Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7546 matches found

OSV
OSVadded 2026/05/20 5:31 a.m.8 views

MAL-2026-4649 Malicious code in promptbook-mcp (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1223e123a8bd5b550647d800b438b2c5a78f3e10c9d1ab7a6a7cdbd8be465b90 dist/api.js contains a hardcoded URL https://promts.newtechcompany.ru referenced alongside process.env reads and a fetch call at line 44. The package...

5.8AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packagesadded 2026/05/20 4:42 a.m.9 views

Malicious code in @touchvue/chat (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0921a05dced95d8d0bb5d99de362f67e4e67832874fb0b4391629f5dfe6e926d The published tarball's chat components AiChat/Chat/useSSE.js and AiChat/ChatInput.vue2.js ship with hardcoded defaults that point the chat backend a...

5.7AI score
Exploits0References3
OSV
OSVadded 2026/05/20 4:42 a.m.8 views

MAL-2026-4459 Malicious code in @touchvue/chat (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0921a05dced95d8d0bb5d99de362f67e4e67832874fb0b4391629f5dfe6e926d The published tarball's chat components AiChat/Chat/useSSE.js and AiChat/ChatInput.vue2.js ship with hardcoded defaults that point the chat backend a...

5.7AI score
Exploits0References3
OSV
OSVadded 2026/05/20 3:37 a.m.4 views

MAL-2026-4608 Malicious code in mcp-server-iehub-proxy (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ba03746ec3542dbe6ea365d04c04a7b9ac1366a547da3a6e7bc146900ad67a51 proxy.mjs hardcodes a Cloudflare quick-tunnel endpoint https://consequence-pushing-peer-exist.trycloudflare.com and uses fetch... POST... with...

5.8AI score
Exploits0References1
OSV
OSVadded 2026/05/20 2:40 a.m.9 views

MAL-2026-4554 Malicious code in ethers-wallet-packages (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector beda1480a40189cc8177ace4e3d6fd9773ad81f4cbe5a6c07e3004427846dc8d The package impersonates the legitimate @ethersproject/wallet source files are otherwise verbatim copies, including the internal version string...

5.8AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packagesadded 2026/05/20 2:36 a.m.10 views

Malicious code in python-utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5b94c01fae325c5f5e92abd5da03527c54e22bb48202b1dc8b3e2c64947753b2 package.json declares "preinstall": "./dist/typecheck.js". The referenced file is not JavaScript — it is a 5,224,556-byte Linux x86 ELF executable...

5.8AI score
Exploits0References2
OSV
OSVadded 2026/05/20 2:36 a.m.5 views

MAL-2026-4652 Malicious code in python-utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5b94c01fae325c5f5e92abd5da03527c54e22bb48202b1dc8b3e2c64947753b2 package.json declares "preinstall": "./dist/typecheck.js". The referenced file is not JavaScript — it is a 5,224,556-byte Linux x86 ELF executable...

5.8AI score
Exploits0References2
OSV
OSVadded 2026/05/20 2:28 a.m.4 views

MAL-2026-4394 Malicious code in @ikyyofc/gemini-cli (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5793a1cde3de83b8c15b49a0f9981d72fbf431067a4416ce6b2bd5650ea4a4d6 @ikyyofc/[email protected] ships two heavily obfuscated modules src/gemini.js and src/utils/proxy.js wrapped in an obfuscator.io-style string-array +...

5.8AI score
Exploits0References17
OSSF Malicious Packages
OSSF Malicious Packagesadded 2026/05/20 2:28 a.m.10 views

Malicious code in @ikyyofc/gemini-cli (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5793a1cde3de83b8c15b49a0f9981d72fbf431067a4416ce6b2bd5650ea4a4d6 @ikyyofc/[email protected] ships two heavily obfuscated modules src/gemini.js and src/utils/proxy.js wrapped in an obfuscator.io-style string-array +...

5.8AI score
Exploits0References17
OSSF Malicious Packages
OSSF Malicious Packagesadded 2026/05/20 2:14 a.m.8 views

Malicious code in wallet-agent-ai-radix (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 60a953d7785091650f4f48e0b038e71ad79788102ffd652bff4bb0e8bf40ea21 dist/agent.js contains a hardcoded Telegram Bot API endpoint https://api.telegram.org reached via fetch with a POST body that includes values from...

5.8AI score
Exploits0References1
OSV
OSVadded 2026/05/20 2:14 a.m.7 views

MAL-2026-4709 Malicious code in wallet-agent-ai-radix (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 60a953d7785091650f4f48e0b038e71ad79788102ffd652bff4bb0e8bf40ea21 dist/agent.js contains a hardcoded Telegram Bot API endpoint https://api.telegram.org reached via fetch with a POST body that includes values from...

5.8AI score
Exploits0References1
OSV
OSVadded 2026/05/20 1:31 a.m.5 views

MAL-2026-4505 Malicious code in carvus-lens (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector be2182b552b0a8359f3314078d48310cfcd57738e1934aacf00ac8775a32cfe0 carvus-lens is a screen-capture/OCR Electron-style tool whose advertised 'Ask AI', 'Translate', and 'Search' features silently route user-selected...

6AI score
Exploits0References1
OSV
OSVadded 2026/05/20 1:0 a.m.5 views

MAL-2026-4532 Malicious code in code-tool-langfuse (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 13591fd81486fc2001b5c998ff87badefcb81f4c396aa43675a7280a6fed23cf The package installs a Claude Code Stop hook and patches OpenCode plugin code so that every future AI session's user prompts, assistant responses, to...

5.8AI score
Exploits0References5
OSSF Malicious Packages
OSSF Malicious Packagesadded 2026/05/20 12:39 a.m.11 views

Malicious code in @mcpassure/mcp-anvisa-bulario (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e846cabb7b5077244737d7a465e944ebe7635db46cc55e7e5736eeda47d30938 dist/bootstrap.js references a hardcoded URL on pub-046c52795b9445cd9f5cc5cb21b9d59f.r2.dev — an anonymous Cloudflare R2 bucket — and calls fetch...

5.9AI score
Exploits0References10
OSV
OSVadded 2026/05/20 12:39 a.m.6 views

MAL-2026-4406 Malicious code in @mcpassure/mcp-anvisa-bulario (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e846cabb7b5077244737d7a465e944ebe7635db46cc55e7e5736eeda47d30938 dist/bootstrap.js references a hardcoded URL on pub-046c52795b9445cd9f5cc5cb21b9d59f.r2.dev — an anonymous Cloudflare R2 bucket — and calls fetch...

5.9AI score
Exploits0References10
Positive Technologies
Positive Technologiesadded 2026/05/20 12:0 a.m.13 views

PT-2026-42119

Name of the Vulnerable Software and Affected Versions FreePBX affected versions not specified Description Hardcoded credentials in the Userman module allow unauthenticated access to the portal, potentially exposing business phone systems. Recommendations Update the installed modules to the latest...

9.8CVSS5.8AI score0.00425EPSS
Exploits1References11
OSV
OSVadded 2026/05/19 11:53 p.m.5 views

MAL-2026-4602 Malicious code in lokal-mcp (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 04df34ff182a72a46dc032016ed38e0caf7452ac3b8d382bb15221706c01a9e8 index.js contains a hardcoded URL https://rettfrabonden.com referenced alongside process.env reads and fetch POST calls index.js line 24 defines the...

5.8AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packagesadded 2026/05/19 11:51 p.m.6 views

Malicious code in tubebrain (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e4773b7c6b3832dbd9b733f1bbe60d85f6a85a0764ad0c43345962c09add1cca lib/bootstrap.js contains a hardcoded outbound channel to https://transscendsurvival.org alongside calls to https://api.github.com and reads of...

5.8AI score
Exploits0References1
OSV
OSVadded 2026/05/19 11:51 p.m.4 views

MAL-2026-4694 Malicious code in tubebrain (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e4773b7c6b3832dbd9b733f1bbe60d85f6a85a0764ad0c43345962c09add1cca lib/bootstrap.js contains a hardcoded outbound channel to https://transscendsurvival.org alongside calls to https://api.github.com and reads of...

5.8AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packagesadded 2026/05/19 11:30 p.m.8 views

Malicious code in @flowselections/core (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b28cf238827c035b4f3103aff9bf803421b7d16d1c7877d7e74c5fcd71f3283b The package exports a supabase client and LoginPage component wired to a hardcoded Supabase URL https://vmicscahrnzpmhagztmx.supabase.co and anon key...

5.8AI score
Exploits0References2
Rows per page
Query Builder