85161 matches found
Malicious code in nodemon-gulp (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 04b5ac5c522b156a64f943a2d8e2dfd170230d0a23ac0bae5ada0945c7aee4c7 The package name nodemon-gulp impersonates the widely used nodemon package and collides with the legitimate gulp-nodemon. The tarball is a...
Malicious code in chai-as-modified (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ab841cd3ab01bfcd1257a214489b41f10e236779e236a0672642777160245a9e Package name is a 1-2 character variant of the widely-used chai-as-promised plugin. The exported function — the entry point users pass to chai.use...
Malicious code in chain-chai-await (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 53dc585524bcc3e64a107006ba8c763591b071bb174c7acadd716b6e99ac1c34 The package presents itself as a pino-compatible logger exports pino, mirrors pino's lib/ layout with...
Malicious code in @wagni_bot/jupiter-sdk (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 39a61b5c33c6e519d3754f8518272984d1bf3bc2045e4f288ad36ac837d0ecf0 @wagnibot/jupiter-sdk 1.2.0 impersonates the Jupiter Solana DEX SDK namespace but ships no SDK functionality. package.json wires both preinstall and...
Malicious code in @wagni_bot/pumpfun-sdk (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c3c060b019bf424240d1dbb396577a6b8a1e6079de951e5732f5027e767bab20 On npm install, postinstall.js recursively walks the user's home directory harvesting cryptocurrency wallet material Solana id.json, Ethereum...
Malicious code in @wagni_bot/orca-sdk (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6fcc40768d3a7cdf73ca8664e00519e42639493a81144d6310af862b91816273 @wagnibot/[email protected] ships a single file, postinstall.js, which is registered as the package main and as both the preinstall and postinstall...
Malicious code in @wagni_bot/hyperliquid-sdk (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ca6ec83c9621f8afc9616d49876cc451ca8d99397d99288889b81298eb410d7e The package is scoped and named to impersonate the Hyperliquid exchange SDK @wagnibot/hyperliquid-sdk but ships no SDK code — only a harvester in...
Malicious code in @wagni_bot/binance-sdk (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ecce8bb9640527041b349f2309b950c39c04ed3b3d4de2477c43acc7144eeabc The package advertises itself as a Binance SDK but ships only postinstall.js, which is wired to both preinstall and postinstall lifecycle hooks. On n...
Malicious code in @wagni_bot/solana-sdk (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e15edf4a83ab4894a29882072554e493c1673695d5e6aaa734672ba6da084112 Package @wagnibot/solana-sdk impersonates a legitimate Solana SDK but contains no SDK functionality — main points at postinstall.js, which is a...
Malicious code in @wagni_bot/meteora-sdk (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3c9ce73824df41724095566c21d7ff98309575f9fc77c330606559bf5d194ab5 The package ships a single file postinstall.js that is wired to run at both preinstall and postinstall and is also the package main, so require...
Malicious code in @wagni_bot/ethereum-wallet (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 181ac4262af395234755b7e5755de0eff6cf084cab58c95e4660d3b2a66c385b @wagnibot/[email protected] ships a single file postinstall.js that is wired to run automatically via both preinstall and postinstall npm lifecyc...
Malicious code in @wagni_bot/web3-toolkit (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0a07053ee42572578f0fbeab5c9c8551fd2937f1126bc9c71c37546dfdf19edd The package installs a postinstall.js payload wired to both preinstall and postinstall lifecycle hooks and to main, so it runs automatically on npm...
Important: Red Hat Security Advisory: Red Hat OpenShift Data Foundation 4.22.0 security, enhancement & bug fix update
Red Hat OpenShift Data Foundation 4.22.0 security, enhancement & bug fix update Red Hat OpenShift Data Foundation 4.22.0 security, enhancement & bug fix update FIXED BUGS: ========== DFBUGS-8228: DRPolicy is not updated with the SC name after creating EC RBD pool and SC on a default replica3...
Security Bulletin: IBM Guardium Data Protection is affected by multiple vulnerabilities
Summary IBM Guardium Data Protection has addressed these vulnerabilities in an update. Vulnerability Details CVEID:CVE-2026-1933 DESCRIPTION: A flaw was found in Samba’s handling of NTFS-style reparse points on shares configured with read only = yes. Due to missing SMB-layer access checks,...
vuln-chain-3-4-14-demo
vuln-chain-spring-boot — a Trivy "green but owned" demo An in...
Malicious code in mchain-sdk (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a5249b7e6ec4cba8f4a3b2d332ec69069c1ca39eabec04a1372500ea25952280 package.json declares a postinstall hook node./src/core/index.js. That module immediately runs a top-level async IIFE that base64-decodes a URL store...
exploitarium
https://discord.gg/WytKH65ZR join up for research, help, documen...
GhostApproval Symlink Flaws Could Let Malicious Repos Run Code in AI Coding Agents
Researchers at Wiz found that a flaw in six popular AI coding assistants lets a booby-trapped code project quietly take control of a developer's computer. The assistant asks permission to edit one harmless-looking file, but the write lands on a sensitive one instead. The affected tools are Amazon...
cgit < 1.2.1 - Directory Traversal
cGit 1.2.1 via cgitcloneobjects has a directory traversal vulnerability when enable-http-clone=1 is not turned off, as demonstrated by a cgit/cgit.cgi/git/objects/?path=../ request. id: CVE-2018-14912 info: name: cgit 1.2.1 - Directory Traversal author: 0xAkoko severity: high description: cGit...
CVE-2026-42505 vulnerabilities
Vulnerabilities for packages: regclient, kubernetes, kubevirt-cdi-operator-fips, consul, slsa-verifier, kaniko, crossplane-provider-aws-inspector, gatus-fips, crossplane-provider-aws-redshift-fips, crossplane-provider-aws-servicediscovery, cluster-proportional-autoscaler, xeol, cilium-certgen,...