Lucene search
+L

4 matches found

OSV
OSV
added 2026/07/06 12:0 a.m.4 views

MAL-2026-10237 Malicious code in tme-xca-react (npm)

The tme-xca-react package was published to the npm registry by user 'click2ai' maintainer email [email protected] as part of a dependency-confusion / reconnaissance campaign. The package name mimics the internal/private package naming convention of a target organization a 'tme' internal...

6.1AI score
Exploits0References3
OSV
OSV
added 2026/07/06 12:0 a.m.3 views

MAL-2026-10235 Malicious code in tme-error (npm)

The tme-error package was published to the npm registry by user 'click2ai' maintainer email [email protected] as part of a dependency-confusion / reconnaissance campaign. The package name mimics the internal/private package naming convention of a target organization a 'tme' internal...

6.1AI score
Exploits0References3
OSV
OSV
added 2026/05/25 12:32 a.m.10 views

MAL-2026-4473 Malicious code in @zizie071/libsignal-node (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3e6d5096096e7e958916c5449a7480949135e6af5cd9acd4e1b1edab8c331163 On require, index.js schedules install.js which locates the installer's @whiskeysockets/baileys package on disk and overwrites lib/Socket/newsletter....

5.9AI score
Exploits0References2
OSV
OSV
added 2026/05/08 5:24 p.m.6 views

GHSA-FQ7H-9X26-6J22 ExternalSecrets vulnerable to privilege escalation with secret overwriting

ExternalSecrets allows users to craft Service Account tokens for misconfigured Service Accounts in namespaces the users have access to. Impact A user who only has permission to create ExternalSecret resources can cause the operator to create a Secret that Kubernetes will automatically populate wi...

4.9CVSS5.8AI score0.00214EPSS
Exploits0References5
Rows per page
Query Builder