Lucene search
+L

281 matches found

metasploit
metasploit
added last week20 views

FTP Fetch, Hidden Bind Ipknock TCP Stager

Fetch and execute an x86 payload from an FTP server. Listen for a connection. First, the port will need to be knocked from the IP defined in KHOST. This IP will work as an authentication method you can spoof it with tools like hping. After that you could get your shellcode from any IP. The socket...

6.2AI score
Exploits0
osv
osv
added 2026/06/04 10:27 p.m.13 views

MAL-2026-5190 Malicious code in hbsig (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 96b3a65aade5ea74ab5761d7ad3a332834594752f34fdb69a095efe59a681c90 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.1AI score
Exploits0References3
nvd
nvd
added 2026/06/03 7:16 p.m.15 views

CVE-2026-8879

Version 3.0.7 of the Securly Chrome Extension dynamically registers content13.min.js as a content script via chrome.scripting.registerContentScripts at runtime. This script is NOT declared in manifest.json and bypasses Chrome Web Store static security review. It runs on all URLs and immediately...

7.5CVSS0.00374EPSS
Exploits0References1
cve
cve
added 2026/06/03 6:11 p.m.14 views

CVE-2026-8879

CVE-2026-8879 affects Securly Chrome Extension v3.0.7. The vulnerability stems from dynamically registering content13.min.js as a content script at runtime via chrome.scripting.registerContentScripts(), a script not declared in manifest.json that bypasses the Chrome Web Store static security revi...

7.5CVSS5.8AI score0.00374EPSS
Exploits0References1Affected Software1
snyk
snyk
added 2026/06/02 9:0 p.m.22 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code that hides inside binary executable files triggered by a postinstall script. IronWorm is a sophisticated, Rust-based infostealer that functions as a self-replicating supply-chain attack. Its primary characteristi...

9.8CVSS5.8AI score
Exploits0References2
snyk
snyk
added 2026/06/02 9:0 p.m.9 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code that hides inside binary executable files triggered by a postinstall script. IronWorm is a sophisticated, Rust-based infostealer that functions as a self-replicating supply-chain attack. Its primary characteristi...

9.8CVSS5.8AI score
Exploits0References2
snyk
snyk
added 2026/06/02 9:0 p.m.11 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code that hides inside binary executable files triggered by a postinstall script. IronWorm is a sophisticated, Rust-based infostealer that functions as a self-replicating supply-chain attack. Its primary characteristi...

9.8CVSS5.8AI score
Exploits0References2
snyk
snyk
added 2026/06/02 9:0 p.m.8 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code that hides inside binary executable files triggered by a postinstall script. IronWorm is a sophisticated, Rust-based infostealer that functions as a self-replicating supply-chain attack. Its primary characteristi...

9.8CVSS5.8AI score
Exploits0References2
attackerkb
attackerkb
added 2026/06/01 9:14 p.m.8 views

CVE-2026-0088

In getCallingAppLabel of CertInstaller.java, there is a possible way to hide a sensitive security dialogue due to misleading or insufficient UI. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

5.9AI score0.00079EPSS
Exploits0References2Affected Software1
astralinux
astralinux
added 2026/05/20 5:53 a.m.4 views

Astra Linux – Vulnerability in Firefox

The fullscreen notification is prematurely hidden when the user quickly requests fullscreen again. This vulnerability could have been exploited to carry out a spoofing attack. This issue has been fixed in Firefox 135 and Thunderbird 135...

7.3CVSS7.1AI score0.00401EPSS
Exploits0References2
fedora
fedora
added 2026/04/16 11:42 p.m.9 views

[SECURITY] Fedora 44 Update: plasma-vault-6.6.4-1.fc44

Plasma Vault allows to lock and encrypt sets of documents and hide them from prying eyes even when the user is logged in...

5.8AI score
Exploits0
metasploit
metasploit
added 2026/04/02 7:2 p.m.157 views

HTTPS Fetch, Hidden Bind Ipknock TCP Stager

Fetch and execute an x86 payload from an HTTPS server. Listen for a connection. First, the port will need to be knocked from the IP defined in KHOST. This IP will work as an authentication method you can spoof it with tools like hping. After that you could get your shellcode from any IP. The sock...

6AI score
Exploits0
wired
wired
added 2026/03/24 10:0 a.m.10 views

‘Get Down! Get Down! They’re Gonna See Us!’: Six Months of Hiding From ICE

A family in Chicago has been terrified to leave their apartment. Agents could be anywhere...

5.7AI score
Exploits0
ptsecurity
ptsecurity
added 2026/03/24 12:0 a.m.9 views

PT-2026-27545

Name of the Vulnerable Software and Affected Versions iOS versions prior to 26.4 iPadOS versions prior to 26.4 macOS Sequoia versions prior to 15.7.5 macOS Sonoma versions prior to 14.8.5 macOS Tahoe versions prior to 26.4 Description A privacy issue was identified relating to the handling of use...

5.3CVSS5.8AI score0.00424EPSS
Exploits0References7
cert
cert
added 2026/03/09 12:0 a.m.11 views

Retraction of "Antivirus and Endpoint Detection and Response Archive Scanning Engines may not properly scan malformed ZIP archives"

Overview Malformed ZIP headers can be used to obfuscate malicious content in ZIP files from antivirus detection tools. Despite the presence of malformed headers, custom extraction software can decompress the ZIP archive, allowing potentially malicious payloads to be recovered after successful...

7.5CVSS6.2AI score0.15059EPSS
Exploits4References2
packetstormnews
packetstormnews
added 2026/02/20 12:0 a.m.6 views

AndroWasm: An Empirical Study on Android Malware Obfuscation through WebAssembly

In recent years, stealthy Android malware has increasingly adopted sophisticated techniques to bypass automatic detection mechanisms and harden manual analysis. Adversaries typically rely on obfuscation, anti-repacking, steganography, poisoning, and evasion techniques to AI-based tools, and...

6.2AI score
Exploits0
osv
osv
added 2026/02/10 7:2 p.m.6 views

MAL-2026-841 Malicious code in lyroxpy (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 a9016ac99840c4d68028c7b724382974154c9bf75b410da9c6b4a75ff6d20b1f The package contains an embedded archive with an executable. When importing the module, the embedded archive is run as a module. Code inside extracts the...

5.6AI score
Exploits0References2
packetstormnews
packetstormnews
added 2026/01/12 12:0 a.m.10 views

InvisibleJS JavaScript Hiding Tool

Welcome to InvisibleJS, an experimental tool for hiding your JavaScript source code in plain sight using zero-width characters. This repository features two distinct versions of the obfuscator, tailored for different execution environments...

7.2AI score
Exploits0
redhatcve
redhatcve
added 2026/01/09 12:42 p.m.4 views

CVE-2005-1578

EnCase Forensic Edition 4.18a does not support Device Configuration Overlays DCO, which allows attackers to hide information without detection...

2.1CVSS6.7AI score0.00302EPSS
Exploits0References1
packetstormnews
packetstormnews
added 2025/12/23 12:0 a.m.11 views

SemCovert: Secure and Covert Video Transmission Via Deep Semantic-Level Hiding

Video semantic communication, praised for its transmission efficiency, still faces critical challenges related to privacy leakage. Traditional security techniques like steganography and encryption are challenging to apply since they are not inherently robust against semantic-level transformations...

6.9AI score
Exploits0
Rows per page
Query Builder