Lucene search
K

19 matches found

Snyk
Snyk
added 2026/05/29 11:52 p.m.12 views

Malicious Package

Overview @t-in-one/applicationidstoragekeytoken is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization...

9.8CVSS5.8AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/01/08 1:35 p.m.9 views

Malicious code in do-not-install-this-package-002 (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 dc0f1ed2645f37e4b8df59ccca64288a02f6cc07009489c54565dfc5b0089f19 During installation, the package exfiltrates env variables and data from different process memory to a remote location --- Category: MALICIOUS - The campaign h...

7.8AI score
Exploits0References1
EUVD
EUVD
added 2026/01/08 1:35 p.m.5 views

EUVD-2026-1619

Malicious code in do-not-install-this-package-002 PyPI...

6.6AI score
Exploits0References1
OSV
OSV
added 2026/01/08 1:35 p.m.3 views

MAL-2026-163 Malicious code in do-not-install-this-package-002 (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 dc0f1ed2645f37e4b8df59ccca64288a02f6cc07009489c54565dfc5b0089f19 During installation, the package exfiltrates env variables and data from different process memory to a remote location --- Category: MALICIOUS - The campaign h...

7.7AI score
Exploits0References1
OSV
OSV
added 2025/12/09 9:25 a.m.5 views

MAL-2025-192387 Malicious code in do-not-install-this-package-001 (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 27c17335ba5378258efc5d22274e8104e45a493eec51d60d0adbeb9c4f627714 Generic campaign for all likely research / pentests, where the amount or art of collected data raises questions about the privacy, security and ethical side. -...

7.5AI score
Exploits0References1
EUVD
EUVD
added 2025/12/09 9:25 a.m.3 views

EUVD-2025-201914

Malicious code in do-not-install-this-package-001 PyPI...

6.6AI score
Exploits0References1
Snyk
Snyk
added 2025/10/07 2:39 a.m.2 views

Malicious Package

Overview orvlllcj is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...

9.8CVSS6.8AI score
Exploits0References2
OpenVAS
OpenVAS
added 2025/09/25 12:0 a.m.3 views

Do Not Install Python 2

The EOL for Python 2 was reached on January 1, 2020, and there will be no updates and maintenance. If you continue to use Python 2, the system attack surface may be expanded, and system vulnerabilities and attack risks may increase. Therefore, do not use Python 2. If Python is required, you are...

7AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/08/14 6:52 p.m.1 views

Malicious code in malicious-do-not-install (npm)

The package malicious-do-not-install was found to contain malicious code...

7AI score
Exploits0
OSV
OSV
added 2025/08/14 6:52 p.m.1 views

MAL-2025-25806 Malicious code in malicious-do-not-install (npm)

The package malicious-do-not-install was found to contain malicious code...

7.2AI score
Exploits0
OpenVAS
OpenVAS
added 2025/05/07 12:0 a.m.3 views

Do Not Enable the LDAP Service

Lightweight Directory Access Protocol LDAP is a protocol that provides access control and is used to maintain distributed directory information. The LDAP service increases system resource usage and expands the attack surface. If the LDAP service is not required, do not install the LDAP service. T...

6.8AI score
Exploits0References1
OpenVAS
OpenVAS
added 2025/05/07 12:0 a.m.2 views

Do Not Install Network Sniffing Tools

If network sniffing tools exist in the production environment, attackers may use them for network analysis and attacks. Therefore, in the production environment, do not install network sniffing, packet capturing, or analysis tools, such as tcpdump, Ethereal, and Wireshark. SPDX-FileCopyrightText:...

7AI score
Exploits0References3
OpenVAS
OpenVAS
added 2025/05/07 12:0 a.m.5 views

Do Not Install the FTP Client

File Transfer Protocol FTP is used for file transfer between a Linux server and other servers, desktop systems, as well as terminal devices. FTP does not support encrypted transmission. As a result, data can be easily stolen by attackers during transmission. Therefore, do not install FTP clients ...

7AI score
Exploits0References4
OpenVAS
OpenVAS
added 2025/05/07 12:0 a.m.5 views

Do Not Install the rsync Service

The rsync service can synchronize data between servers or between local drive partitions. However, information leakage risks exist because rsync uses non-encrypted transmission protocols. If the rsync service is enabled and data is transmitted between servers over the network, attackers can...

6.5AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2024/10/16 12:44 p.m.1 views

Malicious code in do-not-install-ecb1029ca (npm)

--- -= Per source details. Do not edit below this line.=-...

7AI score
Exploits0
OSV
OSV
added 2024/10/16 12:44 p.m.3 views

MAL-2024-9587 Malicious code in do-not-install-ecb1029ca (npm)

--- -= Per source details. Do not edit below this line.=-...

7.1AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2022/06/20 6:19 p.m.2 views

Malicious code in @eb1a3227cdc3fedbaec2fe38bf6c044a/do-not-install (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware bdcabc89fbe9445cec97807348daae0666fd0917642c57162147d5df81333a88 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.9AI score
Exploits0References1
OSV
OSV
added 2019/06/12 4:37 p.m.1 views

GHSA-GC94-6W89-HPQR Command Injection in fs-path

All versions of fs-path are vulnerable to command injection is unsanitized user input is passed in. Recommendation No fix is currently available for this vulnerability. It is our recommendation to not install or use this module until a fix is available...

5.9AI score
Exploits0References4
OSV
OSV
added 2019/05/31 11:46 p.m.2 views

GHSA-7JFH-2XC9-CCV7 Cross-Site Scripting in public

All versions of public are vulnerable to stored cross-site scripting XSS. Recommendation No fix is currently available for this vulnerability. It is our recommendation to not install or use this module at this time...

5.8AI score
Exploits0References2
Rows per page
Query Builder