Lucene search
K

15404 matches found

OSV
OSV
added 2026/03/16 12:0 a.m.2 views

MAL-2026-1574 Malicious code in transform-spread (npm)

The package 'transform-spread' is part of the PhantomRaven supply chain attack campaign Wave 3. It uses a Remote Dynamic Dependency RDD technique: the published package appears benign but includes a URL-based dependency in package.json pointing to an attacker-controlled C2 server...

5.6AI score
Exploits0References3
OSV
OSV
added 2026/03/13 6:47 a.m.7 views

MAL-2026-1395 Malicious code in dell-fusion-core-drzak (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3d5d156081b9f33279287f433edff50b49a63fa67e0da031c374075fde1cc24f The package dell-fusion-core-drzak was found to contain malicious code. Source: ghsa-malware...

5.7AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/03/11 1:24 p.m.6 views

Malicious code in chai-as-flex (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e209e357d41cfd5d03c91f7b03e155685a36191ac79740818656d310c71390fe The package chai-as-flex was found to contain malicious code. Source: ghsa-malware 43ec01f2ce6223022a2f8808fefb3586a644577acb62fbe4184add705f616914 A...

5.7AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/03/08 2:13 p.m.7 views

Malicious code in pyutils-helper (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 8b1055c03077c874d21f69aa9403cebd070e2b7398e27b44310c977219bc0e7a Importing the module starts a silent cryptocurrency mining in the background for a hardcoded wallet. --- Category: MALICIOUS - The campaign has clearly malicio...

5.8AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/03/06 2:26 p.m.12 views

Malicious code in test-mal-npm-pkg-local (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e75a0b0eec22915db4ca63da2987beda61280504b532ef780e81b26d53e11d8e The package test-mal-npm-pkg-local was found to contain malicious code. Source: ghsa-malware...

5.7AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/03/01 10:11 a.m.12 views

Malicious code in noteasonfnsource (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 fa2242ec1849ffa55a55c85b7781623cdc7147b8568b3beaa5d2b3b956c04e17 Code provides a Discord bot, which - once a generic command is called - performs malicious action against the Discord server: deletes all channels, renames the...

6AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/02/27 7:50 p.m.12 views

Malicious code in hashtools32 (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 689514b83cd6496b0a4213d26325e73cd2c4f0e19128b969d19797bcdd4b131d During import, the package attempts to exfiltrate sensitive Telegram session files --- Category: MALICIOUS - The campaign has clearly malicious intent, like...

6AI score
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/02/24 3:34 p.m.5 views

CVE-2025-47904 Unsigned upgrade package

Download of Code Without Integrity Check vulnerability in Microchip Time Provider 4100 allows Malicious Manual Software Update.This issue affects Time Provider 4100: before 2.5...

5.7CVSS5.4AI score0.00082EPSS
Exploits0References2
OSV
OSV
added 2026/02/17 11:17 p.m.7 views

MAL-2026-932 Malicious code in easyreg (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 2897582bf6c0c29d4fc679ee338263019a8a5d5bcb66b5ae2c59454d6c967d6a The package pretends to be a development helper but, in fact, downloads a remote executable. Dynamic analysis reveals actions like disabling Windows Defender a...

5.6AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/02/13 1:50 p.m.9 views

Malicious code in despicable-me (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 80a6021ab3cbadc4a7b2c84dee85c1da3a01ecbab1b0a3b1e8aa1f6835a818ca The package despicable-me was found to contain malicious code. Source: ghsa-malware 8919618889f25d842da82fbc9462b9c95cfdcc8aaf393841f00b952d6f2e71f1...

5.6AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/02/11 10:54 a.m.12 views

Malicious code in node-dotenv-cli (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 76b47bebee6a74c00d3be10fad072e05074a62b29205377f682463290bad39c3 The package node-dotenv-cli was found to contain malicious code. Source: ghsa-malware 5bb66069e2bde985ae448962eaaf6373cd54aa2cd51fb20a0fef26ecb5dee2d...

5.6AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/02/10 10:28 p.m.9 views

Malicious code in gpu-discovery (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 ea1fffa4a4969c85232301df3c8d107642ac143fbf51600d166cfd2f8d536e10 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

5.8AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/02/03 7:22 a.m.11 views

Malicious code in kwp-analytics (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ff8db163baaddfa00a5ad4be917d7b8147bbc3b1b0807694614ab14ebac6c431 The package kwp-analytics was found to contain malicious code. Source: ghsa-malware 57994b2b00321595177d73893abdd66ed3fdbe0f5ff0a7565c59efb6126d9e7a...

5.4AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/02/02 9:8 a.m.9 views

Malicious code in callapirequests (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 6e7fadeb48347b57805dea2f58d0f662e43170e0e4439a424f6dec66cf285452 Importing the module downloads and starts remote executable identified as malware --- Category: MALICIOUS - The campaign has clearly malicious intent, like...

5.4AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/01/27 8:12 a.m.10 views

Malicious code in internallib_v828 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ff1fe83e3d9c31b100d3117b436d62cb5bbed907b6393fd0ae603bd365e73889 The package internallibv828 was found to contain malicious code. Source: ghsa-malware d15fc740eb3e49fec4406761a411f74ba5e572f8ead9811783ba32b4417d0db...

5.8AI score
Exploits0References1
OSV
OSV
added 2026/01/27 2:25 a.m.10 views

MAL-2026-524 Malicious code in mapkit-example-vue (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a99b2a1b5d1181c18ff26056481018d107fc6fc38df563e0d7fba6aa44b7cd51 The package mapkit-example-vue was found to contain malicious code. Source: ghsa-malware...

5.8AI score
Exploits0References1
OSV
OSV
added 2026/01/21 4:28 a.m.5 views

MAL-2026-391 Malicious code in internallib_v962 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9664f22a915362fceed28ec2e15ea4bfbc16dbdd91cb358cba05ef247fec36a5 The package internallibv962 was found to contain malicious code. Source: ghsa-malware 1e08ba6555343cafd51a03a186572eaf33065999ee721770a8d507645826dfd...

5.5AI score
Exploits0References1
OSV
OSV
added 2026/01/21 4:23 a.m.5 views

MAL-2026-386 Malicious code in chai-chain-async (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d3340d37485bf0cbe47f2378b96588e8afadc83635bef93d108730ea72ab8f78 The package chai-chain-async was found to contain malicious code. Source: ghsa-malware a3404961b3edc416f501bf5ec175f0bbb95a188e9f1210305c9e37783e6265...

5.5AI score
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:30 a.m.20 views

CVE-2023-29444

An uncontrolled search path element vulnerability DLL hijacking has been discovered that could allow a locally authenticated adversary to escalate privileges to SYSTEM. Alternatively, they could host a trojanized version of the software and trick victims into downloading and installing their...

7.3CVSS7.3AI score0.00171EPSS
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/01/07 6:49 a.m.9 views

Malicious code in hiqomu (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0f1b14ad8ceaca23c5a536740bb79e0425805fb3df3bd23448dd6cee7af377ad The package hiqomu was found to contain malicious code. Source: ghsa-malware 0bd082bac5a58a31b60a13d745e6ec55d8e49b1e4d5d17c9f3711f28e611f0de Any...

6.9AI score
Exploits0References1
Rows per page
Query Builder