Lucene search
K

4185 matches found

OSSF Malicious Packages
OSSF Malicious Packages
added yesterday4 views

Malicious code in load-nuxt (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d5e95bb337136d6bfafcd6f21bb8cb1d98da703f7e20b851b3af82876018ffac Package name resembles the Nuxt ecosystem's helper naming 'load-nuxt' and is published at version 99.0.3, a version-number shape frequently used in...

6.2AI score
Exploits0References2
OSV
OSV
added 2 days ago3 views

MAL-2026-6894 Malicious code in tracing-str (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 466143b5f195d4924e2227921a288954ecec9ed34d52af8ff433056f5ff56903 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.9AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2 days ago6 views

Malicious code in tailstyle-core (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a1031106331d6d541cce2f0fab7f60d64f96e8cd7bbe718407fd42ad8ea21e4a No suspicious behaviors were observed in this package version. There are no lifecycle scripts performing remote fetches, no obfuscated payloads, no...

6AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2 days ago5 views

Malicious code in react-next-dom (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 2a7b3360c09fca3400981d3d0d4c5e8a72c8193e0841c5d2eceb193a08fc440e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.9AI score
Exploits0References1
CVE
CVE
added 2026/07/01 5:48 p.m.23 views

CVE-2026-50160

Hoppscotch self-hosted deployments (Hoppscotch-backend

10CVSS6.1AI score0.0059EPSS
Exploits1References3Affected Software1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/30 3:13 p.m.4 views

Malicious code in agent-starter-pack (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3a6a3e60c2dc67c55d728aaefbc972de29f46bdbfe7f013b3b6cde05907c2397 Package [email protected] was scanned with no a static rule matches and no behavioral findings. No lifecycle scripts, network destinations,...

5.9AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/30 2:10 p.m.5 views

Malicious code in ts-lint-builders-v2.1 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7fc4c23edadea0930347028a24b67219dad6d3cbc4ec0fe1f93e8954425107ad On npm install, the package's postinstall hook node test.js executes a multi-stage attack against the installer. 1 It recursively scans the current...

5.8AI score
Exploits0References2
CVE
CVE
added 2026/06/30 9:10 a.m.12 views

CVE-2026-12076

Vulnerability summary (CVE-2026-12076): Raytha CMS is affected by a SQL Injection in the OData filter parsing pipeline. The flaw allows a remote, unauthenticated attacker to execute arbitrary SQL against a PostgreSQL database, potentially leading to full database compromise and credential extract...

9.3CVSS5.9AI score0.00431EPSS
Exploits0References2
OSV
OSV
added 2026/06/23 6:19 a.m.7 views

MAL-2026-6276 Malicious code in node-core-libs (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d33f74e3f73fd5580ecf994b7db0349ee540754d65d4467b8b04b8c79e3d257b scripts/postinstall.js runs automatically on npm install Windows only and behaves as a classic install-time dropper. It XOR-decodes key 0x5A a...

6.4AI score
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/23 12:0 a.m.22 views

PT-2026-51653

Name of the Vulnerable Software and Affected Versions Hoppscotch affected versions not specified Description Four independent weaknesses allow an unauthenticated request to lead to full server compromise. Recommendations At the moment, there is no information about a newer version that contains a...

10CVSS5.9AI score0.0059EPSS
Exploits1References12
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/18 3:18 p.m.8 views

Malicious code in parket-helper (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 31d62a38af75a45a91e590e0cffe4f58e900fe726b4323af1e481118d146277c index.js imports childprocess and invokes execSync with bash and zsh shells lines 315 and 331. Without traced reachability, it is not established...

5.9AI score
Exploits0References2
NVD
NVD
added 2026/06/17 9:16 p.m.13 views

CVE-2026-48821

Shaarli is a personal bookmarking service. Versions 0.16.1 and prior contain a DOM-based Cross-Site Scripting XSS vulnerability in the Thumbnail Synchronizer feature. When an administrator runs the thumbnail update process, malicious bookmark titles are returned via an AJAX response and inserted...

5.8CVSS0.0013EPSS
Exploits0References2
CVE
CVE
added 2026/06/17 8:33 p.m.21 views

CVE-2026-48821

Shaarli versions ≤ 0.16.1 are affected by a DOM-based XSS in the Thumbnail Synchronizer. The ThumbnailsController::ajaxUpdate backend returns unescaped bookmark titles in JSON via an AJAX response, which are injected into the DOM by thumbnails-update.js using innerHTML. This requires an administr...

5.8CVSS5.3AI score0.0013EPSS
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/17 11:11 a.m.7 views

Malicious code in @mastra/github-signals (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e263abbd9ed9975f3f8aaecfd1a780616bc3aef00238ed9ba9075b5bf4e38f37 The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...

5.4AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/17 5:7 a.m.7 views

Malicious code in @mastra/voice-google-gemini-live (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7292d326aee198d9a062ea2ac2675a0c48058faacb97aee1b862c8605b9a0658 The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...

5.4AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/17 5:6 a.m.7 views

Malicious code in @mastra/google-cloud-pubsub (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f1bd3f8519d6016a066d4268dae0e9c0d20ca87350cc759832b6053128a5b8d8 The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...

5.4AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/17 5:6 a.m.6 views

Malicious code in @mastra/blaxel (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2cecc2be49f20a0d56a77e30e6da0ad8716ecc2fe9410e6b83a93fbce2db5c66 The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...

5.4AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/17 4:57 a.m.5 views

Malicious code in @mastra/chroma (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a18696e99554013ec1bb0d7a66c97f48ee65edc6cc6f8f2d4f6c9e26d88268fe The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...

5.4AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/17 4:57 a.m.8 views

Malicious code in @mastra/auth-auth0 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 05fc4efe1a6db0606009fd2ff413d54c78874eec38e20ca1a3dbb3ee053fc734 The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...

5.4AI score
Exploits0References2
OSV
OSV
added 2026/06/17 4:55 a.m.9 views

MAL-2026-6028 Malicious code in @mastra/memory (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 92f78b0ff07c91489b166d3ba2d6d7405f35c26a8ba156d4f920d5595c3d0f67 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.4AI score
Exploits0References1
Rows per page
Query Builder