Lucene search
K

42 matches found

OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/23 8:18 p.m.7 views

Malicious code in triage-bot (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2ef2bb10931626a345e1277463f9c2ec6ca36108c2d6131c9210707ea5692a64 package.json declares preinstall: node index.js, so the payload runs automatically on npm install with no user action. index.js requires os, fs, and...

5.9AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/16 2:14 a.m.9 views

Malicious code in event-metrics-q3x7 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9b805c0ac88b45f49b1698fb9ea33e00767380544221d574a0da0e0f526d07f8 On install, package.json runs a postinstall hook node run.js that triggers beacon scripts beacon20.js, beaconlinux.js shipped in the tarball. The...

5.8AI score
Exploits0References10
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/13 9:4 p.m.10 views

Malicious code in @giftyhq/widget-components (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8ad3f12a6a12fbfa60e4a72747df6974f89906200568926b99a8c93c489b5e62 package.json declares "preinstall": "node index.js", which fires automatically on npm install. index.js collects host fingerprinting data —...

5.3AI score
Exploits0References1
OSV
OSV
added 2026/06/13 7:0 a.m.9 views

MAL-2026-5736 Malicious code in node-stack-frames (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5fd4f6c5f3278484d99f6ffffc001cf920dcb0fa4fdfabff957a61c3cfbfc158 package.json declares a preinstall script that runs an inline Node program on npm install. The script requires os and http, collects os.hostname,...

5.4AI score
Exploits0References1
OSV
OSV
added 2026/06/13 4:37 a.m.11 views

MAL-2026-5729 Malicious code in houzidawang806 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2dbf603db6d0a3434c6c417dd460f26d08b9e230c03926f05987bb3841d3c72b Package self-describes as 'A simple date formatting utility' but ships two distinct attacker primitives. 1 postinstall.js enumerates /.ssh/ for .pub...

5.5AI score
Exploits0References23
OSV
OSV
added 2026/05/20 12:36 p.m.9 views

MAL-2026-4551 Malicious code in encrata-cli (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e98813f52fa8e9fc3c04bffd023445dbfed4a9b405d1e3f85511673f5e86dce7 package.json declares "postinstall": "node install.js", which runs at install time. install.js requires both childprocess and https, branches on...

5.8AI score
Exploits0References2
EUVD
EUVD
added 2026/03/24 9:31 p.m.8 views

EUVD-2026-15021

Injection vulnerabilities due to validation/sanitisation of user-supplied input in ActiveMatrix BusinessWorks and Enterprise Administrator allows information disclosure, including exposure of accessible local files and host system details, and may allow manipulation of application behaviour...

8.7CVSS5.7AI score0.00333EPSS
Exploits0References2
Qualys Blog
Qualys Blog
added 2024/04/10 6:34 p.m.22 views

Real-time File Access Monitoring (FAM) with Qualys FIM

What is File Access Monitoring FAM? FAM is a security practice that involves tracking and logging access to sensitive files. FAM should be included with any File Integrity Monitoring FIM solution to trigger alerts when critical host files not intended for regular use are accessed. Importance of F...

7AI score
Exploits0
OpenVAS
OpenVAS
added 2020/11/16 12:0 a.m.22 views

aiohttp Detection (HTTP)

HTTP based detection of aiohttp. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.112839";...

7.4AI score
Exploits0References1
OpenVAS
OpenVAS
added 2020/11/04 12:0 a.m.21 views

IceWarp Mail Server Detection (SMTP)

SMTP based detection of IceWarp Mail Server. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

5.2AI score
Exploits0
OpenVAS
OpenVAS
added 2019/12/03 12:0 a.m.9 views

TheServer Detection

Checks whether TheServer is present on the target system and if so, tries to figure out the installed version. Copyright C 2019 Greenbone Networks GmbH SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribute it and/or modify it under the terms of the GNU...

0.4AI score
Exploits0
OpenVAS
OpenVAS
added 2019/02/13 12:0 a.m.114 views

Microsoft Office 2016 Security Feature Bypass Vulnerability (KB4462146)

This host is missing an important security update according to Microsoft KB4462146 Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This...

5.5CVSS5.7AI score0.12783EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2018/10/02 12:0 a.m.12 views

Microsoft Office: Mime Sniffing Safety Feature

This test checks the setting for policy OpenVAS Vulnerability Test $Id: officemimesniffingsafety.nasl 11843 2018-10-11 14:33:21Z emoss $ Check value for Mime Sniffing Safety Feature Authors: Emanuel Moss Copyright: Copyright c 2018 Greenbone Networks GmbH, http://www.greenbone.net This program is...

7.3AI score
Exploits0
OpenVAS
OpenVAS
added 2018/06/13 12:0 a.m.94 views

Crestron Device Detection (CTP)

Crestron Terminal Protocol CTP based detection of Crestron devices. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7AI score
Exploits0References1
CNVD
CNVD
added 2018/01/10 12:0 a.m.2 views

SAP HANA Information Disclosure Vulnerability (CNVD-2018-03088)

SAP HANA is a high-performance real-time data analytics platform from SAP. The platform provides data query functions, users can directly query and analyze a large amount of real-time business data. An information disclosure vulnerability exists in SAP HANA. A remote attacker can exploit this...

5.3CVSS6.3AI score0.01584EPSS
Exploits0References1
OpenVAS
OpenVAS
added 2017/09/13 12:0 a.m.39 views

Microsoft PowerPoint 2007 Service Pack 3 Remote Code Execution Vulnerability (KB3213642)

This host is missing an important security update according to Microsoft KB3213642. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescripti...

9.3CVSS7.5AI score0.21319EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2016/11/09 12:0 a.m.34 views

Microsoft Office Web Apps Multiple Vulnerabilities (3199168)

This host is missing an important security update according to Microsoft Bulletin MS16-133 SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE ...

9.3CVSS6.5AI score0.22384EPSS
Exploits0References6
OpenVAS
OpenVAS
added 2016/10/13 12:0 a.m.20 views

Juniper Networks Junos OS Multiple Privilege Escalation Vulnerabilities

Junos OS is prone to multiple privilege escalation vulnerabilities in JunOS CLI. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

8.4CVSS7.8AI score0.00459EPSS
Exploits0References1
Kitploit
Kitploit
added 2016/06/23 10:35 p.m.14 views

Faraday v1.0.21 - Collaborative Penetration Test and Vulnerability Management Platform

Faraday is the Integrated Multiuser Risk Environment you were looking for! It maps and leverages all the knowledge you generate in real time, letting you track and understand your audits. Our dashboard for CISOs and managers uncovers the impact and risk being assessed by the audit in real-time...

7.1AI score
Exploits0References1
CNVD
CNVD
added 2016/04/22 12:0 a.m.2 views

Tenable Network Security Tenable Nessus Host Details Component Cross-Site Scripting Vulnerability

Tenable Network Security Tenable Nessus is an open source vulnerability scanner from Tenable Network Security, USA. A cross-site scripting vulnerability in the Host Details component of Tenable Network Security Tenable Nessus 5.x and earlier and 6.5.4 and earlier can be exploited by remote...

6.2AI score
Exploits0References1
Rows per page
Query Builder