Lucene search
K

24 matches found

Snyk
Snyk
added 2026/04/23 3:52 a.m.4 views

Malicious Package

Overview spr-i18n-labels is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.4AI score
Exploits0References2
Snyk
Snyk
added 2026/04/13 3:33 p.m.6 views

Malicious Package

Overview upstartadmindashboard- is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this packag...

9.8CVSS5.8AI score
Exploits0References2
OSV
OSV
added 2025/11/23 12:42 a.m.2 views

MAL-2025-191758 Malicious code in hexdecnet (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 4ca5c3aa5b553fffaca36241e0e3a6144c9b661b9e0cb77fd93ae34fc6b1ed7e Package appears to be designed for private key exfiltration, but no known usage. The name appears to be related to the cryptocurrency TRX Tron / Tronix. Some...

6.8AI score
Exploits0References2
OSV
OSV
added 2025/08/14 6:52 p.m.1 views

MAL-2025-20538 Malicious code in file-alb-um-zip-new-mp3-38030-too-legit-to-quit-0d58y-hddhtz (npm)

The package file-alb-um-zip-new-mp3-38030-too-legit-to-quit-0d58y-hddhtz was found to contain malicious code...

7.2AI score
Exploits0
NVD
NVD
added 2024/04/04 3:15 p.m.10 views

CVE-2024-30250

Astro-Shield is an integration to enhance website security with SubResource Integrity hashes, Content-Security-Policy headers, and other techniques. Versions from 1.2.0 to 1.3.1 of Astro-Shield allow bypass to the allow-lists for cross-origin resources by introducing valid integrity attributes to...

7.5CVSS7.7AI score0.0031EPSS
Exploits0References4
HackRead
HackRead
added 2023/08/29 6:55 p.m.24 views

Microsoft: Chinese APT Flax Typhoon uses legit tools for cyber espionage

By Deeba Ahmed Researchers believe that this time instead of cyber espionage, Chinese threat actors may have opted for more complex information ops. This is a post from HackRead.com Read the original post: Microsoft: Chinese APT Flax Typhoon uses legit tools for cyber espionage...

6.8AI score
Exploits0
HackRead
HackRead
added 2023/02/13 11:22 p.m.22 views

Typosquatting: Legit Abquery Package Duped with Malicious Aabquerys

By Deeba Ahmed Aabquerys use the typosquatting technique to encourage downloading malicious components, as it has been cleverly named to make it sound like the legitimate NPM module Abquery. This is a post from HackRead.com Read the original post: Typosquatting: Legit Abquery Package Duped with...

2.3AI score
Exploits0
HackRead
HackRead
added 2022/12/09 8:27 p.m.20 views

Zombinder on Dark Web Lets Hackers Add Malware to Legit Apps

By Deeba Ahmed At the moment, Zombinder is focusing entirely on Android apps but the service operators are offering Windows apps binding services. This is a post from HackRead.com Read the original post: Zombinder on Dark Web Lets Hackers Add Malware to Legit Apps...

3.4AI score
Exploits0
Github Security Blog
Github Security Blog
added 2022/09/21 6:18 p.m.22 views

Unbounded resource exhaustion in cmark-gfm autolink extension may lead to denial of service

Impact CommonMarker uses cmark-gfm for rendering Github Flavored Markdown. A polynomial time complexity issue in cmark-gfm's autolink extension may lead to unbounded resource exhaustion and subsequent denial of service. Patches This vulnerability has been patched in the following CommonMarker...

0.7AI score
Exploits0References4Affected Software1
OSV
OSV
added 2022/09/21 6:18 p.m.15 views

GHSA-4QW4-JPP4-8GVP Unbounded resource exhaustion in cmark-gfm autolink extension may lead to denial of service

Impact CommonMarker uses cmark-gfm for rendering Github Flavored Markdown. A polynomial time complexity issue in cmark-gfm's autolink extension may lead to unbounded resource exhaustion and subsequent denial of service. Patches This vulnerability has been patched in the following CommonMarker...

7AI score
Exploits0References4
OSSF Malicious Packages
OSSF Malicious Packages
added 2022/07/21 11:17 a.m.3 views

Malicious code in totally-legit-package (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 7beb17014129818ff75cbfeca6fea9bfe8da06e852f3631a1d110035de7c6317 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.9AI score
Exploits0References1
OSV
OSV
added 2022/07/21 11:17 a.m.4 views

MAL-2022-6615 Malicious code in totally-legit-package (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 7beb17014129818ff75cbfeca6fea9bfe8da06e852f3631a1d110035de7c6317 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2022/06/20 8:14 p.m.2 views

Malicious code in fortnite-skin-legit (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware e141232e079e0063beca04d3a7f2badcb1e36fbd7c8d41daa85d5b351d7d0ce5 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.9AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2022/06/20 8:14 p.m.3 views

Malicious code in free-robux-legit (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware c98d0dc620a9fc73af1aa1696391d4771037f7c42de7e92b3060e4c92c37ef85 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.9AI score
Exploits0References1
OSV
OSV
added 2022/06/20 8:14 p.m.9 views

MAL-2022-3194 Malicious code in free-robux-legit (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware c98d0dc620a9fc73af1aa1696391d4771037f7c42de7e92b3060e4c92c37ef85 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI score
Exploits0References1
wpexploit
wpexploit
added 2021/11/03 12:0 a.m.123 views

Event Manager for WooCommerce < 3.5.3 - Unauthenticated Arbitrary Elementor Template Import

The mepimportajaxtemplate AJAX action of the plugin, available to both unauthenticated and authenticated users, is lacking any authorisation and CSRF checks. As a result, unauthenticated user can import arbitrary Elementor template to the blog Legit template:...

7.2AI score
Exploits0
HackRead
HackRead
added 2020/11/21 7:44 p.m.50 views

Malware service operators arrested; offered antivirus bypassing tools

By Deeba Ahmed The malware encryption service run by a Romanian duo helped hackers embed malicious code in legit software to bypass antivirus tools. This is a post from HackRead.com Read the original post: Malware service operators arrested; offered antivirus bypassing tools...

4.1AI score
Exploits0
Openbugbounty
Openbugbounty
added 2020/03/26 9:44 a.m.11 views

legitclaims.co.uk Cross Site Scripting vulnerability

Open Bug Bounty ID: OBB-1124384 Security Researcher g0bl1nsec Helped patch 3741 vulnerabilities Received 4 Coordinated Disclosure badges Received 3 recommendations , a holder of 4 badges for responsible and coordinated disclosure, found a security vulnerability affecting legitclaims.co.uk website...

0.1AI score
Exploits0
GithubExploit
GithubExploit
added 2019/12/15 8:52 a.m.104 views

Exploit for Improper Input Validation in Nema Dicom_Standard

Bad-DICOM PoC of my handcrafted CVE-2019-11687's exploit tool...

9.3CVSS8.1AI score0.02751EPSS
Exploits2
ATTACKERKB
ATTACKERKB
added 2018/07/05 2:29 a.m.2 views

CVE-2018-13212

The sell function of a smart contract implementation for EthereumLegit, an Ethereum token, has an integer overflow in which "amount sellPrice" can be zero, consequently reducing a seller's assets...

7.5CVSS5.5AI score0.00988EPSS
Exploits0References3
Rows per page
Query Builder