Lucene search
K

10 matches found

OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/24 6:5 a.m.11 views

Malicious code in harness-skil (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e03ab8467953cd2233e07e792a33c7df7be2c99c66da3b814538a169337b93e6 The package's install.js wired to an npm install lifecycle hook requires childprocess, fs, and https, then issues an https.get to a...

5.9AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/21 9:49 p.m.12 views

Malicious code in claude-content-writer (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b38e69b148dc7998c9ab02fb5b6c2a90413a88129cf7db96b1c900e9c830f719 On npm install, the package's postinstall hook runs scripts/install-dependencies.sh, which performs git clone --depth 1...

6AI score
Exploits0References1
OSV
OSV
added 2026/05/21 9:49 p.m.7 views

MAL-2026-4524 Malicious code in claude-content-writer (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b38e69b148dc7998c9ab02fb5b6c2a90413a88129cf7db96b1c900e9c830f719 On npm install, the package's postinstall hook runs scripts/install-dependencies.sh, which performs git clone --depth 1...

6AI score
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/08/08 4:9 p.m.3 views

CVE-2025-53520 EG4 Electronics EG4 Inverters Download of Code Without Integrity Check

The affected product allows firmware updates to be downloaded from EG4's website, transferred via USB dongles, or installed through EG4's Monitoring Center remote, cloud-connected interface or via a serial connection, and can install these files without integrity checks. The TTComp archive format...

8.8CVSS6.7AI score0.0019EPSS
Exploits0References2
OSV
OSV
added 2025/05/01 6:15 p.m.6 views

CVE-2025-32890

An issue was discovered on goTenna Mesh devices with app 5.5.3 and firmware 1.1.12. It uses a custom implementation of encryption without any additional integrity checking mechanisms. This leaves messages malleable to an attacker that can access the message...

6.5CVSS5.8AI score0.00115EPSS
Exploits1References2
OSV
OSV
added 2025/05/01 6:15 p.m.4 views

CVE-2025-32882

An issue was discovered on goTenna v1 devices with app 5.5.3 and firmware 0.25.5. The app uses a custom implementation of encryption without any additional integrity checking mechanisms. This leaves messages malleable to an attacker that can access the message...

6.5CVSS5.8AI score
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/09/26 12:0 a.m.5 views

PT-2024-30298 · Gotenna · Gotenna Pro Atak Plugin

Name of the Vulnerable Software and Affected Versions: goTenna Pro ATAK Plugin affected versions not specified Description: The goTenna Pro ATAK Plugin uses AES CTR type encryption for short, encrypted messages without any additional integrity checking mechanisms. This leaves messages malleable t...

6.5CVSS6.8AI score0.00092EPSS
Exploits0References6
CNVD
CNVD
added 2017/04/06 12:0 a.m.1 views

Huawei HiSuite Man-in-the-Middle Attack Vulnerability

Huawei HiSuite is a set of cell phone assistant software for PC from Huawei, China. A security vulnerability exists in Huawei HiSuite version 4.0.5.300OVE due to the program using unencrypted HTTP to download upgrade packages and failing to check the integrity of the packages before installation...

7.8CVSS6.7AI score0.0021EPSS
Exploits0References1
OSV
OSV
added 2013/08/06 2:52 a.m.6 views

AZL-41159 CVE-2013-1633 affecting package python-pip 24.2-6

easyinstall in setuptools before 0.7 uses HTTP to retrieve packages from the PyPI repository, and does not perform integrity checks on package contents, which allows man-in-the-middle attackers to execute arbitrary code via a crafted response to the default use of the product...

6.8CVSS6.2AI score0.01949EPSS
Exploits0References1
PyPA
PyPA
added 2013/08/06 2:52 a.m.7 views

PYSEC-2013-8

pip before 1.3 uses HTTP to retrieve packages from the PyPI repository, and does not perform integrity checks on package contents, which allows man-in-the-middle attackers to execute arbitrary code via a crafted response to a "pip install" operation...

6.8CVSS7.8AI score0.06217EPSS
Exploits1References7Affected Software1
Rows per page
Query Builder