Lucene search
K

5462 matches found

OSSF Malicious Packages
OSSF Malicious Packages
added yesterday5 views

Malicious code in sixseven10 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 21936e53270838d4901646de1e1c3eef9212055032d3cead428cbf3bfd60b9ed The package declares no install/postinstall/preinstall lifecycle scripts, and its declared main is sw.js — a browser ServiceWorker that uses...

6.2AI score
Exploits0References2
OSV
OSV
added yesterday3 views

MAL-2026-10386 Malicious code in testdonotredeemit (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b9f9461b13f64b90e569dcc6354708559128c23f4e47e4ac5842b46ce0fb6ed2 The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...

6.1AI score
Exploits0References4
OSSF Malicious Packages
OSSF Malicious Packages
added yesterday5 views

Malicious code in ishowfeet20 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 57470f610cd7e988daef50a3a2587778f3dce2cb1584572d4a1795876f9cf6fe The tarball ships auto-publish.sh, a script that republishes the same payload under 100 distinct npm names ishowfeet1-ishowfeet20, nottuff1-nottuff30...

6.2AI score
Exploits0References4
OSSF Malicious Packages
OSSF Malicious Packages
added yesterday4 views

Malicious code in nottuff9 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3c6210eaca44901153bc909ce8f071e22124821bb4f3faaad1c2e9fb1189f46c The tarball ships auto-publish.sh, a script that republishes the same payload under 100 distinct npm names ishowfeet1-ishowfeet20, nottuff1-nottuff30...

6.2AI score
Exploits0References4
OSSF Malicious Packages
OSSF Malicious Packages
added yesterday4 views

Malicious code in ishowfeet14 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6d5ea096e484eab34ce84d950ffdad898264b0bc86deff68a6a48ec857a126fb The tarball ships auto-publish.sh, a script that republishes the same payload under 100 distinct npm names ishowfeet1-ishowfeet20, nottuff1-nottuff30...

6.2AI score
Exploits0References4
OSSF Malicious Packages
OSSF Malicious Packages
added yesterday4 views

Malicious code in ishowfeet1 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 49cfb64273573166bc38b5ef83b722b3a264c8e19870fc65b35eaaa5504a69bf The tarball ships auto-publish.sh, a script that republishes the same payload under 100 distinct npm names ishowfeet1-ishowfeet20, nottuff1-nottuff30...

6.2AI score
Exploits0References4
OSSF Malicious Packages
OSSF Malicious Packages
added yesterday4 views

Malicious code in imillegal2 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a225f0551d1cfdc2da755da6241bc992376b5beddd6bc0895ea816391556e985 The tarball ships auto-publish.sh, a script that republishes the same payload under 100 distinct npm names ishowfeet1-ishowfeet20, nottuff1-nottuff30...

6.2AI score
Exploits0References4
OSSF Malicious Packages
OSSF Malicious Packages
added yesterday4 views

Malicious code in sixseven3 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4c8f4197e26649b629a6605099f9ca45ff63f04e58e5021a0f1ed410ac56cfd1 The package declares no install/postinstall/preinstall lifecycle scripts, and its declared main is sw.js — a browser ServiceWorker that uses...

6.2AI score
Exploits0References4
OSSF Malicious Packages
OSSF Malicious Packages
added yesterday4 views

Malicious code in howmanygreatbritain (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 66707a972e4b6d232236d552157967ca09de229587cb90ca80ab1a1cac83fd22 The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...

6.1AI score
Exploits0References2
OSV
OSV
added yesterday2 views

MAL-2026-10361 Malicious code in omglucidesotuff (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d144d98f0e90909ee371acfeeec0ad2ffe44450335ddf7f7a58f71a53dc7b107 The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...

6.1AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added yesterday3 views

Malicious code in bomboclatwallahi (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 55a7d4f08c0c79c42f9938a1c11d3d6828907fb309e582faf38065bbd04f5149 The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...

6.1AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added yesterday4 views

Malicious code in backup2-asd (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a6fe96add7d70ce5933988f1c78b934187e279d88618bd3f211de3d719177168 The tarball published as [email protected] is a Vite-built browser application branded 'Lucide' rather than a Node library. package.json declares mai...

6.1AI score
Exploits0References2
OSV
OSV
added yesterday3 views

MAL-2026-10299 Malicious code in crazynut (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 99acc5fd6f39abd90d81467df8fe55d92230edd286a12d9f628ad6f9c1c34a9a The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...

6.1AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 3 days ago7 views

Malicious code in authvaultx (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c6c707d53e30a333f8b8cf03ac2480eee3e2fa9c3c3164b1a100d333c91f9f3a On require of authvaultx main: auth.js, which loads lib/writer.js, top-level code attempts to load the separately published npm package...

6.2AI score
Exploits0References2
NVD
NVD
added 4 days ago7 views

CVE-2026-39903

Simple Machines Forum 2.1 prior to 2.1.8 and 3.0 prior to 3.0 Alpha 5 contains an authorization bypass vulnerability in Sources/Actions/AttachmentApprove.php where a single-character operator error causes the permission check to always pass regardless of user permissions. An authenticated...

7.1CVSS0.00333EPSS
Exploits0References5
OSSF Malicious Packages
OSSF Malicious Packages
added 4 days ago7 views

Malicious code in marked-prettier (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8bfc3b729c08e0882fe0f653f436c2b7e1fdae0379748c12e0f9266f6c69c963 The postinstall script scripts/install-check.cjs fetches a JSON config from https://trabalhos-flax.vercel.app/config/clob-math.json read from...

6.5AI score
Exploits0References3
Cvelist
Cvelist
added 4 days ago27 views

CVE-2026-39903 Simple Machines Forum Authorization Bypass via AttachmentApprove.php

Simple Machines Forum 2.1 prior to 2.1.8 and 3.0 prior to 3.0 Alpha 5 contains an authorization bypass vulnerability in Sources/Actions/AttachmentApprove.php where a single-character operator error causes the permission check to always pass regardless of user permissions. An authenticated...

7.1CVSS0.00333EPSS
Exploits0References5
EUVD
EUVD
added 4 days ago7 views

EUVD-2026-42941

Simple Machines Forum 2.1 prior to 2.1.8 and 3.0 prior to 3.0 Alpha 5 contains an authorization bypass vulnerability in Sources/Actions/AttachmentApprove.php where a single-character operator error causes the permission check to always pass regardless of user permissions. An authenticated...

7.1CVSS6.1AI score0.00333EPSS
Exploits0References5
CVE
CVE
added 4 days ago8 views

CVE-2026-39903

The CVE concerns Simple Machines Forum (SMF) 2.1 prior to 2.1.8 and 3.0 prior to 3.0 Alpha 5. A single-character operator error in Sources/Actions/AttachmentApprove.php causes the permission check to always pass, enabling an authenticated low-privilege user to approve, reject, or delete any pendi...

7.1CVSS6.1AI score0.00333EPSS
Exploits0References5
OSSF Malicious Packages
OSSF Malicious Packages
added 6 days ago11 views

Malicious code in na-rony (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 193f3dbfb6073e7b6c5dacb0e79157ccac9c69ac4c23d2c8270cc23d27cab699 package.json declares postinstall: node index.js, causing index.js to execute automatically on npm install. The script collects the installer's OS...

6AI score
Exploits0References5
Rows per page
Query Builder