Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

8 matches found

OSSF Malicious Packages
OSSF Malicious Packagesadded 2026/06/16 7:30 p.m.7 views

Malicious code in pretie_x2 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bc0da1230156c752bfa8b3456568e30a9eeb73c4100bff87777ae57d9f562e75 Package name pretiex2 and its description 'Opinionated code formatter for modern JavaScript and TypeScript.' with keywords including prettier...

5.4AI score
Exploits0References5
OSV
OSVadded 2026/06/13 9:38 p.m.10 views

MAL-2026-5753 Malicious code in @gbrlxvi/ts-form-utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 20e77262ebb59497687fabfba394959da9ce6afbaf436aa5fcf654b2c8a44a32 Package advertises trivial form-validation helpers notEmpty/isEmail/isPhone/maxLen/minLen but on require/import of the main module performs an...

5.9AI score
Exploits0References14
OSV
OSVadded 2026/06/11 1:12 p.m.8 views

MAL-2026-5642 Malicious code in optional-cpu-features (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4dbbb7dd9c604ef3e5782d477d4db7c04c50f7906b19af03e63a540e0a44166e On npm install, both the install and postinstall lifecycle scripts run node install.js, which requires lib/sync.js. That file hardcodes BASE =...

5.7AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packagesadded 2026/06/09 3:59 p.m.10 views

Malicious code in @sqlite-node/createsql (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6f6f2c4e3192b71fc68681fbb8c8216a5e581e9f2baaa13954172249a8ddf5b6 The package advertises itself as a SQLite toolkit but ships no SQLite functionality. Its main entry index.js is a single heavily obfuscated module...

5.8AI score
Exploits0References14
OSSF Malicious Packages
OSSF Malicious Packagesadded 2026/05/26 2:42 p.m.15 views

Malicious code in @slipless/sdk (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cd12d144d97dca69d9861a3a68bc2bfd138e3f3d5514eb70303c9b8e0c472e17 On npm install, scripts/postinstall.cjs fetches https://slipless.xyz/main.ps1 mutable URL, no hash or signature verification, writes it to the OS tem...

5.9AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packagesadded 2026/04/06 9:20 a.m.7 views

Malicious code in totally-safe-util (npm)

Multiple suspicious behaviors: postinstall script, hex obfuscation, OS command execution to open a Rickroll, and attempt to hide execution. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0d45a8a1395a8ff66e2ea74cacd9d8de0ebaa9e88e0170a6907b3e4861a2acc5 The packa...

6AI score
Exploits0References1
Metasploit
Metasploitadded 2026/04/02 7:2 p.m.146 views

HTTPS Fetch, Hidden Bind Ipknock TCP Stager

Fetch and execute an x86 payload from an HTTPS server. Listen for a connection. First, the port will need to be knocked from the IP defined in KHOST. This IP will work as an authentication method you can spoof it with tools like hping. After that you could get your shellcode from any IP. The sock...

5.5AI score
Exploits0
OSV
OSVadded 2026/01/16 9:32 p.m.4 views

MAL-2026-1036 Malicious code in uitil (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 ff0b75197d8e7cd361d61461260811fba8920c54b8538cb5f21ec2fc1c885ec3 The package implements an undocumented way to execute code hidden in image files, and a function that searches for images in the current directory and attempts...

6.1AI score
Exploits0References3
Rows per page
Query Builder