Lucene search
K

85161 matches found

OSSF Malicious Packages
OSSF Malicious Packages
added yesterday2 views

Malicious code in nodemon-gulp (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 04b5ac5c522b156a64f943a2d8e2dfd170230d0a23ac0bae5ada0945c7aee4c7 The package name nodemon-gulp impersonates the widely used nodemon package and collides with the legitimate gulp-nodemon. The tarball is a...

5.9AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added yesterday2 views

Malicious code in chai-as-modified (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ab841cd3ab01bfcd1257a214489b41f10e236779e236a0672642777160245a9e Package name is a 1-2 character variant of the widely-used chai-as-promised plugin. The exported function — the entry point users pass to chai.use...

6.1AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added yesterday2 views

Malicious code in chain-chai-await (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 53dc585524bcc3e64a107006ba8c763591b071bb174c7acadd716b6e99ac1c34 The package presents itself as a pino-compatible logger exports pino, mirrors pino's lib/ layout with...

6.7AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added yesterday2 views

Malicious code in @wagni_bot/jupiter-sdk (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 39a61b5c33c6e519d3754f8518272984d1bf3bc2045e4f288ad36ac837d0ecf0 @wagnibot/jupiter-sdk 1.2.0 impersonates the Jupiter Solana DEX SDK namespace but ships no SDK functionality. package.json wires both preinstall and...

6AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added yesterday2 views

Malicious code in @wagni_bot/pumpfun-sdk (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c3c060b019bf424240d1dbb396577a6b8a1e6079de951e5732f5027e767bab20 On npm install, postinstall.js recursively walks the user's home directory harvesting cryptocurrency wallet material Solana id.json, Ethereum...

6AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added yesterday2 views

Malicious code in @wagni_bot/orca-sdk (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6fcc40768d3a7cdf73ca8664e00519e42639493a81144d6310af862b91816273 @wagnibot/[email protected] ships a single file, postinstall.js, which is registered as the package main and as both the preinstall and postinstall...

6AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added yesterday2 views

Malicious code in @wagni_bot/hyperliquid-sdk (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ca6ec83c9621f8afc9616d49876cc451ca8d99397d99288889b81298eb410d7e The package is scoped and named to impersonate the Hyperliquid exchange SDK @wagnibot/hyperliquid-sdk but ships no SDK code — only a harvester in...

6AI score
Exploits0References7
OSSF Malicious Packages
OSSF Malicious Packages
added yesterday2 views

Malicious code in @wagni_bot/binance-sdk (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ecce8bb9640527041b349f2309b950c39c04ed3b3d4de2477c43acc7144eeabc The package advertises itself as a Binance SDK but ships only postinstall.js, which is wired to both preinstall and postinstall lifecycle hooks. On n...

6AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added yesterday2 views

Malicious code in @wagni_bot/solana-sdk (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e15edf4a83ab4894a29882072554e493c1673695d5e6aaa734672ba6da084112 Package @wagnibot/solana-sdk impersonates a legitimate Solana SDK but contains no SDK functionality — main points at postinstall.js, which is a...

6.1AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added yesterday2 views

Malicious code in @wagni_bot/meteora-sdk (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3c9ce73824df41724095566c21d7ff98309575f9fc77c330606559bf5d194ab5 The package ships a single file postinstall.js that is wired to run at both preinstall and postinstall and is also the package main, so require...

6AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added yesterday2 views

Malicious code in @wagni_bot/ethereum-wallet (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 181ac4262af395234755b7e5755de0eff6cf084cab58c95e4660d3b2a66c385b @wagnibot/[email protected] ships a single file postinstall.js that is wired to run automatically via both preinstall and postinstall npm lifecyc...

6AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added yesterday2 views

Malicious code in @wagni_bot/web3-toolkit (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0a07053ee42572578f0fbeab5c9c8551fd2937f1126bc9c71c37546dfdf19edd The package installs a postinstall.js payload wired to both preinstall and postinstall lifecycle hooks and to main, so it runs automatically on npm...

6.2AI score
Exploits0References2
RedHat Linux
RedHat Linux
added yesterday8 views

Important: Red Hat Security Advisory: Red Hat OpenShift Data Foundation 4.22.0 security, enhancement & bug fix update

Red Hat OpenShift Data Foundation 4.22.0 security, enhancement & bug fix update Red Hat OpenShift Data Foundation 4.22.0 security, enhancement & bug fix update FIXED BUGS: ========== DFBUGS-8228: DRPolicy is not updated with the SC name after creating EC RBD pool and SC on a default replica3...

10CVSS7AI score0.01261EPSS
Exploits10References53
IBM Security Bulletins
IBM Security Bulletins
added yesterday3 views

Security Bulletin: IBM Guardium Data Protection is affected by multiple vulnerabilities

Summary IBM Guardium Data Protection has addressed these vulnerabilities in an update. Vulnerability Details CVEID:CVE-2026-1933 DESCRIPTION: A flaw was found in Samba’s handling of NTFS-style reparse points on shares configured with read only = yes. Due to missing SMB-layer access checks,...

9.8CVSS6.9AI score0.12797EPSS
Exploits10Affected Software1
GithubExploit
GithubExploit
added yesterday30 views

vuln-chain-3-4-14-demo

vuln-chain-spring-boot — a Trivy "green but owned" demo An in...

5.9CVSS6AI score0.00385EPSS
Exploits1
OSSF Malicious Packages
OSSF Malicious Packages
added yesterday4 views

Malicious code in mchain-sdk (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a5249b7e6ec4cba8f4a3b2d332ec69069c1ca39eabec04a1372500ea25952280 package.json declares a postinstall hook node./src/core/index.js. That module immediately runs a top-level async IIFE that base64-decodes a URL store...

6AI score
Exploits0References2
GithubExploit
GithubExploit
added yesterday38 views

exploitarium

https://discord.gg/WytKH65ZR join up for research, help, documen...

9.2CVSS7.3AI score0.00732EPSS
Exploits11
The Hacker News
The Hacker News
added yesterday3 views

GhostApproval Symlink Flaws Could Let Malicious Repos Run Code in AI Coding Agents

Researchers at Wiz found that a flaw in six popular AI coding assistants lets a booby-trapped code project quietly take control of a developer's computer. The assistant asks permission to edit one harmless-looking file, but the write lands on a sensitive one instead. The affected tools are Amazon...

6AI score
Exploits0
Nuclei
Nuclei
added yesterday104 views

cgit < 1.2.1 - Directory Traversal

cGit 1.2.1 via cgitcloneobjects has a directory traversal vulnerability when enable-http-clone=1 is not turned off, as demonstrated by a cgit/cgit.cgi/git/objects/?path=../ request. id: CVE-2018-14912 info: name: cgit 1.2.1 - Directory Traversal author: 0xAkoko severity: high description: cGit...

7.5CVSS7.1AI score0.93188EPSS
Exploits7References5
Chainguard
Chainguard
added yesterday4 views

CVE-2026-42505 vulnerabilities

Vulnerabilities for packages: regclient, kubernetes, kubevirt-cdi-operator-fips, consul, slsa-verifier, kaniko, crossplane-provider-aws-inspector, gatus-fips, crossplane-provider-aws-redshift-fips, crossplane-provider-aws-servicediscovery, cluster-proportional-autoscaler, xeol, cilium-certgen,...

5.3CVSS5.9AI score0.00419EPSS
Exploits0
Rows per page
Query Builder