Lucene search
K

15 matches found

OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/09 5:34 p.m.18 views

Malicious code in o3forms (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4d094d4429f1492bb6b99d802de86b97dc972e06d680a1287846e6d1635fe457 The package name impersonates the OpenMRS O3 forms ecosystem legitimate packages are published under the @openmrs/ scope. package.json declares an...

5.6AI score
Exploits0References2
OSV
OSV
added 2026/06/09 5:34 p.m.11 views

MAL-2026-5450 Malicious code in o3forms (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4d094d4429f1492bb6b99d802de86b97dc972e06d680a1287846e6d1635fe457 The package name impersonates the OpenMRS O3 forms ecosystem legitimate packages are published under the @openmrs/ scope. package.json declares an...

5.6AI score
Exploits0References2
The Hacker News
The Hacker News
added 2026/05/04 2:23 p.m.22 views

⚡ Weekly Recap: AI-Powered Phishing, Android Spying Tool, Linux Exploit, GitHub RCE & More

This week, the shadows moved faster than the patches. While most teams were still triaging last month’s alerts, attackers had already turned control panels into kill switches, kernels into open doors, and open-source pipelines into silent delivery systems. The game has shifted from breach to...

9.9CVSS8AI score0.981EPSS
Exploits321
Packet Storm News
Packet Storm News
added 2026/03/24 12:0 a.m.7 views

Agent Audit: A Security Analysis System for LLM Agent Applications

What should a developer inspect before deploying an LLM agent: the model, the tool code, the deployment configuration, or all three? In practice, many security failures in agent systems arise not from model weights alone, but from the surrounding software stack: tool functions that pass untrusted...

5.9AI score
Exploits0
OSV
OSV
added 2025/08/13 5:15 a.m.3 views

MAL-2025-191832 Malicious code in pycrackhash (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 b3323afe460298d80a354497acdd641752c5fb6bce2dce3d7e7625d7a46f1d7c When using methods from the package, it downloads an obfuscated code from Github and puts it in multiple localisation. While it appears that this code is used ...

7.1AI score
Exploits0References1
Packet Storm News
Packet Storm News
added 2025/06/21 12:0 a.m.4 views

RAS-Eval: a Comprehensive Benchmark for Security Evaluation of LLM Agents in Real-World Environments

The rapid deployment of Large language model LLM agents in critical domains like healthcare and finance necessitates robust security frameworks. To address the absence of standardized evaluation benchmarks for these agents in dynamic environments, we introduce RAS-Eval, a comprehensive security...

7.3AI score
Exploits0
BDU FSTEC
BDU FSTEC
added 2024/10/17 12:0 a.m.8 views

The vulnerability of the Docker Desktop platform for developing and delivering container applications lies in the lack of mechanisms for encoding or shielding output data. This allows attackers to execute arbitrary code.

The vulnerability of the Docker Desktop platform for developing and delivering container applications is related to the lack of mechanisms for encoding or shielding output data. Exploiting this vulnerability allows a malicious actor to execute arbitrary code by introducing it through an...

9CVSS6AI score0.00475EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2023/11/22 5:15 p.m.7 views

CVE-2023-47315

Headwind MDM Web panel 5.22.1 is vulnerable to Incorrect Access Control due to a hard-coded JWT Secret. The secret is hardcoded into the source code available to anyone on Git Hub. This secret is used to sign the application’s JWT token and verify the incoming user-supplied tokens...

8.8CVSS7.3AI score0.00784EPSS
Exploits1References2
Code423n4
Code423n4
added 2023/04/24 12:0 a.m.12 views

Test manage-findings update with new cors

Lines of code Vulnerability details Impact Detailed description of the impact of this finding. Proof of Concept Provide direct links to all referenced code in GitHub. Add screenshots, logs, or any other relevant proof that illustrates the concept. Tools Used Recommended Mitigation Steps --- The...

7.1AI score
Exploits0
Code423n4
Code423n4
added 2023/04/03 12:0 a.m.15 views

MuteBond is susceptible to DOS

Lines of code Vulnerability details Proof of Concept Observe that if timeToTokens is called with locktime = 1 week, amount 52, it will return 0. function timeToTokensuint256 amount, uint256 locktime internal pure returns uint256 uint256 weektime = 1 weeks; uint256 maxlock = 52 weeks;...

7AI score
Exploits0
Code423n4
Code423n4
added 2023/01/19 12:0 a.m.13 views

Transfer of assets should come before deleting and burning the collateral id

Lines of code Vulnerability details Impact Detailed description of the impact of this finding. Clldata id is burnt and deleted before transfer Proof of Concept Provide direct links to all referenced code in GitHub. Add screenshots, logs, or any other relevant proof that illustrates the concept...

7.1AI score
Exploits0
Code423n4
Code423n4
added 2022/09/19 12:0 a.m.17 views

Some of user funds stuck in contract because of division rounding error in beforeWithdraw()

Lines of code Vulnerability details Impact Function beforeWithdraw has been used in withdraw of Vault contract to calculates withdraw amount of users but because of division rounding error in this funds some user's funds would stuck in contract. Proof of Concept This is beforeWithdraw code:...

6.6AI score
Exploits0
Code423n4
Code423n4
added 2022/07/17 12:0 a.m.12 views

CHECK VALID ADDRESS for _auctionStarted

Lines of code%20internal%20virtual%20%7BL214 Vulnerability details Impact Should check for valid address before giving so it can revert if it isn't. Proof of Concept Provide direct links to all referenced code in GitHub. Add screenshots, logs, or any other relevant proof that illustrates the...

7AI score
Exploits0
SonarSource Blog
SonarSource Blog
added 2022/02/24 12:0 a.m.26 views

Review your security vulnerabilities in GitHub with code scanning alerts

Today, for GitHub repositories, our SAST analysis provides fast, precise security feedback directly inside your pull requests. You instantly know how many vulnerabilities are detected and, until now, you would systematically go to SonarCloud to start investigating. Not anymore. From this point...

7.6AI score
Exploits0
exploitpack
exploitpack
added 2016/01/28 12:0 a.m.11 views

iOS Kernel - AppleOscarCompass Use-After-Free

iOS Kernel - AppleOscarCompass Use-After-Free Source: https://code.google.com/p/google-security-research/issues/detail?id=606 Panic log attached OS X advisory: https://support.apple.com/en-us/HT205731 iOS advisory: https://support.apple.com/en-us/HT205732 Proof of Concept:...

7.4AI score
Exploits0
Rows per page
Query Builder