Lucene search
K

27 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2025/12/01 9:44 a.m.7 views

Security Bulletin: IBM Maximo Application Suite - Monitor Component uses transformers-4.51.3-py3-none-any.whl which is vulnerable to CVE-2025-3933.

Summary IBM Maximo Application Suite - Monitor Component uses transformers-4.51.3-py3-none-any.whl which is vulnerable to CVE-2025-3933. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2025-3933 DESCRIPTION: A Regular Expression Deni...

5.3CVSS6.6AI score0.00431EPSS
Exploits1Affected Software1
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/11/11 7:44 a.m.2 views

Malicious code in donut-notthedevs (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 49baf6523329832c4696b711cbaab5fad85e5c152f15849e4da1c323535a28ab This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.9AI score
Exploits0
EUVD
EUVD
added 2025/11/11 7:44 a.m.1 views

EUVD-2025-77064

Malicious code in donut-notthedevs npm...

6.6AI score
Exploits0
OSV
OSV
added 2025/11/11 7:44 a.m.2 views

MAL-2025-101735 Malicious code in donut-notthedevs (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 49baf6523329832c4696b711cbaab5fad85e5c152f15849e4da1c323535a28ab This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.8AI score
Exploits0
Vulnrichment
Vulnrichment
added 2025/11/05 9:27 a.m.3 views

CVE-2025-11820 Graphina – Elementor Charts and Graphs <= 3.1.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Chart Widgets

The Graphina – Elementor Charts and Graphs plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple chart widgets in all versions up to, and including, 3.1.8 due to insufficient input sanitization and output escaping on data attributes. This makes it possible for authenticat...

6.4CVSS4.8AI score0.00227EPSS
Exploits0References6
EUVD
EUVD
added 2025/10/07 12:30 a.m.3 views

EUVD-2014-5596

Malware in sbrugna...

5.4CVSS6.4AI score0.00271EPSS
Exploits0References4
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/07/23 7:11 p.m.7 views

Malicious code in vis-donut-chart (npm)

The package communicates with a domain associated with malicious activity...

7AI score
Exploits0
OSV
OSV
added 2025/07/23 7:11 p.m.1 views

MAL-2025-6324 Malicious code in vis-donut-chart (npm)

The package communicates with a domain associated with malicious activity...

7.1AI score
Exploits0
OSV
OSV
added 2025/07/11 12:30 p.m.1 views

GHSA-37MW-44QP-F5JM Transformers is vulnerable to ReDoS attack through its DonutProcessor class

A Regular Expression Denial of Service ReDoS vulnerability was discovered in the Hugging Face Transformers library, specifically within the DonutProcessor class's token2json method. This vulnerability affects versions 4.51.3 and earlier, and is fixed in version 4.52.1. The issue arises from the...

5.3CVSS6.7AI score0.00431EPSS
Exploits1References5
Snyk
Snyk
added 2025/04/25 1:14 p.m.3 views

Regular Expression Denial of Service (ReDoS)

Overview transformers is a State-of-the-art Machine Learning for JAX, PyTorch and TensorFlow Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS via the token2json function in the processingdonut module. An attacker can cause high CPU usage and potential...

6.9CVSS6.9AI score0.00431EPSS
Exploits1References2
The Hacker News
The Hacker News
added 2024/07/16 9:0 a.m.39 views

Void Banshee APT Exploits Microsoft MHTML Flaw to Spread Atlantida Stealer

An advanced persistent threat APT group called Void Banshee has been observed exploiting a recently disclosed security flaw in the Microsoft MHTML browser engine as a zero-day to deliver an information stealer called Atlantida. Cybersecurity firm Trend Micro, which observed the activity in mid-Ma...

9.8CVSS9AI score0.99938EPSS
Exploits62
The Hacker News
The Hacker News
added 2024/07/03 3:56 a.m.50 views

Israeli Entities Targeted by Cyberattack Using Donut and Sliver Frameworks

Cybersecurity researchers have discovered an attack campaign that targets various Israeli entities with publicly-available frameworks like Donut and Sliver. The campaign, believed to be highly targeted in nature, "leverage target-specific infrastructure and custom WordPress websites as a payload...

6.9AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2024/01/17 8:32 p.m.35 views

Whispers of Atlantida: Safeguarding Your Digital Treasure

Recently, Rapid7 observed a new stealer named Atlantida. The stealer tricks users to download a malicious file from a compromised website, and uses several evasion techniques such as reflective loading and injection before the stealer is loaded. Atlantida steals a wide range of login information ...

7.3AI score
Exploits0
The Hacker News
The Hacker News
added 2024/01/16 7:13 a.m.63 views

Hackers Weaponize Windows Flaw to Deploy Crypto-Siphoning Phemedrone Stealer

Threat actors have been observed leveraging a now-patched security flaw in Microsoft Windows to deploy an open-source information stealer called Phemedrone Stealer. "Phemedrone targets web browsers and data from cryptocurrency wallets and messaging apps such as Telegram, Steam, and Discord," Tren...

8.8CVSS7AI score0.88196EPSS
Exploits2
The Hacker News
The Hacker News
added 2023/06/10 12:4 p.m.4 views

New SPECTRALVIPER Backdoor Targeting Vietnamese Public Companies

Vietnamese public companies have been targeted as part of an ongoing campaign that deploys a novel backdoor called SPECTRALVIPER. "SPECTRALVIPER is a heavily obfuscated, previously undisclosed, x64 backdoor that brings PE loading and injection, file upload and download, file and directory...

7.1AI score
Exploits0
Openbugbounty
Openbugbounty
added 2022/11/07 5:39 a.m.10 views

amsterdamdonutcoalitie.nl Cross Site Scripting vulnerability OBB-3040800

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

6.2AI score
Exploits0
Kitploit
Kitploit
added 2022/07/18 12:30 p.m.48 views

Koh - The Token Stealer

Koh is a C and Beacon Object File BOF toolset that allows for the capture of user credential material via purposeful token/logon session leakage. Some code was inspired by Elad Shamir's Internal-Monologue project no license, as well as KB180548. For why this is possible and Koh's approeach, see t...

7AI score
Exploits0References10
Kitploit
Kitploit
added 2021/09/28 8:30 p.m.37 views

LittleCorporal - A C# Automated Maldoc Generator

LittleCorporal: A C Automated Maldoc Generator C:\LittleCorporal\bin\ReleaseLittleCorporal.exe C:\beacon.bin explorer.exe . . . . | | ||/ |/ || | \ \ | | | | | \ \ \ | / / \ / / \ \ \ / \ \ \ | | | || || | | | | |\ /\ \ | / | | // | | | ||| || |/\ \ //|| | / /|| // / / / || / / \ / o\ /...

7.6AI score
Exploits0References4
Kitploit
Kitploit
added 2021/08/13 9:30 p.m.67 views

Nimplant - A Cross-Platform Implant Written In Nim

Nimplant is a cross-platform Linux & Windows implant written in Nim as a fun project to learn about Nim and see what it can bring to the table for red team tool development. Currently, Nimplant lacks extensive evasive tradecraft; however, overtime Nimplant will become much more sophisticated...

7.8AI score
Exploits0References3
Kitploit
Kitploit
added 2019/11/07 8:43 p.m.146 views

Donut - Generates X86, X64, Or AMD64+x86 Position-Independent Shellcode That Loads .NET Assemblies, PE Files, And Other Windows Payloads From Memory

Donut generates x86 or x64 shellcode from VBScript, JScript, EXE, DLL including .NET Assemblies files. This shellcode can be injected into an arbitrary Windows processes for in-memory execution. Given a supported file type, parameters and an entry point where applicable such as Program.Main, it...

8AI score
Exploits0References6
Rows per page
Query Builder