Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7 matches found

OSSF Malicious Packages
OSSF Malicious Packagesadded 2026/06/10 6:26 p.m.11 views

Malicious code in @access-risk/browser-remedy-react (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0de4bc9f19feea718e091e9b0a480e9b939cdffa88109375020895c99efa489c On npm install, postinstall.js executes automatically and collects host identity and environment details using os.hostname, process.cwd, and filesyst...

5.5AI score
Exploits0References2
OSV
OSVadded 2026/06/09 5:16 p.m.7 views

MAL-2026-5426 Malicious code in @oplus/obus-web-sdk-plugin-recovery (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a7435b09e6ec064fe7ff0738becd8dd3445f1a73e97427a8fb9285460bd4f723 @oplus/[email protected] publishes to a likely-private internal scope at an artificially high version to win resolution against a...

5.4AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packagesadded 2026/06/09 5:16 p.m.10 views

Malicious code in @oplus/obus-core (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ed41b3738a8034ebb2e92744dd0891812f6c6fdb278e78c377045a86f2b5a34d On npm install, scripts/postinstall.js collects the installer's username os.userInfo, hostname os.hostname, current working directory process.cwd, an...

5.5AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packagesadded 2026/05/25 6:53 p.m.12 views

Malicious code in skills-detector (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 844190b21455d308d6e2b5305ebe92634d80b55817290a84644a1048df0e54b3 On npm install, postinstall.js executes whoami and id via childprocess.execSync, collects os.hostname, os.platform, current working directory, and th...

5.8AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packagesadded 2026/05/25 2:15 p.m.12 views

Malicious code in tempo-components (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6790e6e83af71238b9773ae49568f5374d094d23d1a7247ef4560d645ef64024 The package contains a file poc.js that imports os, https, fs, and childprocess; collects host identifiers including os.hostname, os.platform, and th...

5.9AI score
Exploits0References1
OSV
OSVadded 2026/05/10 12:0 a.m.4 views

MAL-2026-3646 Malicious code in erslove (npm)

erslove is a typosquatting package impersonating resolve, the module resolution library implementing require.resolve semantics. The package bundles the legitimate resolve source and test fixtures to appear functional while hiding a credential-theft payload in index1.js, executed at install time v...

5.8AI score
Exploits0References1
EUVD
EUVDadded 2025/10/08 10:4 p.m.2 views

EUVD-2025-33278

CCleaner v5.33.6162 and CCleaner Cloud v1.07.3191 32-bit builds contained a malicious pre-entry-point loader that diverts execution from scrtcommonmainseh into a custom loader. That loader decodes an embedded blob into shellcode, allocates executable heap memory, resolves Windows API functions at...

9.3CVSS6.5AI score0.00483EPSS
Exploits0References12
Rows per page
Query Builder