Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7 matches found

OSSF Malicious Packages
OSSF Malicious Packagesadded 2026/05/12 7:44 a.m.7 views

Malicious code in 88q (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cb830829cae1605ff7626653a2470db03cd5a5aab98b3f0a7f5912eaf244561b The main entrypoint index.js runs an IIFE at require time that monkey-patches the global console.warn and console.error methods. After the override,...

5.8AI score
Exploits0References18
OSV
OSVadded 2026/05/12 7:44 a.m.5 views

MAL-2026-3676 Malicious code in 88q (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cb830829cae1605ff7626653a2470db03cd5a5aab98b3f0a7f5912eaf244561b The main entrypoint index.js runs an IIFE at require time that monkey-patches the global console.warn and console.error methods. After the override,...

5.8AI score
Exploits0References18
OSSF Malicious Packages
OSSF Malicious Packagesadded 2026/05/12 7:44 a.m.10 views

Malicious code in 66o (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c3ba0e9f968d627812a2a4efbb8631d3400b6c19692c7668c8e511e2808aaa62 On require, index.js replaces the global console object with a Proxy index.js:36-73 that intercepts console.error/info/warn calls anywhere in the hos...

5.8AI score
Exploits0References6
OSV
OSVadded 2026/05/12 7:44 a.m.2 views

MAL-2026-3674 Malicious code in 66o (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c3ba0e9f968d627812a2a4efbb8631d3400b6c19692c7668c8e511e2808aaa62 On require, index.js replaces the global console object with a Proxy index.js:36-73 that intercepts console.error/info/warn calls anywhere in the hos...

5.8AI score
Exploits0References6
Github Security Blog
Github Security Blogadded 2026/05/07 2:34 a.m.18 views

Kubetail has a Cross-Site WebSocket Hijacking issue that allows attacker to read Kubernetes logs from authenticated users

Summary Kubetail's dashboard exposes WebSocket endpoints that did not adequately validate the Origin header on connection upgrade. A malicious web page visited by a user with an active Kubetail session could open a WebSocket to the user's dashboard and read their Kubernetes logs in real time. Thi...

6.5CVSS5.8AI score0.0017EPSS
Exploits0References3Affected Software2
The Hacker News
The Hacker Newsadded 2026/04/06 4:24 p.m.6 views

DPRK-Linked Hackers Use GitHub as C2 in Multi-Stage Attacks Targeting South Korea

Threat actors likely associated with the Democratic People's Republic of Korea DPRK have been observed using GitHub as command-and-control C2 infrastructure in multi-stage attacks targeting organizations in South Korea. The attack chain, per Fortinet FortiGuard Labs, involves obfuscated Windows...

6.1AI score
Exploits0
Positive Technologies
Positive Technologiesadded 2023/05/01 12:0 a.m.6 views

PT-2023-20958 · Kaios · Kaios

Name of the Vulnerable Software and Affected Versions: KaiOS version 3.0 Description: An issue was discovered in the pre-installed Communications application, which exposes a Web Activity that returns the user's call log without origin or permission checks. An attacker can inject a JavaScript...

5.3CVSS6.9AI score0.00567EPSS
Exploits1References5
Rows per page
Query Builder