Lucene search
K

216 matches found

OSSF Malicious Packages
OSSF Malicious Packages
added 6 days ago7 views

Malicious code in cursed-ecto-d3ab00 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 49348969de68b56d680a46f67f817053621fa41a5220d8cd0bc1da720e77a5a1 The package has no legitimate functionality index.js is an empty module and exists solely to run an install-time attack payload. All four lifecycle...

6AI score
Exploits0References5
NVD
NVD
added 2026/06/18 4:16 a.m.19 views

CVE-2026-12505

A flaw was found in the cifs-utils package where the cifs.upcall helper fails to securely drop its root privileges before looking up user information inside a user-controlled environment. A local, low privileged attacker can exploit this by using a crafted requestkey payload to trick the root-own...

7.8CVSS0.0012EPSS
Exploits0References5
Debian CVE
Debian CVE
added 2026/06/18 3:34 a.m.7 views

CVE-2026-12505

A flaw was found in the cifs-utils package where the cifs.upcall helper fails to securely drop its root privileges before looking up user information inside a user-controlled environment. A local, low privileged attacker can exploit this by using a crafted requestkey payload to trick the root-own...

7.8CVSS6.1AI score0.0012EPSS
Exploits0
Vulnrichment
Vulnrichment
added 2026/06/18 3:34 a.m.12 views

CVE-2026-12505 Cifs-utils: local privilege escalation via forged cifs.spnego key description in cifs.upcall

A flaw was found in the cifs-utils package where the cifs.upcall helper fails to securely drop its root privileges before looking up user information inside a user-controlled environment. A local, low privileged attacker can exploit this by using a crafted requestkey payload to trick the root-own...

7.8CVSS5.8AI score0.0012EPSS
Exploits0References4
OSV
OSV
added 2026/05/27 11:53 a.m.18 views

SUSE-SU-2026:2092-1 Security update for go1.26-openssl

This update for go1.26-openssl fixes the following issues Security issues: - CVE-2026-33811: net: crash when handling long CNAME response bsc1264508. - CVE-2026-33814: net/http: infinite loop in HTTP/2 transport when given bad SETTINGSMAXFRAMESIZE bsc1264506. - CVE-2026-39817: cmd/go: 'go tool...

7.5CVSS6AI score0.00813EPSS
Exploits0References25
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.8 views

Astra Linux – Vulnerability in Golang-1.19

The go command may execute arbitrary code during compilation when using cgo. This can occur when running “go get” on a malicious module, or when running any other command that compiles unauthorized code. This issue can be triggered by linker flags, specified via the cgo LDFLAGS directive. Flags...

9.8CVSS7.2AI score0.01728EPSS
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/20 2:40 a.m.17 views

Malicious code in ethers-wallet-packages (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector beda1480a40189cc8177ace4e3d6fd9773ad81f4cbe5a6c07e3004427846dc8d The package impersonates the legitimate @ethersproject/wallet source files are otherwise verbatim copies, including the internal version string...

5.8AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/19 4:57 p.m.12 views

Malicious code in bytecore (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1c1ddd2dea35052822d2dc89f0f46ceae20c772c257e0c97f0024483e9ff31c0 The package masquerades as a pino-like logging middleware README is copied from pino, exports a pino property, mimics pino's option shape but the...

6AI score
Exploits0References2
OSV
OSV
added 2026/05/11 5:44 a.m.8 views

BIT-GOLANG-2026-42501 Malicious module proxy can bypass checksum database in cmd/go

A malicious module proxy can exploit a flaw in the go command's validation of module checksums to bypass checksum database validation. This vulnerability affects any user using an untrusted module proxy GOMODPROXY or checksum database GOSUMDB. A malicious module proxy can serve altered versions o...

7.5CVSS5.8AI score0.00231EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2026/05/08 12:0 a.m.13 views

Linux Distros Unpatched Vulnerability : CVE-2026-42501

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A malicious module proxy can exploit a flaw in the go command's validation of module checksums to bypass checksum database validation. This vulnerability affect...

7.5CVSS5.7AI score0.00231EPSS
Exploits0References3
NVD
NVD
added 2026/05/07 8:16 p.m.26 views

CVE-2026-42501

A malicious module proxy can exploit a flaw in the go command's validation of module checksums to bypass checksum database validation. This vulnerability affects any user using an untrusted module proxy GOMODPROXY or checksum database GOSUMDB. A malicious module proxy can serve altered versions o...

7.5CVSS0.00231EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/05/01 12:0 a.m.10 views

PT-2026-38570

Name of the Vulnerable Software and Affected Versions Go affected versions not specified Description A flaw in the go command's validation of module checksums allows a malicious module proxy to bypass checksum database validation. This occurs when the checksum database returns a successful respon...

7.6CVSS5.9AI score0.00231EPSS
Exploits0
OSV
OSV
added 2026/03/20 2:27 p.m.9 views

OESA-2026-1703 golang security update

The Go Programming Language. Security Fixes: The net/url package does not set a limit on the number of query parameters in a query. While the maximum size of query parameters in URLs is generally limited by the maximum request header size, the net/http.Request.ParseForm method can parse large...

10CVSS7.7AI score0.01945EPSS
Exploits2References7
OSV
OSV
added 2026/03/20 2:27 p.m.10 views

OESA-2026-1701 golang security update

The Go Programming Language. Security Fixes: The net/url package does not set a limit on the number of query parameters in a query. While the maximum size of query parameters in URLs is generally limited by the maximum request header size, the net/http.Request.ParseForm method can parse large...

10CVSS7.8AI score0.01945EPSS
Exploits2References7
OSV
OSV
added 2026/03/20 2:26 p.m.10 views

OESA-2026-1699 golang security update

The Go Programming Language. Security Fixes: The net/url package does not set a limit on the number of query parameters in a query. While the maximum size of query parameters in URLs is generally limited by the maximum request header size, the net/http.Request.ParseForm method can parse large...

10CVSS7.8AI score0.01945EPSS
Exploits2References7
OSV
OSV
added 2026/02/02 9:5 p.m.9 views

GO-2026-4352 OpenTofu has High CPU usage in "tofu init" with maliciously-crafted module packages in .zip format in github.com/opentofu/opentofu

OpenTofu has High CPU usage in "tofu init" with maliciously-crafted module packages in .zip format in github.com/opentofu/opentofu...

5.3AI score
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/01/28 7:30 p.m.4 views

CVE-2025-68119 Unexpected code execution when invoking toolchain in cmd/go

Downloading and building modules with malicious version strings can cause local code execution. On systems with Mercurial hg installed, downloading modules from non-standard sources e.g., custom domains can cause unexpected code execution due to how external VCS commands are constructed. This iss...

6.4AI score0.00335EPSS
Exploits0References4
EUVD
EUVD
added 2025/12/12 12:30 a.m.5 views

EUVD-2025-202933

WBCE CMS version 1.6.3 and prior contains an authenticated remote code execution vulnerability that allows administrators to upload malicious modules. Attackers can craft a specially designed ZIP module with embedded PHP reverse shell code to gain remote system access when the module is installed...

8.6CVSS7.8AI score0.00795EPSS
Exploits1References7
CVE
CVE
added 2025/12/11 9:44 p.m.14 views

CVE-2025-34506

WBCE CMS is affected: version 1.6.3 and earlier are vulnerable to authenticated remote code execution via uploading a malicious module. The flaw arises when an administrator can upload a ZIP module containing embedded PHP reverse shell code, enabling remote system access when installed. Exploitat...

8.8CVSS7.9AI score0.00795EPSS
Exploits1References6Affected Software1
GithubExploit
GithubExploit
added 2025/12/04 1:40 a.m.162 views

Exploit for CVE-2025-55182

CVE-2025-55182 Raw HTTP Requests to exploit the insecure lazy...

10CVSS7.4AI score0.99562EPSS
Exploits374
Rows per page
Query Builder