808479 matches found
148 npm Packages Disguised as Student Proxies Turned Browsers Into a DDoS Botnet
A campaign of 148 npm packages disguised as student web proxies turned visitors' browsers into a distributed denial-of-service botnet for roughly two weeks in May, according to new research from JFrog. The packages did not go after the developers who might install them. The operators used the...
Exploit for CVE-2026-52614
CVE-2026-52614 – RuoYi v4.8.3 filterKeyword bypass SQL injec...
CVE-2026-15668
A vulnerability has been found in louisho5 picobot up to 0.2.0. This vulnerability affects the function WebTool.Execute of the file internal/agent/tools/web.go of the component web Tool. The manipulation of the argument url leads to server-side request forgery. The attack can be initiated remotel...
Exploit for CVE-2023-38646
cd /metabase-poc cat README.md -p 4444 -P 8000 -u http://loc...
EUVD-2026-43619
A vulnerability has been found in louisho5 picobot up to 0.2.0. This vulnerability affects the function WebTool.Execute of the file internal/agent/tools/web.go of the component web Tool. The manipulation of the argument url leads to server-side request forgery. The attack can be initiated remotel...
CVE-2026-15668
The CVE affects louisho5 picobot up to version 0.2.0, specifically the web Tool component. The vulnerability resides in WebTool.Execute (internal/agent/tools/web.go) where manipulation of the url argument enables server-side request forgery (SSRF). It is a network-vector, with low privileges requ...
CVE-2026-15668
A vulnerability has been found in louisho5 picobot up to 0.2.0. This vulnerability affects the function WebTool.Execute of the file internal/agent/tools/web.go of the component web Tool. The manipulation of the argument url leads to server-side request forgery. The attack can be initiated remotel...
CVE-2026-15668 louisho5 picobot web Tool web.go WebTool.Execute server-side request forgery
A vulnerability has been found in louisho5 picobot up to 0.2.0. This vulnerability affects the function WebTool.Execute of the file internal/agent/tools/web.go of the component web Tool. The manipulation of the argument url leads to server-side request forgery. The attack can be initiated remotel...
Malicious code in lusha-iam-widgets (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 46142505b88a255674663ced6e8bce8c8f3e28c0936e463e07463a7e1331e5af package.json declares the node-fetch dependency pinned to a tarball URL on registry.ctzbg.com, a host unrelated to the npm registry and unrelated to...
MAL-2026-10533 Malicious code in lusha-iam-widgets (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 46142505b88a255674663ced6e8bce8c8f3e28c0936e463e07463a7e1331e5af package.json declares the node-fetch dependency pinned to a tarball URL on registry.ctzbg.com, a host unrelated to the npm registry and unrelated to...
Malicious code in n8n-nodes-social-facebook (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9ff182b11223b46877e54226944a8ba245ad486dd9dfd1027810a42f9c9e06a1 This n8n community node advertises Facebook automation and instructs the operator to paste a full Facebook session JSON captured via a Chrome extensi...
MAL-2026-10536 Malicious code in n8n-nodes-social-facebook (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9ff182b11223b46877e54226944a8ba245ad486dd9dfd1027810a42f9c9e06a1 This n8n community node advertises Facebook automation and instructs the operator to paste a full Facebook session JSON captured via a Chrome extensi...
Malicious code in proxy-seller-mcp (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6ae92b460e6db9195467e69567fadc3286877ea8e6b121448288a4f77acf5201 Package is published as proxy-seller-mcp with author: "Proxy-Seller" in package.json and a README directing users to obtain an API key at...
MAL-2026-10541 Malicious code in proxy-seller-mcp (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6ae92b460e6db9195467e69567fadc3286877ea8e6b121448288a4f77acf5201 Package is published as proxy-seller-mcp with author: "Proxy-Seller" in package.json and a README directing users to obtain an API key at...
Malicious code in skrill-payments (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3e517423e768b0086d0579e460801e0b14cb6e6751a810b23bd9f41954d92779 Package impersonates a Paysafe/Skrill payments SDK name 'skrill-payments', class PaysafeClient, spoofed 'github.com/paysafe/skrill-payments' reposito...
MAL-2026-10543 Malicious code in skrill-payments (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3e517423e768b0086d0579e460801e0b14cb6e6751a810b23bd9f41954d92779 Package impersonates a Paysafe/Skrill payments SDK name 'skrill-payments', class PaysafeClient, spoofed 'github.com/paysafe/skrill-payments' reposito...
Malicious code in neteller (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 167278e6d334ec3629d24f3031e8dd2920ebbbdfd9ea4918cde2fd1d60e41c3c Package name and description impersonate the Paysafe-owned Neteller payment brand, with a fake repository URL 'github.com/paysafe/neteller'. The...
MAL-2026-10538 Malicious code in neteller (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 167278e6d334ec3629d24f3031e8dd2920ebbbdfd9ea4918cde2fd1d60e41c3c Package name and description impersonate the Paysafe-owned Neteller payment brand, with a fake repository URL 'github.com/paysafe/neteller'. The...
Malicious code in postcss-animatecss (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector adfcae16a606f0b7eccb6cd94c1d1d0b583b19021bb15d04161f3ca8855aba61 The exported PostCSS plugin factory in [email protected] contains an obfuscator.io-obfuscated payload that executes on every consumer build...
MAL-2026-10539 Malicious code in postcss-animatecss (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector adfcae16a606f0b7eccb6cd94c1d1d0b583b19021bb15d04161f3ca8855aba61 The exported PostCSS plugin factory in [email protected] contains an obfuscator.io-obfuscated payload that executes on every consumer build...