Lucene search
K

808479 matches found

The Hacker News
The Hacker News
added 36 minutes ago1 views

148 npm Packages Disguised as Student Proxies Turned Browsers Into a DDoS Botnet

A campaign of 148 npm packages disguised as student web proxies turned visitors' browsers into a distributed denial-of-service botnet for roughly two weeks in May, according to new research from JFrog. The packages did not go after the developers who might install them. The operators used the...

6.2AI score
Exploits0
GithubExploit
GithubExploit
added 2 hours ago5 views

Exploit for CVE-2026-52614

CVE-2026-52614 – RuoYi v4.8.3 filterKeyword bypass SQL injec...

6.2AI score
Exploits0
NVD
NVD
added 2 hours ago5 views

CVE-2026-15668

A vulnerability has been found in louisho5 picobot up to 0.2.0. This vulnerability affects the function WebTool.Execute of the file internal/agent/tools/web.go of the component web Tool. The manipulation of the argument url leads to server-side request forgery. The attack can be initiated remotel...

6.5CVSS
Exploits0References6
GithubExploit
GithubExploit
added 3 hours ago24 views

Exploit for CVE-2023-38646

cd /metabase-poc cat README.md -p 4444 -P 8000 -u http://loc...

9.8CVSS7.2AI score0.97924EPSS
Exploits37
EUVD
EUVD
added 3 hours ago3 views

EUVD-2026-43619

A vulnerability has been found in louisho5 picobot up to 0.2.0. This vulnerability affects the function WebTool.Execute of the file internal/agent/tools/web.go of the component web Tool. The manipulation of the argument url leads to server-side request forgery. The attack can be initiated remotel...

6.5CVSS6.2AI score
Exploits0References6
CVE
CVE
added 3 hours ago11 views

CVE-2026-15668

The CVE affects louisho5 picobot up to version 0.2.0, specifically the web Tool component. The vulnerability resides in WebTool.Execute (internal/agent/tools/web.go) where manipulation of the url argument enables server-side request forgery (SSRF). It is a network-vector, with low privileges requ...

6.5CVSS6.2AI score
Exploits0References6
ATTACKERKB
ATTACKERKB
added 3 hours ago5 views

CVE-2026-15668

A vulnerability has been found in louisho5 picobot up to 0.2.0. This vulnerability affects the function WebTool.Execute of the file internal/agent/tools/web.go of the component web Tool. The manipulation of the argument url leads to server-side request forgery. The attack can be initiated remotel...

6.5CVSS5.7AI score
Exploits0References6Affected Software1
Cvelist
Cvelist
added 3 hours ago10 views

CVE-2026-15668 louisho5 picobot web Tool web.go WebTool.Execute server-side request forgery

A vulnerability has been found in louisho5 picobot up to 0.2.0. This vulnerability affects the function WebTool.Execute of the file internal/agent/tools/web.go of the component web Tool. The manipulation of the argument url leads to server-side request forgery. The attack can be initiated remotel...

6.5CVSS
Exploits0References6
OSSF Malicious Packages
OSSF Malicious Packages
added 3 hours ago5 views

Malicious code in lusha-iam-widgets (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 46142505b88a255674663ced6e8bce8c8f3e28c0936e463e07463a7e1331e5af package.json declares the node-fetch dependency pinned to a tarball URL on registry.ctzbg.com, a host unrelated to the npm registry and unrelated to...

6.1AI score
Exploits0References1
OSV
OSV
added 3 hours ago1 views

MAL-2026-10533 Malicious code in lusha-iam-widgets (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 46142505b88a255674663ced6e8bce8c8f3e28c0936e463e07463a7e1331e5af package.json declares the node-fetch dependency pinned to a tarball URL on registry.ctzbg.com, a host unrelated to the npm registry and unrelated to...

6.1AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 3 hours ago6 views

Malicious code in n8n-nodes-social-facebook (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9ff182b11223b46877e54226944a8ba245ad486dd9dfd1027810a42f9c9e06a1 This n8n community node advertises Facebook automation and instructs the operator to paste a full Facebook session JSON captured via a Chrome extensi...

6.1AI score
Exploits0References1
OSV
OSV
added 3 hours ago0 views

MAL-2026-10536 Malicious code in n8n-nodes-social-facebook (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9ff182b11223b46877e54226944a8ba245ad486dd9dfd1027810a42f9c9e06a1 This n8n community node advertises Facebook automation and instructs the operator to paste a full Facebook session JSON captured via a Chrome extensi...

6.1AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 3 hours ago4 views

Malicious code in proxy-seller-mcp (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6ae92b460e6db9195467e69567fadc3286877ea8e6b121448288a4f77acf5201 Package is published as proxy-seller-mcp with author: "Proxy-Seller" in package.json and a README directing users to obtain an API key at...

6.1AI score
Exploits0References1
OSV
OSV
added 3 hours ago0 views

MAL-2026-10541 Malicious code in proxy-seller-mcp (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6ae92b460e6db9195467e69567fadc3286877ea8e6b121448288a4f77acf5201 Package is published as proxy-seller-mcp with author: "Proxy-Seller" in package.json and a README directing users to obtain an API key at...

6.1AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 4 hours ago5 views

Malicious code in skrill-payments (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3e517423e768b0086d0579e460801e0b14cb6e6751a810b23bd9f41954d92779 Package impersonates a Paysafe/Skrill payments SDK name 'skrill-payments', class PaysafeClient, spoofed 'github.com/paysafe/skrill-payments' reposito...

6.2AI score
Exploits0References1
OSV
OSV
added 4 hours ago1 views

MAL-2026-10543 Malicious code in skrill-payments (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3e517423e768b0086d0579e460801e0b14cb6e6751a810b23bd9f41954d92779 Package impersonates a Paysafe/Skrill payments SDK name 'skrill-payments', class PaysafeClient, spoofed 'github.com/paysafe/skrill-payments' reposito...

6.2AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 4 hours ago5 views

Malicious code in neteller (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 167278e6d334ec3629d24f3031e8dd2920ebbbdfd9ea4918cde2fd1d60e41c3c Package name and description impersonate the Paysafe-owned Neteller payment brand, with a fake repository URL 'github.com/paysafe/neteller'. The...

6.2AI score
Exploits0References1
OSV
OSV
added 4 hours ago1 views

MAL-2026-10538 Malicious code in neteller (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 167278e6d334ec3629d24f3031e8dd2920ebbbdfd9ea4918cde2fd1d60e41c3c Package name and description impersonate the Paysafe-owned Neteller payment brand, with a fake repository URL 'github.com/paysafe/neteller'. The...

6.2AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 4 hours ago4 views

Malicious code in postcss-animatecss (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector adfcae16a606f0b7eccb6cd94c1d1d0b583b19021bb15d04161f3ca8855aba61 The exported PostCSS plugin factory in [email protected] contains an obfuscator.io-obfuscated payload that executes on every consumer build...

6.5AI score
Exploits0References2
OSV
OSV
added 4 hours ago1 views

MAL-2026-10539 Malicious code in postcss-animatecss (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector adfcae16a606f0b7eccb6cd94c1d1d0b583b19021bb15d04161f3ca8855aba61 The exported PostCSS plugin factory in [email protected] contains an obfuscator.io-obfuscated payload that executes on every consumer build...

6.5AI score
Exploits0References2
Rows per page
Query Builder