Lucene search
K

2685 matches found

OSSF Malicious Packages
OSSF Malicious Packages
added yesterday3 views

Malicious code in ethers-core (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3959190c7c321e0d6f512b89b3c54a6399f3e6f7daecd0563ff753a6a6fed2f5 Package name typosquats the popular 'ethers' library. package.json declares a postinstall pointing at dist/index.min.js, whose sole top-level stateme...

6.1AI score
Exploits0References2
NVD
NVD
added 2 days ago7 views

CVE-2026-57433

Storable versions before 3.41 for Perl have a signed integer overflow when deserializing a crafted SXHOOK record. retrievehookcommon reads a signed 32-bit item count from an SXHOOK record and calls avextend with that count plus one. A count of I32MAX wraps the addition to a negative value. A...

9.8CVSS0.00174EPSS
Exploits0References2
CVE
CVE
added 2 days ago10 views

CVE-2026-57433

CVE-2026-57433 affects Perl’s Storable before 3.41. A signed 32-bit item count read from an SX_HOOK record is added to one and then fed to av_extend; when the count equals I32_MAX the addition overflows to negative, causing av_extend to panic during thaw/retrieve and terminate deserialization. Mu...

9.8CVSS6.2AI score0.00174EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2 days ago35 views

CVE-2026-57433 Storable versions before 3.41 for Perl have a signed integer overflow when deserializing a crafted SX_HOOK record

Storable versions before 3.41 for Perl have a signed integer overflow when deserializing a crafted SXHOOK record. retrievehookcommon reads a signed 32-bit item count from an SXHOOK record and calls avextend with that count plus one. A count of I32MAX wraps the addition to a negative value. A...

0.00174EPSS
Exploits0References1
OSV
OSV
added 2 days ago19 views

MAL-2026-10452 Malicious code in markdown-editable-table (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b6b15669732f3eaec42e12c5f8d41a8f74d595fc04f709804de9768cb1719a94 The package's package.json declares a preinstall hook node index.d.js that runs automatically on npm install. The script in index.d.js base64-decodes...

6.2AI score
Exploits0References4
Nuclei
Nuclei
added 2 days ago1789 views

Gitea 1.1.0 - 1.12.5 - Remote Code Execution

Gitea 1.1.0 through 1.12.5 is susceptible to authenticated remote code execution, via the git hook functionality, in customer environments where the documentation is not understood e.g., one viewpoint is that the dangerousness of this feature should be documented immediately above the...

7.2CVSS7.4AI score0.95432EPSS
Exploits12References5
OSV
OSV
added 2 days ago3 views

MAL-2026-10234 Malicious code in slds-lsp-client (npm)

The slds-lsp-client package was published to the npm registry by user 'click2ai' maintainer email [email protected] as part of a dependency-confusion / reconnaissance campaign. The package name mimics the internal/private package naming convention of a target organization a Salesforce SLD...

6.1AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2 days ago3 views

Malicious code in chat-adapter-zoom (npm)

The chat-adapter-zoom package was published to the npm registry by user 'click2ai' maintainer email [email protected] as part of a dependency-confusion / reconnaissance campaign. The package name mimics the internal/private package naming convention of a target organization a Zoom...

6.1AI score
Exploits0References3
OSV
OSV
added 2 days ago5 views

MAL-2026-10232 Malicious code in salesforce-vscode-slds (npm)

The salesforce-vscode-slds package was published to the npm registry by user 'click2ai' maintainer email [email protected] as part of a dependency-confusion / reconnaissance campaign. The package name mimics the internal/private package naming convention of a target organization a...

6.1AI score
Exploits0References3
OSV
OSV
added 2 days ago3 views

MAL-2026-10228 Malicious code in chat-adapter-zoom (npm)

The chat-adapter-zoom package was published to the npm registry by user 'click2ai' maintainer email [email protected] as part of a dependency-confusion / reconnaissance campaign. The package name mimics the internal/private package naming convention of a target organization a Zoom...

6.1AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 3 days ago7 views

Malicious code in auto-debug-tool (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8dd31c11b5149d8dd2142c81cc066576dc799ba4dae4599a9569cb56256417ec package.json declares a postinstall hook node install.js that fires automatically on npm install. On Windows, install.js invokes hidden PowerShell -N...

6.1AI score
Exploits0References4
EUVD
EUVD
added 4 days ago5 views

EUVD-2026-43131

The Notification for Telegram plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 3.5.1. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with...

4.3CVSS6AI score0.00272EPSS
Exploits0References11
Cvelist
Cvelist
added 4 days ago31 views

CVE-2026-7620 Notification for Telegram <= 3.5.1 - Missing Authorization to Authenticated (Subscriber+) Cron Modification via nftb_cron_action_set AJAX Action

The Notification for Telegram plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 3.5.1. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with...

4.3CVSS0.00272EPSS
Exploits0References11
Rockylinux
Rockylinux
added 5 days ago9 views

oci-seccomp-bpf-hook security update

An update is available for oci-seccomp-bpf-hook. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list OCI Hook to generate seccomp json files based on EBF syscalls us...

7.5CVSS6.1AI score0.00813EPSS
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 6 days ago6 views

Malicious code in nonenull1 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 162cd9e0496d35e0500fe084f6011a3e6893182b0fa209502c5d6017ab1138ac The package declares gypfile: true with no native C/C++ sources, and its binding.gyp abuses GYP command-expansion syntax in the sources list — !node...

6.1AI score
Exploits0References9
ATTACKERKB
ATTACKERKB
added 6 days ago7 views

CVE-2026-7558

The Age Verification & Identity Verification by Token of Trust plugin for WordPress is vulnerable to unauthorized access in all versions up to and including 4.0.2. This is due to the handleexporttable function being registered on the WordPress 'init' hook, which fires for all requests, including...

5.3CVSS5.8AI score0.00262EPSS
Exploits0References9
OSSF Malicious Packages
OSSF Malicious Packages
added 6 days ago7 views

Malicious code in testis-pack (npm)

The npm package testis-pack presents itself as a small binary packing/checksum utility pack/unpack/checksum/inspect but embeds an obfuscated dropper. It declares a preinstall: node index.js hook. The strings for the C2 host, path and dropped-binary name are not present in plaintext — they are...

6.5AI score
Exploits0References2
OSV
OSV
added 6 days ago2 views

MAL-2026-10038 Malicious code in antsrcsrctest (npm)

The npm package antsrcsrctest masquerades as a "simple date formatting utility" index.js exports a harmless formatDate function that is never referenced by the malicious code but is a credential-harvesting and cloud-metadata-stealing reconnaissance tool. It declares a preinstall: node preinstall....

6.1AI score
Exploits0References2
NVD
NVD
added last week7 views

CVE-2026-55830

RestrictedPython is a tool that helps to define a subset of the Python language which allows to provide a program input into a trusted environment. Prior to 8.3, checkfunctionargumentnames rejected protected guard hook names for regular, variadic, and keyword-only arguments but omitted...

8.3CVSS0.00226EPSS
Exploits0References2
OSV
OSV
added last week7 views

RHSA-2026:36617 Red Hat Security Advisory: oci-seccomp-bpf-hook security update

Bulletin has no description...

7.5CVSS7AI score0.00813EPSS
Exploits0References11
Rows per page
Query Builder