42069 matches found
CVE-2025-24815 An unrestricted file upload vulnerability in Nokia MantaRay NM
Nokia MantaRay NM is subject to an unrestricted file upload vulnerability due to insufficient file type validation. Successful exploitation could allow an authenticated attacker to upload malicious files onto the system...
EUVD-2025-210369
Nokia MantaRay NM is subject to an unrestricted file upload vulnerability due to insufficient file type validation. Successful exploitation could allow an authenticated attacker to upload malicious files onto the system...
CVE-2025-24815
CVE-2025-24815 affects Nokia MantaRay NM and describes an unrestricted file upload vulnerability caused by insufficient file type validation. The issue could allow an authenticated attacker to upload malicious files onto the system. No remediation details are provided in the supplied documents.
CVE-2026-50229
creationtimestamp| type| source ---|---|--- 2026-06-29 21:40:40+00:00| seen| https://bsky.app/profile/malwareobserver.bsky.social/post/3mphhbocbak2p 2026-06-29 22:19:25+00:00| seen| https://bsky.app/profile/infosec.skyfleet.blue/post/3mphjgx4ff32q 2026-06-29 23:32:51+00:00| seen|...
CVE-2026-55957
creationtimestamp| type| source ---|---|--- 2026-06-29 21:36:56+00:00| seen| https://bsky.app/profile/malwareobserver.bsky.social/post/3mphh2yd4ic23 2026-06-29 22:43:44+00:00| seen| https://bsky.app/profile/infosec.skyfleet.blue/post/3mphksgifwx23 2026-06-29 22:51:37+00:00| seen|...
CVE-2026-57341
creationtimestamp| type| source ---|---|--- 2026-06-29 16:01:47+00:00| seen| https://bsky.app/profile/malwareobserver.bsky.social/post/3mpgudozghx2b 2026-06-29 20:22:37+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mphcw47xbf22...
CVE-2026-13742 Lack of signature verification before execution of downloaded content
Honeywell IQ MultiAccess, all versions prior to and including version 28, contain an improper digital signature verification vulnerability. An attacker could potentially exploit this vulnerability, leading to the replacement of downloaded file with a malicious one. Honeywell also recommends...
Malicious code in @ibrahim1337/baksen (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ea195bd44e54cd1051fc279a0e871b02c15eea04f65c80979d756fa767f541b4 Package @ibrahim1337/baksen ships a Windows x64 infostealer toolkit that targets Chromium-family browsers Chrome, Brave, Edge, Opera, Opera GX on the...
CVE-2026-13513
creationtimestamp| type| source ---|---|--- 2026-06-29 00:28:28+00:00| seen| https://bsky.app/profile/malwareobserver.bsky.social/post/3mpfa6sd5lg2m 2026-06-29 02:13:37+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mpfg2pst3i2w...
CVE-2026-13516
creationtimestamp| type| source ---|---|--- 2026-06-29 00:25:58+00:00| seen| https://bsky.app/profile/malwareobserver.bsky.social/post/3mpfa2crs3e25 2026-06-29 04:58:38+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mpfpbuujq62j 2026-06-29 06:00:27+00:00| seen|...
CVE-2026-13508
creationtimestamp| type| source ---|---|--- 2026-06-28 23:39:58+00:00| seen| https://bsky.app/profile/malwareobserver.bsky.social/post/3mpf5i3ikuf2s 2026-06-29 02:08:33+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mpffrrfccn2x...
MAL-2026-6558 Malicious code in fsociety-tools (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 88731d75288f663967fc64dde12b04eb43a2eb3d4113486bf35b1cf3d89ae537 On import, fsocietytools/init.py loads tokens.py, which at module load time instantiates TokenManager. The constructor concatenates eight large strin...
MAL-2026-6549 Malicious code in discord-token-generator (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ebd016cfcb52b59c0141268099b96c1336a15ca1d0afce46f367c7fe376f57de discordtokengenerator/init.py imports tokens.py, which instantiates TokenManager at module load. The constructor calls notin, which concatenates eigh...
Malicious code in ts-ankle (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1695e2ffa9252abe1053fc13895a071bd87cb27eb009eeb2262aae1a27da4ea5 On npm install, [email protected] runs a postinstall hook node test.js that executes two hostile flows against the installer's machine without user...
CVE-2026-50767
creationtimestamp| type| source ---|---|--- 2026-06-26 22:47:01+00:00| seen| https://bsky.app/profile/malwareobserver.bsky.social/post/3mp7zljs7au2o 2026-06-29 17:33:46+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mpgzi6wa632w...
Miasma Malware Targets npm Packages and GitHub Actions in Supply Chain Attack
Cybersecurity researchers have flagged yet another evolution of the supply chain attack linked to the Mini Shai-Hulud, Miasma, and Hades malware family that has compromised a new set of npm packages, even as it has propagated to the Go ecosystem. "The latest activity includes malicious npm releas...
Malicious code in sqligen (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector de59ac5884f286d69e42a71ba0cb7b99aa06d2b1f0e28a279a84d3db86eb3196 setup.py contains an obfuscated install-time dropper that fires on Windows. Two functions with diagnostic-sounding names 'GetDefaultSystemPolicy' /...
MAL-2026-6515 Malicious code in sqligen (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector de59ac5884f286d69e42a71ba0cb7b99aa06d2b1f0e28a279a84d3db86eb3196 setup.py contains an obfuscated install-time dropper that fires on Windows. Two functions with diagnostic-sounding names 'GetDefaultSystemPolicy' /...
MAL-2026-6501 Malicious code in wellnpm (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2cce5614817c010bad6d6bd86146713b627ad235b87d9ccd341bd3d996a80119 [email protected] ships a 24MB ELF binary named launch which is the XMRig Monero miner RandomX, cn/upx2, ghostrider algorithm strings, libuv/OpenSSL...
Malicious code in rstreams-metrics (npm)
The rstreams-metrics npm package was compromised as part of the Miasma worm campaign targeting the LeoPlatform npm ecosystem. On June 24, 2026, 20 LeoPlatform packages were published within a 3-second window by a threat actor who had taken over the npm account czirker belonging to the LeoPlatform...