in Qt 5.x before 5.15.14, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1. QDnsLookup has a buffer over-read issue due to a crafted reply from a DNS server...

5.3CVSS5.9AI score0.00805EPSS
Exploits0References2
OSV
OSV
added 2026/06/16 2:52 p.m.6 views

MAL-2026-5891 Malicious code in atlassian-forge-skills (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0ca0f4b99cda621977551550ed678ad77ee82827714acb9d08534f53b0642e3c Package impersonates an internal Atlassian Forge dependency unscoped name atlassian-forge-skills, description 'Internal package', generic author...

5.8AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/10 6:22 p.m.10 views

Malicious code in @orion-design-system/components (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector edd5d007da2de0a07fc1a0d999cccbf71a748627c82c9b2000d161eb248a5a0f package.json declares a preinstall hook that runs an inline node -e script reading os.hostname and os.userInfo.username and transmitting them via HTT...

5.4AI score
Exploits0References4
OSV
OSV
added 2026/06/09 5:45 p.m.10 views

MAL-2026-5459 Malicious code in @dktunited/anly-tracker-v2 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8a8893b914c3ba3139a3c8cede191521742237aa7c1c5d64f7ee45dbc5f636a6 scripts/postinstall.js runs unconditionally during npm install and exfiltrates installer-side identifiers to an attacker-controlled out-of-band...

5.5AI score
Exploits0References1
OSV
OSV
added 2026/06/09 5:44 p.m.9 views

MAL-2026-5436 Malicious code in checkout-signer (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f6add4dfcaaf79ce107ac8026032b47540def183a121be2266891644c90f10c8 Package replicates the API surface of an internal Exodus package generateMnemonicSigningKeys, signDirectPaymentMultiChain, signCapture, signRefund,...

5.3AI score
Exploits0References1
OSV
OSV
added 2026/06/09 5:44 p.m.9 views

MAL-2026-5443 Malicious code in exodus-wallet-core (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 53bf93b626689e980ef2e9c4ba33fd95e81d6a04c665f85908c8cf07b8b36e14 Package name impersonates the Exodus cryptocurrency wallet brand. package.json declares "postinstall": "node src/canary.js", and src/canary.js perfor...

6.1AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/09 5:44 p.m.10 views

Malicious code in grateful-payments (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1a7a07a0a09ed8037058353b9b9b067e25e3cbe783eaab8d54276d490f823471 On npm install, the package's postinstall script src/canary.js performs a DNS lookup and HTTPS GET to the hardcoded host...

5.5AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/09 5:44 p.m.15 views

Malicious code in exodus-ethereum-sdk (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b4e52a42f8980da0a9df361ef772ca31bbdaec85eb3fc7a73dbcfc8b5ca6894a Package name impersonates the Exodus cryptocurrency wallet brand and ships no real functionality src/index.js exports an empty object; package.json...

5.5AI score
Exploits0References1
OSV
OSV
added 2026/06/09 5:44 p.m.8 views

MAL-2026-5440 Malicious code in exodus-ethereum-sdk (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b4e52a42f8980da0a9df361ef772ca31bbdaec85eb3fc7a73dbcfc8b5ca6894a Package name impersonates the Exodus cryptocurrency wallet brand and ships no real functionality src/index.js exports an empty object; package.json...

5.5AI score
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/05/27 12:0 a.m.15 views

Amazon Linux 2 : oci-add-hooks, --advisory ALAS2DOCKER-2026-122 (ALASDOCKER-2026-122)

The version of oci-add-hooks installed on the remote host is prior to 0-0.10.20200504git325a340. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2DOCKER-2026-122 advisory. When using LookupCNAME with the cgo DNS resolver, a very long CNAME response can trigger a...

7.5CVSS7.5AI score0.00813EPSS
Exploits0References16
OSV
OSV
added 2026/05/20 12:41 p.m.9 views

USN-8283-1 rsync vulnerabilities

Calum Hutton discovered that rsync contained a heap-based out-of-bounds read when handling file transfers. A remote attacker with read access to an rsync server could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 22.04 LTS, Ubuntu 24.04 LTS, and Ubuntu 25.1...

8.1CVSS5.9AI score0.0078EPSS
Exploits1References9
GithubExploit
GithubExploit
added 2026/05/15 8:29 a.m.81 views

X-Omega-Hack

X-Omega-Hack X-Omega-Hack v9.0 - Tool hacking all in one buat...

5.8AI score
Exploits0
OSV
OSV
added 2026/05/09 12:33 p.m.7 views

OESA-2026-2267 proftpd security update

ProFTPD is an enhanced FTP server with a focus toward simplicity, security, and ease of configuration. It features a very Apache-like configuration syntax, and a highly customizable server infrastructure, including support for multiple 'virtual' FTP servers, anonymous FTP, and permission-based...

8.1CVSS6AI score0.00455EPSS
Exploits0References2
GithubExploit
GithubExploit
added 2026/04/21 8:13 p.m.87 views

vulnscanx_v2

⚡ VulnScanX Advanced Vulnerability Scanning & Penetration...

5.8AI score
Exploits0
Positive Technologies
Positive Technologies
added 2026/04/21 12:0 a.m.5 views

PT-2026-33979

User‑Controlled HTTP Header in Fortra's GoAnywhere MFT prior to version 7.10.0 allows attackers to trigger a DNS lookup, as well as DNS Rebinding and Information Disclosure...

6.5CVSS5.8AI score0.00229EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/02/06 7:34 p.m.7 views

CVE-2020-37119

Nsauditor 3.0.28 and 3.2.1.0 contains a buffer overflow vulnerability in the DNS Lookup tool that allows attackers to execute arbitrary code by overwriting memory. Attackers can craft a malicious DNS query payload to trigger a three-byte overwrite, bypass ASLR, and execute shellcode through a...

9.8CVSS6.3AI score0.00607EPSS
Exploits1References1
Rows per page
Query Builder