Lucene search
K

253190 matches found

OSV
OSV
added yesterday3 views

MAL-2026-10515 Malicious code in nodemon-web (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c3f5aa35dd34f3c1d075d6ebee3f25a0445780f6f2c78d55a958868e530fe315 nodemon-web copies the source of the popular nodemon package verbatim and reuses Remy Sharp's author metadata and the...

6.1AI score
Exploits0References2
EUVD
EUVD
added yesterday5 views

EUVD-2026-43500

In the Apache Airflow FAB auth manager, a DAG whose dagid is DAGs collided with the global all-DAGs permission resource name produced by resourcename, so a user granted per-DAG accesscontrol on that one DAG was silently granted the global all-DAGs permission privilege escalation. The escalation...

8.1CVSS6.1AI score
Exploits0References2
RedhatCVE
RedhatCVE
added yesterday6 views

CVE-2026-15584

A privilege escalation vulnerability was found in the incluster-checks tool for OpenShift. The tool creates privileged debug pods with host filesystem access in the shared default namespace, where any user with the standard edit role can exec into them and obtain root access on cluster nodes...

7.5CVSS6AI score
Exploits0References3
OSV
OSV
added yesterday16 views

ROOT-APP-NPM-CVE-2026-44902 CVE-2026-44902 in @rootio/opentelemetry__sdk-node - Patched by Root

Root has patched CVE-2026-44902 in the @rootio/opentelemetrysdk-node package for Root:npm. Multiple fixed versions available...

7.5CVSS5.8AI score0.00455EPSS
Exploits0
OSV
OSV
added yesterday3 views

MAL-2026-10431 Malicious code in @tailwind-ts/eslint-plugin (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e8feb6293e6f7cb00a6c6ab82e6d04f8eae29e846ae0abb8a1d65e2cdfbbc9c7 Package is published as an ESLint plugin for Tailwind CSS v4, but the shipped code implements unrelated Polymarket Kelly stake math and a postinstall...

6.2AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added yesterday4 views

Malicious code in tipsen-poc-again (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c0977477bc81c656f52fb981657983580b411dda6d2c6766ba4d6a35fe4ae970 package.json declares its sole runtime dependency safe-chain-test as an HTTPS tarball URL pointing at a trycloudflare.com quick-tunnel host...

6.3AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added yesterday5 views

Malicious code in abuden222 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4c141ada78ccdede0bb49a76d998fcf07eb4cc60c58cce5fdc1b5933b85a817d The tarball ships auto-publish.sh, a script that republishes the same payload under 100 distinct npm names ishowfeet1-ishowfeet20, nottuff1-nottuff30...

6.2AI score
Exploits0References4
OSSF Malicious Packages
OSSF Malicious Packages
added yesterday5 views

Malicious code in abuden217 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 42fce03517a0e7a241f99d0ce806a5bb90a4f70b083a2997c80868f3bc37d4b4 The tarball ships auto-publish.sh, a script that republishes the same payload under 100 distinct npm names ishowfeet1-ishowfeet20, nottuff1-nottuff30...

6.2AI score
Exploits0References4
OSSF Malicious Packages
OSSF Malicious Packages
added yesterday5 views

Malicious code in abuden224 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e4b6da7762075dee890b0878af8420637eed76f394f658992c5e10454e09e1e2 The tarball ships auto-publish.sh, a script that republishes the same payload under 100 distinct npm names ishowfeet1-ishowfeet20, nottuff1-nottuff30...

6.2AI score
Exploits0References4
OSSF Malicious Packages
OSSF Malicious Packages
added yesterday4 views

Malicious code in abuden225 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1055fc13dd3381055731dec99548ae360bcbf6263ffea25b8e89e49f43c9fb05 The tarball ships auto-publish.sh, a script that republishes the same payload under 100 distinct npm names ishowfeet1-ishowfeet20, nottuff1-nottuff30...

6.2AI score
Exploits0References4
OSSF Malicious Packages
OSSF Malicious Packages
added yesterday4 views

Malicious code in abuden211 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3b56fab3567bb384777773b6a1a1793f1842ae69d9937268e4c6d837072f51ac The tarball ships auto-publish.sh, a script that republishes the same payload under 100 distinct npm names ishowfeet1-ishowfeet20, nottuff1-nottuff30...

6.2AI score
Exploits0References4
OSSF Malicious Packages
OSSF Malicious Packages
added yesterday4 views

Malicious code in abuden214 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4bdbebaa72ae71aae5482f3726a6be11649402b33365104e2fbf39f1db624137 The tarball ships auto-publish.sh, a script that republishes the same payload under 100 distinct npm names ishowfeet1-ishowfeet20, nottuff1-nottuff30...

6.2AI score
Exploits0References4
OSSF Malicious Packages
OSSF Malicious Packages
added yesterday4 views

Malicious code in abuden228 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b15ded0c14059932e82f8e56f2b6d6fb13ebe2da3b51d3e17e048044e9266716 The tarball ships auto-publish.sh, a script that republishes the same payload under 100 distinct npm names ishowfeet1-ishowfeet20, nottuff1-nottuff30...

6.2AI score
Exploits0References4
OSSF Malicious Packages
OSSF Malicious Packages
added yesterday4 views

Malicious code in sixseven10 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 21936e53270838d4901646de1e1c3eef9212055032d3cead428cbf3bfd60b9ed The package declares no install/postinstall/preinstall lifecycle scripts, and its declared main is sw.js — a browser ServiceWorker that uses...

6.2AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added yesterday4 views

Malicious code in abuden215 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 895382f96e91ecd3b6a78cac09b905becc2692fef044eacd9ce4d5cb18327b5f The tarball ships auto-publish.sh, a script that republishes the same payload under 100 distinct npm names ishowfeet1-ishowfeet20, nottuff1-nottuff30...

6.2AI score
Exploits0References4
OSSF Malicious Packages
OSSF Malicious Packages
added yesterday4 views

Malicious code in abuden223 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 16b3eb424174fa150faf06029c6808e9bb0e7e235b73c0b9fc8a6fe33e32fa8b The tarball ships auto-publish.sh, a script that republishes the same payload under 100 distinct npm names ishowfeet1-ishowfeet20, nottuff1-nottuff30...

6.2AI score
Exploits0References4
OSSF Malicious Packages
OSSF Malicious Packages
added yesterday5 views

Malicious code in abuden212 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 12fc33584a728d7313bfc310121db6971d546738676f5b71bd5202527415822a The tarball ships auto-publish.sh, a script that republishes the same payload under 100 distinct npm names ishowfeet1-ishowfeet20, nottuff1-nottuff30...

6.2AI score
Exploits0References4
OSSF Malicious Packages
OSSF Malicious Packages
added yesterday4 views

Malicious code in abuden219 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1de0c667d7c3cbfd4c96728443db8ac059d53487498341bd937cf2aaf738574a The tarball ships auto-publish.sh, a script that republishes the same payload under 100 distinct npm names ishowfeet1-ishowfeet20, nottuff1-nottuff30...

6.2AI score
Exploits0References4
OSSF Malicious Packages
OSSF Malicious Packages
added yesterday6 views

Malicious code in nottuff6 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 31a4e89de7dc0db67a1f6c404dc1b6b0b418cd8207e71ad82ef8d2027acb7ea9 The tarball ships auto-publish.sh, a script that republishes the same payload under 100 distinct npm names ishowfeet1-ishowfeet20, nottuff1-nottuff30...

6.2AI score
Exploits0References4
OSSF Malicious Packages
OSSF Malicious Packages
added yesterday3 views

Malicious code in nottuff13 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 79fcdb937c07c7ec8c87b884a8410166890165c5e9554397ed5ebcb1a5e58cf7 The tarball ships auto-publish.sh, a script that republishes the same payload under 100 distinct npm names ishowfeet1-ishowfeet20, nottuff1-nottuff30...

6.2AI score
Exploits0References4
Rows per page
Query Builder