Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7 matches found

OSSF Malicious Packages
OSSF Malicious Packagesadded 2026/03/16 12:0 a.m.3 views

Malicious code in transform-json-strings (npm)

The package 'transform-json-strings' is part of the PhantomRaven supply chain attack campaign Wave 3. It uses a Remote Dynamic Dependency RDD technique: the published package appears benign but includes a URL-based dependency in package.json pointing to an attacker-controlled C2 server...

5.5AI score
Exploits0References3
OSV
OSVadded 2026/03/16 12:0 a.m.2 views

MAL-2026-1569 Malicious code in transform-json-strings (npm)

The package 'transform-json-strings' is part of the PhantomRaven supply chain attack campaign Wave 3. It uses a Remote Dynamic Dependency RDD technique: the published package appears benign but includes a URL-based dependency in package.json pointing to an attacker-controlled C2 server...

5.6AI score
Exploits0References3
The Hacker News
The Hacker Newsadded 2024/06/20 8:9 a.m.24 views

New Rust-based Fickle Malware Uses PowerShell for UAC Bypass and Data Exfiltration

A new Rust-based information stealer malware called Fickle Stealer has been observed being delivered via multiple attack chains with the goal of harvesting sensitive information from compromised hosts. Fortinet FortiGuard Labs said it's aware of four different distribution methods -- namely VBA...

7AI score
Exploits0
Positive Technologies
Positive Technologiesadded 2023/02/24 12:0 a.m.5 views

PT-2023-12727 · Litedb · Litedb

Name of the Vulnerable Software and Affected Versions: LiteDB versions prior to 5.0.13 Description: The issue concerns the deserialization of untrusted data in LiteDB, a .NET NoSQL embedded database. When instances of an object are not the same class, BsonMapper uses a special field type string...

9.8CVSS9.4AI score0.00699EPSS
Exploits0References8
Prion
Prionadded 2023/02/11 1:23 a.m.15 views

Authentication flaw

DataHub is an open-source metadata platform. The AuthServiceClient which is responsible for creation of new accounts, verifying credentials, resetting them or requesting access tokens, crafts multiple JSON strings using format strings with user-controlled data. This means that an attacker may be...

7.5CVSS9.7AI score0.00631EPSS
Exploits0References1Affected Software1
Kitploit
Kitploitadded 2022/11/07 11:30 a.m.881 views

Evilgophish - Evilginx2 + Gophish

Combination of evilginx2 and GoPhish. Credits Before I begin, I would like to say that I am in no way bashing Kuba Gretzky and his work. I thank him personally for releasing evilginx2 to the public. In fact, without his work this work would not exist. I must also thank Jordan Wright for...

7AI score
Exploits0References11
Github Security Blog
Github Security Blogadded 2021/09/20 11:18 p.m.59 views

Deserialization of Untrusted Data in com.jsoniter:jsoniter

Withdrawn was withdrawn by its CNA. Further investigation showed that it was not a security issue. Original Description All versions of package com.jsoniter:jsoniter are vulnerable to Deserialization of Untrusted Data via malicious JSON strings. This may lead to a Denial of Service, and in certai...

5.1AI score
Exploits0References3Affected Software1
Rows per page
Query Builder