Lucene search
K

882 matches found

OSSF Malicious Packages
OSSF Malicious Packages
added 2 days ago9 views

Malicious code in fast-dotenv (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector da3250a4b69ccce49128d2e75ffb9e577746de4fb3afe0e0d242fbe5d094d02d The package presents itself as a.env loader but on load/config spawns a background thread that, after a 72–96 hour activation delay jittered by...

6.2AI score
Exploits0References6
NVD
NVD
added 3 days ago7 views

CVE-2026-61454

The Grav Admin2 plugin getgrav/grav-plugin-admin2 before 2.0.4 embeds a global JavaScript variable window.GRAVCONFIG in the Admin2 SPA bootstrap page at /grav/admin and its subroutes. This object is returned in every unauthenticated response and discloses the server URL, API prefix, admin base...

8.7CVSS0.00239EPSS
Exploits0References2
OSV
OSV
added 3 days ago3 views

CVE-2026-61454 Grav before 2.0.4 Information Disclosure via __GRAV_CONFIG__

The Grav Admin2 plugin getgrav/grav-plugin-admin2 before 2.0.4 embeds a global JavaScript variable window.GRAVCONFIG in the Admin2 SPA bootstrap page at /grav/admin and its subroutes. This object is returned in every unauthenticated response and discloses the server URL, API prefix, admin base...

8.7CVSS6.1AI score0.00239EPSS
Exploits0References4
EUVD
EUVD
added 4 days ago7 views

EUVD-2026-42800

The Chat Help – Click to Chat Button & Form plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.1.3 via the REST API endpoints /wp-json/chat-help/v1/leads and /wp-json/chat-help/v1/leads/id. This is due to the plugin not performing any...

7.5CVSS5.9AI score0.0047EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 4 days ago6 views

CVE-2026-15291

The Chat Help – Click to Chat Button & Form plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.1.3 via the REST API endpoints /wp-json/chat-help/v1/leads and /wp-json/chat-help/v1/leads/id. This is due to the plugin not performing any...

7.5CVSS5.9AI score0.0047EPSS
Exploits0References7
CVE
CVE
added 4 days ago8 views

CVE-2026-15291

The CVE-2026-15291 entry concerns the WordPress plugin Chat Help – Click to Chat Button & Form, vulnerable in all versions up to and including 3.1.3 due to missing authentication/authorization on REST endpoints /wp-json/chat-help/v1/leads and /wp-json/chat-help/v1/leads/{id}. Unauthenticated atta...

7.5CVSS5.9AI score0.0047EPSS
Exploits0References6
Fedora
Fedora
added 4 days ago6 views

[SECURITY] Fedora 43 Update: nmap-7.92-8.fc43

Nmap is a utility for network exploration or security auditing. It supports ping scanning determine which hosts are up, many port scanning techniques determine what services the hosts are offering, and TCP/IP fingerprinting remote host operating system identification. Nmap also offers flexible ta...

6.9CVSS6.6AI score0.00278EPSS
Exploits0
Fedora
Fedora
added 2026/07/03 12:56 a.m.11 views

[SECURITY] Fedora 44 Update: nmap-7.92-11.fc44

Nmap is a utility for network exploration or security auditing. It supports ping scanning determine which hosts are up, many port scanning techniques determine what services the hosts are offering, and TCP/IP fingerprinting remote host operating system identification. Nmap also offers flexible ta...

6.9CVSS6.6AI score0.00278EPSS
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/19 6:48 a.m.16 views

Malicious code in build-tracker-n5p1 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e731775fde27ad6db493d20397b27eee9b4a6ea0bf515f9516cc974ea3e12619 Package name suggests build telemetry tooling, but the tarball ships beacon scripts beacon18.js, beaconlinux.js wired to a postinstall lifecycle hook...

5.8AI score
Exploits0References2
OSV
OSV
added 2026/06/19 6:48 a.m.14 views

MAL-2026-6196 Malicious code in build-tracker-n5p1 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e731775fde27ad6db493d20397b27eee9b4a6ea0bf515f9516cc974ea3e12619 Package name suggests build telemetry tooling, but the tarball ships beacon scripts beacon18.js, beaconlinux.js wired to a postinstall lifecycle hook...

5.8AI score
Exploits0References2
OSV
OSV
added 2026/06/17 4:43 a.m.8 views

MAL-2026-5981 Malicious code in metrics-probe-64b2 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cae901b673ee21724897f69c782eb2808c55c2722bacc9912a4a3e60f7019883 package.json declares a postinstall hook "postinstall": "node run.js" that executes run.js automatically on every npm install. run.js imports os, fs,...

5.5AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/14 7:30 a.m.21 views

Malicious code in npm-sandbox-ping-c8f2a (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f5401a81d56283c310efebfe29af19c3e3fa331667f40adeed71a54627adc877 Package declares a postinstall hook "postinstall": "node run.js" in package.json that executes on every install. Bundled scripts beacon6.js and...

5.5AI score
Exploits0References2
OSV
OSV
added 2026/06/14 7:30 a.m.19 views

MAL-2026-5757 Malicious code in npm-sandbox-ping-c8f2a (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f5401a81d56283c310efebfe29af19c3e3fa331667f40adeed71a54627adc877 Package declares a postinstall hook "postinstall": "node run.js" in package.json that executes on every install. Bundled scripts beacon6.js and...

5.5AI score
Exploits0References2
OSV
OSV
added 2026/06/13 9:4 p.m.14 views

MAL-2026-5747 Malicious code in @giftyhq/widget-components (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8ad3f12a6a12fbfa60e4a72747df6974f89906200568926b99a8c93c489b5e62 package.json declares "preinstall": "node index.js", which fires automatically on npm install. index.js collects host fingerprinting data —...

5.3AI score
Exploits0References1
OSV
OSV
added 2026/06/13 7:19 a.m.24 views

MAL-2026-5739 Malicious code in sheratan_haha (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6b473b40e0c041d34e85161ed8c91e0e00d006a0822698a0d3994876cb685ddd On npm install, the package's declared postinstall hook node postinstall.js runs whoami on the installer's machine and POSTs the output to a hardcode...

5.4AI score
Exploits0References2
EUVD
EUVD
added 2026/06/11 6:38 p.m.10 views

EUVD-2026-36288

Garlic-Hub manages digital signage network — devices, content, and playlists — from a single self-hosted interface. Prior to version 1.1, authenticated users can cause the server to issue arbitrary HTTP requests to internal services via the uploadFromUrl endpoint. This allows internal port...

7.7CVSS5.5AI score0.00209EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/11 12:0 a.m.18 views

PT-2026-48709

Garlic-Hub manages digital signage network — devices, content, and playlists — from a single self-hosted interface. Prior to version 1.1, authenticated users can cause the server to issue arbitrary HTTP requests to internal services via the uploadFromUrl endpoint. This allows internal port...

7.7CVSS5.5AI score0.00209EPSS
Exploits0References3
Packet Storm News
Packet Storm News
added 2026/06/11 12:0 a.m.11 views

FortiSandbox Exposure Scanner

This Metasploit auxiliary scanner module performs passive exposure assessment of FortiSandbox deployments by identifying platform fingerprints, collecting publicly accessible version metadata, and evaluating API exposure levels without using exploit functionality. The module validates whether a...

5.3AI score
Exploits0
The Hacker News
The Hacker News
added 2026/06/10 4:8 p.m.15 views

China-Linked JDY Botnet Expands to 1,500+ Devices for Cyber Reconnaissance

Cybersecurity researchers have warned of a "resurgence and expansion" of JDY , a covert network associated with China-nexus state-sponsored threat actors. "The JDY botnet comprises over 1,500 SOHO small office and home office and IoT devices and operates as a centrally controlled, high-performanc...

5.6AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/09 8:29 p.m.14 views

Malicious code in getd-ui-library (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fcdbf66757b102ed524f01c498adae819b02968aa455f57316f4e08af1fb9ea0 On npm install, postinstall.js runs unconditionally scripts.postinstall = 'node postinstall.js' and sends an HTTPS GET to a hardcoded webhook.site UR...

6.1AI score
Exploits0References2
Rows per page
Query Builder