Lucene search
K

5 matches found

OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/19 12:0 a.m.11 views

Malicious code in @antv/g-plugin-canvas-path-generator (npm)

Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...

5.8AI score
Exploits0References5
NVD
NVD
added 2026/05/14 3:16 p.m.18 views

CVE-2025-69443

Remote Code Execution in coleam00 Archon 0.1.0. A crafted HTML page, when accessed by a victim, can execute commands, run prompts on behalf of the user, control the Archon UI features, and steal all Archon information available on the UI including API keys...

6.3CVSS0.00312EPSS
Exploits0References3
OSV
OSV
added 2026/04/03 5:26 p.m.3 views

MAL-2026-2462 Malicious code in strapi-plugin-form (npm)

strapi-plugin-form is a malicious npm package disguised as a Strapi CMS plugin. On install, it runs a postinstall script that executes an 11-phase attack: stealing .env files, environment variables, Strapi configuration, private keys, Redis data, Docker/Kubernetes secrets, and network topology. I...

6AI score
Exploits0References2
OSV
OSV
added 2022/06/20 8:15 p.m.6 views

MAL-2022-653 Malicious code in @tinkoff-react-bui/dropdown (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 73961a7d1008be0e12fdd9c028ff94d21d7dd7427b3006f6dd4d37d6cd1de717 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI score
Exploits0References1
CNVD
CNVD
added 2017/11/14 12:0 a.m.2 views

Recurly Client Python Library Server-Side Request Forgery Attack Vulnerability

Recurly Client Python Library is a Python API wrapper for Recurly from Recurly USA. A server-side request forgery attack vulnerability exists in the 'Resource.get' method in the Recurly Client Python Library. An attacker could use this vulnerability to take control of API keys or other important...

9.8CVSS6.9AI score0.02594EPSS
Exploits0References1
Rows per page
Query Builder