Lucene search
K

311934 matches found

OSSF Malicious Packages
OSSF Malicious Packages
added 3 hours ago3 views

Malicious code in react-next-dom (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 2a7b3360c09fca3400981d3d0d4c5e8a72c8193e0841c5d2eceb193a08fc440e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.9AI score
Exploits0References1
Nuclei
Nuclei
added yesterday44 views

Joomla! Component Preventive And Reservation 1.0.5 - Local File Inclusion

A directory traversal vulnerability in the Preventive & Reservation compreventive component 1.0.5 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. dot dot in the controller parameter to index.php. id: CVE-2010-1475 info: name: Joomla...

6.8CVSS6.1AI score0.09471EPSS
Exploits2References5
CVE
CVE
added 2 days ago12 views

CVE-2025-71347

The vulnerability concerns picklescan prior to 0.0.33, which fails to detect malicious pickle files that rely on numpy.f2py.crackfortran.param_eval in reduce methods. This allows remote attackers to embed code that executes during deserialization in applications that load untrusted pickle data, e...

8.1CVSS6.6AI score0.00445EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2 days ago9 views

PT-2026-55676

Name of the Vulnerable Software and Affected Versions picklescan versions prior to 0.0.28 Description The software fails to detect malicious function calls to torch.utils.bottleneck. main .run cprofile within pickle files. This flaw allows remote attackers to bypass safety checks by embedding...

8.1CVSS6.6AI score0.00445EPSS
Exploits0References5
Nuclei
Nuclei
added 3 days ago138 views

D-Link - Remote Command Execution

A Remote Command Execution RCE vulnerability exists in all series H/W revisions D-link DIR-810L, DIR-820L/LW, DIR-826L, DIR-830L, and DIR-836L routers via the DDNS function in ncc2 binary file id: CVE-2021-45382 info: name: D-Link - Remote Command Execution author: king-alexander severity: critic...

10CVSS7.4AI score0.97836EPSS
Exploits1References5
RedhatCVE
RedhatCVE
added 4 days ago5 views

CVE-2026-50195

A flaw was found in containerd, an open-source container runtime. The CRI Container Runtime Interface checkpoint import process fails to validate image references within a checkpoint image's configuration. An attacker with permissions to create pods can exploit this by using a specially crafted...

9.9CVSS6.4AI score0.00354EPSS
Exploits0References4
OSV
OSV
added 5 days ago2 views

MAL-2026-6721 Malicious code in ts-eslint-helper (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e5bbed232e0268a791ce846260ce170342eec359bf1a7e84b9514767d77803a1 The package's index.js defines run/fromstr that recursively walk process.cwd and match files named.env, env, id.json, config.json, config.toml,...

6AI score
Exploits0References4
OSSF Malicious Packages
OSSF Malicious Packages
added 5 days ago5 views

Malicious code in twrap-tool (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d9903cc9163ada9951dee4ee1f364648cac0e492df9a32582ad3ed8303d29231 twraptool/init.py defines two public functions, formatblock and aligncolumns, whose real behavior is to fetch a Python file from...

6.1AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 6 days ago5 views

Malicious code in ts-lint-builders-v2.1 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7fc4c23edadea0930347028a24b67219dad6d3cbc4ec0fe1f93e8954425107ad On npm install, the package's postinstall hook node test.js executes a multi-stage attack against the installer. 1 It recursively scans the current...

5.8AI score
Exploits0References2
OSV
OSV
added 6 days ago3 views

MAL-2026-6678 Malicious code in ts-linting-builder (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c719aef78218f6b59b9f209c41eff610782c86c2ced5aeabe288218ac3c4f880 On npm install, the package's postinstall script test.js invokes routines in index.js that recursively scan the current working directory and the...

6AI score
Exploits0References2
OSV
OSV
added 6 days ago3 views

MAL-2026-6702 Malicious code in vue-demi-fix (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3bf683b6e8715fecd451a06da256d90048054cbe463da64e43c1a8db4226b661 vue-demi-fix is a name-confusion package against the widely used vue-demi library. package.json declares both preinstall and postinstall lifecycle...

5.8AI score
Exploits0References3
CVE
CVE
added 6 days ago7 views

CVE-2026-6953

CVE-2026-6953 describes an HTML injection in Intermark IT's WebControl CMS v3.5. The vulnerability allows an attacker to send HTML-containing content to a victim via the contact form by crafting a request to /processContact.do with parameters such as nombreApellidos, dirección, and comentarios. A...

5.1CVSS5.8AI score0.0036EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 6 days ago5 views

angular: Angular Stored XSS Vulnerability via SVG Animation, SVG URL and MathML Attributes

A flaw exists in the template compiler of Angular as it fails to properly classify certain URL-bearing attributes including SVG and MathML attributes such as href, xlink:href, or the attributeName of SVG animation elements as requiring strict sanitization. As a result, an attacker who can supply...

8.5CVSS7.1AI score0.00377EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 6 days ago7 views

PT-2026-54006

Name of the Vulnerable Software and Affected Versions picklescan versions prior to 0.0.28 Description The software fails to detect malicious pickle files that utilize the torch.utils.collect env.run function within reduce methods. This allows attackers to embed hidden code in pickle files, which...

8.1CVSS6.2AI score0.00395EPSS
Exploits0References5
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/28 6:2 a.m.8 views

Malicious code in polymarket-clob-math (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d67023e54ba355e9c82fd2a05d2d2448657a3ea9415ff18d3c4669a9fc0afb42 [email protected] ships a postinstall lifecycle script that performs an install-time remote-code-execution drop. On npm install, the script...

5.9AI score
Exploits0References2
OSV
OSV
added 2026/06/26 9:19 p.m.4 views

MAL-2026-6539 Malicious code in db-query-log (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4928f7d380b79104d997e7666603726873158508c38d2c75a90c7529dd196be3 The package presents itself as a database query helper but index.js defines a method queryDBConnect that base64-decodes a hardcoded URL pointing to...

6.2AI score
Exploits0References2
OSV
OSV
added 2026/06/26 8:35 p.m.6 views

MAL-2026-6541 Malicious code in pdf-converter-pro (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0b3a5f6d1d39c20feca11d0129f0efa21bdf564586045555b756cc25bce73efc Package is advertised as a PDF converter but contains no PDF generation code. Its sole public method TXTtoPDFConverter.createpdftxtpath, pdfpath is...

5.8AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/26 8:35 p.m.7 views

Malicious code in pdf-converter-pro (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0b3a5f6d1d39c20feca11d0129f0efa21bdf564586045555b756cc25bce73efc Package is advertised as a PDF converter but contains no PDF generation code. Its sole public method TXTtoPDFConverter.createpdftxtpath, pdfpath is...

5.8AI score
Exploits0References2
OSV
OSV
added 2026/06/26 3:45 p.m.6 views

MAL-2026-6534 Malicious code in react-dynammic-table-component (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d47aff9bb18dcd61350fa86e19d97ddee5ee7c5bdf7f0adea4a685e89d58fa4f [email protected] declares a preinstall lifecycle script node dist/setup.js that runs automatically on npm install. The script...

5.8AI score
Exploits0References1
OSV
OSV
added 2026/06/26 10:50 a.m.6 views

MAL-2026-6516 Malicious code in inlifegram (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3975a0998bf76dddc25f0138b1d4b408bb06304b3203dc1e62e0110b2b56425f InLifeGram distributes a modified copy of the pyrogram Telegram client library and installs it into the top-level pyrogram import namespace, so impor...

6AI score
Exploits0References3
Rows per page
Query Builder