Lucene search
K

1029 matches found

EUVD
EUVD
added yesterday6 views

EUVD-2026-43297

Certain devices in the WAGO System I/O Field series activate an internal diagnostic capability during the initial startup sequence. This functionality is not formally documented and becomes accessible without authentication for a brief period in the early boot phase. During this window, an...

9.8CVSS6.1AI score0.00447EPSS
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added yesterday7 views

Malicious code in prettier-plugin-base (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6e4c522699877c1eca1bb9c838a443e3c4bfa21950cf5c5b1d23182ae91a534e The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...

6.1AI score
Exploits0References2
NVD
NVD
added yesterday8 views

CVE-2026-4769

Certain devices in the WAGO System I/O Field series activate an internal diagnostic capability during the initial startup sequence. This functionality is not formally documented and becomes accessible without authentication for a brief period in the early boot phase. During this window, an...

9.8CVSS0.00447EPSS
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added yesterday4 views

Malicious code in imillegal4 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0e410fdca18f0aedc18130966449a52dce6ecc481c6d8c7b823764f09146d625 The tarball ships auto-publish.sh, a script that republishes the same payload under 100 distinct npm names ishowfeet1-ishowfeet20, nottuff1-nottuff30...

6.2AI score
Exploits0References4
OSSF Malicious Packages
OSSF Malicious Packages
added yesterday4 views

Malicious code in speed1 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 55f523969dc528b9e84ec2f5a875e316c09d97d41b25e28e66e0c3a218c453ce [email protected] is not a functional Node package. package.json declares main: sw.js, but sw.js is a browser ServiceWorker importScripts'./8cfc2/hgshm.js...

6.1AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added yesterday4 views

Malicious code in ishowfeet12 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b60cb6a8169d535b5e52d5fa3cb7a1a16bf4f2d15f87d894a4111da9b74fedae The tarball ships auto-publish.sh, a script that republishes the same payload under 100 distinct npm names ishowfeet1-ishowfeet20, nottuff1-nottuff30...

6.2AI score
Exploits0References4
OSSF Malicious Packages
OSSF Malicious Packages
added yesterday7 views

Malicious code in timmytuffknuckles9 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 342d7a44db99769023685647376a6042d5a9b345c281826484c9d88561f245ca Package is not a Node library — package.json declares main: sw.js, a browser Service Worker whose first line calls importScripts'./8cfc2/hgshm.js'...

6.2AI score
Exploits0References3
OSV
OSV
added yesterday2 views

MAL-2026-10361 Malicious code in omglucidesotuff (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d144d98f0e90909ee371acfeeec0ad2ffe44450335ddf7f7a58f71a53dc7b107 The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...

6.1AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 4 days ago8 views

Malicious code in nodepack-daemon (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b976e6ab638a52663d25f360bffec6706dc82991ad27c552788a5a4d785ff89f The package presents itself as the popular pino logger README badges, file layout mirroring pino's lib/proto.js, lib/redaction.js, lib/transport.js,...

6.5AI score
Exploits0References2
OSV
OSV
added 2026/07/07 4:12 p.m.10 views

MAL-2026-6948 Malicious code in runtimedev-link (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e049b6382f522be35ebc44b090d56723dacfc2fe15ffa05b345fe46f5aea392a The package presents itself as "Pure Node.js telemetry for RuntimeDev platform" but implements a full remote-access trojan. The runtimedev-link bin,...

6.3AI score
Exploits0References14
OSV
OSV
added 2026/07/07 3:34 p.m.6 views

MAL-2026-6936 Malicious code in nonexistent-package (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9393b3fc67ac5c169de7089d2f5100b5cb49af4e2b747b46726660bebc2bf66a No a static rule matches and no traced behavioral findings were produced for this package version. Nothing in the analyzed artifacts indicates...

6.2AI score
Exploits0References2
OSV
OSV
added 2026/07/07 3:34 p.m.9 views

MAL-2026-6933 Malicious code in hook-augmenting-module (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0fbb17d535ecc8b30b2ab54a487691ec2e427f9dbc3c0e20acad414bb25f3203 Analysis of this package version produced no static or behavioral findings indicating installer-side harm. No exfiltration, install-time code fetch,...

6.1AI score
Exploits0References2
OSV
OSV
added 2026/07/07 3:13 p.m.7 views

MAL-2026-6919 Malicious code in chai-chain-dom (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f1964693dd7c2bdd9ca7ae20eb441597571b1b78a689bd97648998c6442bda99 Package impersonates the pino logger exports module.exports.pino, README uses pino badge, keywords mimic pino but its actual behavior is a remote cod...

6.3AI score
Exploits0References4
EUVD
EUVD
added 2026/07/07 12:57 p.m.7 views

EUVD-2026-42036

Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 an improper authentication vulnerability. An unauthenticated attacker with remote...

9.8CVSS6.1AI score0.00625EPSS
Exploits0References1
OSV
OSV
added 2026/07/06 6:59 p.m.6 views

MAL-2026-6899 Malicious code in twcompose-utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 096d151917a14021013de8dbd595466944a677be49ee8ca4b3ed94de63d85cd9 The package's main entry point src/index.js contains heavily obfuscated JavaScript at line 138 using a classic string-array shuffle pattern while!!...

6.1AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/07/03 4:6 p.m.9 views

Malicious code in api-node-utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 9ac5b00d553b256f998ea13be45b7f41a939f85e3c272bf24fd91ad6747c6266 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.9AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/07/03 3:37 p.m.12 views

Malicious code in @jacobtan/decode-sdk (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a99e8b0d7812c216410fc0ff557698f61a595d4ded8579c18fab63ab3ac8b924 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.9AI score
Exploits0References1
OSV
OSV
added 2026/06/30 3:13 p.m.9 views

MAL-2026-6684 Malicious code in postcss-property-rollup (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector acb8d62cdeb6a2c19937f3d02aa6214a23114e4dbc38373e6107c8345c3f1f9f [email protected] was scanned with no a static rule matches and no behavioral findings. No exfiltration, install-time fetch-and-execute,...

6.1AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/29 4:53 p.m.12 views

Malicious code in @digitalpharmacist/http-error-util (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware bd3874246d23d6027bd09962515c8e79a0246740ff5fc6f853270c0a40271d18 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.8AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/29 4:53 p.m.12 views

Malicious code in @img-hls/vtt.js (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ad530c5830e0148f1b5b34ac28336c1b1468d5a11ffa2ff265368e13199cceb4 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.8AI score
Exploits0References1
Rows per page
Query Builder