Lucene search
K

2016 matches found

OSSF Malicious Packages
OSSF Malicious Packages
added yesterday5 views

Malicious code in abuden222 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4c141ada78ccdede0bb49a76d998fcf07eb4cc60c58cce5fdc1b5933b85a817d The tarball ships auto-publish.sh, a script that republishes the same payload under 100 distinct npm names ishowfeet1-ishowfeet20, nottuff1-nottuff30...

6.2AI score
Exploits0References4
OSSF Malicious Packages
OSSF Malicious Packages
added yesterday5 views

Malicious code in abuden224 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e4b6da7762075dee890b0878af8420637eed76f394f658992c5e10454e09e1e2 The tarball ships auto-publish.sh, a script that republishes the same payload under 100 distinct npm names ishowfeet1-ishowfeet20, nottuff1-nottuff30...

6.2AI score
Exploits0References4
OSSF Malicious Packages
OSSF Malicious Packages
added yesterday4 views

Malicious code in abuden226 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f8a4986d9e75be69083a7905e5ef5e4558e17fe8b9f15777a9cd692c882b9d6b The tarball ships auto-publish.sh, a script that republishes the same payload under 100 distinct npm names ishowfeet1-ishowfeet20, nottuff1-nottuff30...

6.2AI score
Exploits0References4
OSSF Malicious Packages
OSSF Malicious Packages
added yesterday4 views

Malicious code in ishowfeet20 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 57470f610cd7e988daef50a3a2587778f3dce2cb1584572d4a1795876f9cf6fe The tarball ships auto-publish.sh, a script that republishes the same payload under 100 distinct npm names ishowfeet1-ishowfeet20, nottuff1-nottuff30...

6.2AI score
Exploits0References4
OSSF Malicious Packages
OSSF Malicious Packages
added yesterday3 views

Malicious code in ishowfeet2 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 33cbeb0130c1ef8842cc7d912f9d12b756efd200949266a3232a83cbfd2cdce4 The tarball ships auto-publish.sh, a script that republishes the same payload under 100 distinct npm names ishowfeet1-ishowfeet20, nottuff1-nottuff30...

6.2AI score
Exploits0References4
OSSF Malicious Packages
OSSF Malicious Packages
added 5 days ago10 views

Malicious code in txs-builder-lib (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 55bb13d76ebc74c36f68dd219079500d0bdb60e4bc07f8089eefbcde91bbdeac The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...

5.9AI score
Exploits0References4
OSSF Malicious Packages
OSSF Malicious Packages
added 6 days ago11 views

Malicious code in na-rony (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 193f3dbfb6073e7b6c5dacb0e79157ccac9c69ac4c23d2c8270cc23d27cab699 package.json declares postinstall: node index.js, causing index.js to execute automatically on npm install. The script collects the installer's OS...

6AI score
Exploits0References5
Cvelist
Cvelist
added last week37 views

CVE-2026-53481

Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an improper limitation of a pathname to a restricted directory 'Path...

9.8CVSS0.00632EPSS
Exploits0References1
CVE
CVE
added last week16 views

CVE-2026-53481

Dell PowerProtect Data Domain is affected by a Path Traversal vulnerability (CVE-2026-53481) in versions 7.7.1.0–8.7, including LTS2026 (8.6.1.0–8.6.1.10), LTS2025 (8.3.1.0–8.3.1.30), and LTS2024 (7.13.1.0–7.13.1.70). An unauthenticated, remotely accessible attacker could exploit this to gain una...

9.8CVSS6AI score0.00632EPSS
Exploits0References1Affected Software1
CVE
CVE
added last week19 views

CVE-2026-53483

Dell PowerProtect Data Domain is affected (versions 7.7.1.0–8.7; LTS2026 8.6.1.0–8.6.1.10; LTS2025 8.3.1.0–8.3.1.30; LTS2024 7.13.1.0–7.13.1.70) by an improper authentication vulnerability. An unauthenticated attacker with remote access could exploit this to gain unauthorized access and take comp...

9.8CVSS6.1AI score0.00625EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/07/07 12:0 a.m.19 views

PT-2026-56187

Name of the Vulnerable Software and Affected Versions Dell PowerProtect Data Domain versions 7.7.1.0 through 8.7 Dell PowerProtect Data Domain versions 8.6.1.0 through 8.6.1.10 Dell PowerProtect Data Domain versions 8.3.1.0 through 8.3.1.30 Dell PowerProtect Data Domain versions 7.13.1.0 through...

9.8CVSS6.1AI score0.00625EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/07/07 12:0 a.m.9 views

PT-2026-56186

Name of the Vulnerable Software and Affected Versions Dell PowerProtect Data Domain versions 7.7.1.0 through 8.7 Dell PowerProtect Data Domain versions 8.6.1.0 through 8.6.1.10 Dell PowerProtect Data Domain versions 8.3.1.0 through 8.3.1.30 Dell PowerProtect Data Domain versions 7.13.1.0 through...

9.8CVSS6.1AI score0.00632EPSS
Exploits0References5
OSV
OSV
added 2026/07/06 7:0 p.m.3 views

MAL-2026-6902 Malicious code in wime-zle (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a3e5a49f13ac5ae3e92267b63357dc81d37b138ed5981949b12e51a09095e2b0 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.9AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/07/06 6:58 p.m.6 views

Malicious code in tracing-str (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 466143b5f195d4924e2227921a288954ecec9ed34d52af8ff433056f5ff56903 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.9AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/07/06 6:58 p.m.7 views

Malicious code in stacknova (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 4eea780e4546d725f38c35c635625e60354e7f48a79c1fcbe76f87e2498d9ce4 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.9AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/07/06 6:53 p.m.7 views

Malicious code in metrica-node (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 6a0ee3435b3bf0949e63f6770b91c6bb1e2d7912054dc1cb9382e3eae20c84ac Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.9AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/07/06 6:53 p.m.6 views

Malicious code in eth-tick (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f96638eb8282b1eccbe4d7c1b1076340ac1b870d325856e2ad5415c2bf2737eb Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.9AI score
Exploits0References1
OSV
OSV
added 2026/07/06 6:53 p.m.6 views

MAL-2026-6822 Malicious code in fastnodemailer (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 767201ea4bfd4f0c6950f9d6fadf4f9e38c9e72e56abd975ac1b49864ffc04a6 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.9AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/07/06 12:0 a.m.9 views

Malicious code in zredis-typed (npm)

zredis-typed is a malicious npm package and part of the multi-wave "forge-jsx" cross-platform RAT campaign Wave 4. It was published by npm account 'donimique' [email protected]. The package.json description 'Node.js integration layer for Autodesk Forge' and the bundled README.md literally...

6.2AI score
Exploits0References4
BDU FSTEC
BDU FSTEC
added 2026/07/06 12:0 a.m.3 views

The vulnerability of the Internal Operations component of the “from order to payment” automation module in Oracle Receivables, a business automation system from Oracle E-Business Suite. This vulnerability allows a perpetrator to gain full control over the application.

The vulnerability of the Internal Operations component of the “from order to payment” automation module in Oracle Receivables, a business automation system from Oracle E-Business Suite, is related to deficiencies in access control. Exploiting this vulnerability could allow an attacker operating...

8.1CVSS5.9AI score0.00366EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder