Lucene search
K

5872 matches found

OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/24 6:54 p.m.15 views

Malicious code in cxpher-linux-arm32 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cd6c14d2899b638880b25bf1c35973ed1c9cf6fcb99331447e3da7c2478124c7 The package's main is an ARM ELF binary that, when loaded, mkdtemp's a working directory under /dev/shm/.cxpher.XXXXXX or /tmp/.cxpher.XXXXXX, writes...

5.9AI score
Exploits0References1
OSV
OSV
added 2026/05/22 1:29 p.m.13 views

MAL-2026-4763 Malicious code in pulumi-vcd (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 08bbc8be2cfa9a85473b0287e3c327b16c3f9e15886869bd9e2188a323448fd9 Package pulumivcd is published with metadata mimicking an official Pulumi SDK Homepage https://www.pulumi.com, tfgen-style auto-generated bindings bu...

6AI score
Exploits0References2
hivepro
hivepro
added 2026/05/22 10:1 a.m.9 views

Nucleus Security vs Hive Pro: CTEM Comparison

Choosing between Nucleus Security vs Hive Pro is really a decision about how your security team wants to run exposure management: as an aggregation and workflow layer over existing tools, or as a broader CTEM platform that combines aggregation, native discovery, threat intelligence, validation, a...

5.8AI score
Exploits0
Cvelist
Cvelist
added 2026/05/21 3:51 p.m.41 views

CVE-2026-48207 Apache Fory: PyFory ReduceSerializer Incomplete Policy Enforcement

Deserialization of untrusted data in Apache Fory PyFory. PyFory's ReduceSerializer could bypass documented DeserializationPolicy validation hooks during reduce-state restoration and global-name resolution. An application is vulnerable if it deserializes attacker-controlled data using PyFory...

0.00574EPSS
Exploits0References1
OSV
OSV
added 2026/05/20 7:31 p.m.7 views

MAL-2026-4448 Malicious code in @tailwind-core/oxide-linux-x64-gnu (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a107a0746f2f5159d661e4d332eac53f871b9d22f80caf5863bdd713e252ae00 The package name '@tailwind-core/oxide-linux-x64-gnu' impersonates the legitimate Tailwind CSS v4 oxide engine package...

5.9AI score
Exploits0References1
Snyk
Snyk
added 2026/05/20 4:44 p.m.4 views

Malicious Package

Overview @doctolib-apps/native-personalized-services is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that...

9.8CVSS5.8AI score
Exploits0References2
OSV
OSV
added 2026/05/20 4:44 p.m.9 views

MAL-2026-4186 Malicious code in @doctolib-apps/native-personalized-services (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ac2da4b8de2ea081f8fe7b84ef6182ab363616dc0515aaa03368bcba4a4b8e76 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.8AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/20 12:16 p.m.9 views

Malicious code in @rspack-debug/core (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c05c92aa1796614da12b282390f160fef2a5c63aba9a3257af956c19df341ce5 Package @rspack-debug/[email protected] impersonates the popular @rspack/core bundler. The README, description 'Fast Rust-based bundler for the web with a...

5.9AI score
Exploits0References1
OSV
OSV
added 2026/05/20 12:16 p.m.7 views

MAL-2026-4428 Malicious code in @rspack-debug/core (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c05c92aa1796614da12b282390f160fef2a5c63aba9a3257af956c19df341ce5 Package @rspack-debug/[email protected] impersonates the popular @rspack/core bundler. The README, description 'Fast Rust-based bundler for the web with a...

5.9AI score
Exploits0References1
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.1 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: Wifi: ath12k: Fixed invalid data access in ath12kdprxhundecapnwifi. In certain cases, hardware may generate packets with a length exceeding the maximum native Wi-Fi header length. This can lead to accessing and modifying fields...

7.8CVSS6.2AI score0.00168EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.4 views

Astra Linux – Vulnerability in Tomcat9

There is a vulnerability in Apache Tomcat when using the APR/Native connector, involving concurrent execution with shared resources and improper synchronization known as “race condition”. This issue is particularly noticeable during client-initiated closures of HTTP/2 connections. This issue...

7.5CVSS7.8AI score0.01819EPSS
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/20 3:22 a.m.11 views

Malicious code in @tailwind-core/oxide-win32-x64-msvc (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d93cb69a6f12f5739ab03d78641f2a79179750b6182f65ba5b8fb8ec4a1399bc The package name @tailwind-core/oxide-win32-x64-msvc impersonates the legitimate Tailwind CSS scope @tailwindcss published by tailwindlabs. The READM...

6AI score
Exploits0References1
OSV
OSV
added 2026/05/20 3:22 a.m.13 views

MAL-2026-4449 Malicious code in @tailwind-core/oxide-win32-x64-msvc (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d93cb69a6f12f5739ab03d78641f2a79179750b6182f65ba5b8fb8ec4a1399bc The package name @tailwind-core/oxide-win32-x64-msvc impersonates the legitimate Tailwind CSS scope @tailwindcss published by tailwindlabs. The READM...

6AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/20 2:36 a.m.13 views

Malicious code in python-utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5b94c01fae325c5f5e92abd5da03527c54e22bb48202b1dc8b3e2c64947753b2 package.json declares "preinstall": "./dist/typecheck.js". The referenced file is not JavaScript — it is a 5,224,556-byte Linux x86 ELF executable...

5.8AI score
Exploits0References2
OSV
OSV
added 2026/05/20 2:15 a.m.10 views

MAL-2026-4468 Malicious code in @wengine-ai/claude-code-router-shared (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 45e362000d036139e02a066a82ec157314a07796e0e855cdce184cc081ca4591 dist/index.js line 14 issues a fetch call to https://pub-0dc3e1677e894f07bbea11b17a29e032.r2.dev, an anonymous Cloudflare R2 bucket, and references...

6AI score
Exploits0References7
OSV
OSV
added 2026/05/20 12:22 a.m.8 views

MAL-2026-4542 Malicious code in crypto-javascript (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ee2e9ca362c982e5c75ed96c626b87ca91d85fb6cb52c89c7a8def86851017b8 Package name typosquats the widely-used crypto-js library and mirrors its API surface, README, and repository references to appear legitimate...

5.6AI score
Exploits0References5
OSV
OSV
added 2026/05/19 11:8 p.m.10 views

MAL-2026-4606 Malicious code in martinez-polygon-clipping-tony (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector dabf04b2f99e28eb10740bd7459bf64513fac98a064b60071b1e7aabf8674dd0 Package name impersonates the legitimate martinez-polygon-clipping library: README, badges, and API surface are copied verbatim, while repository...

5.7AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/19 6:5 p.m.10 views

Malicious code in @bonsai-ai/claude-code (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ad3b5646cf88b8eb5a7dbbec9fc2f1cfefcdf3a241d9604992e72c2f629889b9 Package published as @bonsai-ai/claude-code impersonates Anthropic's official @anthropic-ai/claude-code CLI. package.json sets author to 'Anthropic '...

5.9AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/19 5:50 p.m.13 views

Malicious code in @bonsai-ai/claude-code-win32-x64 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d6591be3fe5d0b37196562035353367d96a2bb1390d8f0f4dae3c5abbfd927f6 Package is published under the @bonsai-ai scope but impersonates Anthropic's official @anthropic-ai/claude-code-win32-x64 platform package...

5.8AI score
Exploits0References1
RedHat Linux
RedHat Linux
added 2026/05/19 1:26 p.m.14 views

tomcat: Apache Tomcat: Certificate revocation bypass due to improper OCSP response validation

A flaw was found in Apache Tomcat. When an Online Certificate Status Protocol OCSP responder is used, the Tomcat Native component, and Tomcat's FFM port of the Tomcat Native code, does not properly verify or check the freshness of the OCSP response. This improper input validation vulnerability...

7.5CVSS6.6AI score0.00498EPSS
Exploits0References5
Rows per page
Query Builder