Lucene search
K

21 matches found

OSV
OSV
added 2026/06/26 5:44 p.m.8 views

MAL-2026-6532 Malicious code in chai-as-assured (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bd28efd7a3d07f87ec22556cc25a8c07117fa4cdd237c6cb1db750c976a11836 chai-as-assured impersonates the popular chai-as-promised package matching README, author, and API surface. When the exported plugin function is...

5.9AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/26 5:44 p.m.10 views

Malicious code in chai-as-assured (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bd28efd7a3d07f87ec22556cc25a8c07117fa4cdd237c6cb1db750c976a11836 chai-as-assured impersonates the popular chai-as-promised package matching README, author, and API surface. When the exported plugin function is...

5.9AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/22 6:23 p.m.9 views

Malicious code in vitest-cli (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 27abcc7f2373309feb253b0cc48b1a8bae7c54a3c43aed0c57add697f4067aba Package name vitest-cli impersonates the official Vitest project while declaring empty author, homepage, repository, and bugs metadata. The...

6AI score
Exploits0References6
OSV
OSV
added 2026/06/22 6:23 p.m.7 views

MAL-2026-6267 Malicious code in vitest-cli (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 27abcc7f2373309feb253b0cc48b1a8bae7c54a3c43aed0c57add697f4067aba Package name vitest-cli impersonates the official Vitest project while declaring empty author, homepage, repository, and bugs metadata. The...

6AI score
Exploits0References6
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/17 4:18 a.m.9 views

Malicious code in pathfix (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f2527fa3618f01b694722f2a50297c248053dcdabf1b471ee9bdbdc6522bb838 pathfix presents itself as a Stylus port of normalize.css but ships a copy of the unrelated normalize-path module with an appended...

5.9AI score
Exploits0References4
OSV
OSV
added 2026/06/17 4:18 a.m.7 views

MAL-2026-5989 Malicious code in pathfix (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f2527fa3618f01b694722f2a50297c248053dcdabf1b471ee9bdbdc6522bb838 pathfix presents itself as a Stylus port of normalize.css but ships a copy of the unrelated normalize-path module with an appended...

5.9AI score
Exploits0References4
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/16 4:22 p.m.6 views

Malicious code in chain-chai-test (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4287ff6637bb0d3109dcdc3082aece79d69deca2a3580ebf850ec1c13e8a3e00 [email protected] advertises itself as a pino-style logger keywords fast/logger/stream/json, exported alias module.exports.pino = middleware,...

5.8AI score
Exploits0References2
OSV
OSV
added 2026/06/16 4:22 p.m.19 views

MAL-2026-5908 Malicious code in chain-chai-test (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4287ff6637bb0d3109dcdc3082aece79d69deca2a3580ebf850ec1c13e8a3e00 [email protected] advertises itself as a pino-style logger keywords fast/logger/stream/json, exported alias module.exports.pino = middleware,...

5.8AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/11 7:19 a.m.11 views

Malicious code in chai-as-victimed (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4b60cf728d4e2f5932f37d3e420649f6facc08959a8380a4724ec9e885b88754 Package name impersonates chai-as-promised but ships a remote-code dropper. lib/caller.js base64-decodes a hardcoded URL pointing to...

6.5AI score
Exploits0References1
OSV
OSV
added 2026/06/11 7:19 a.m.16 views

MAL-2026-5605 Malicious code in chai-as-victimed (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4b60cf728d4e2f5932f37d3e420649f6facc08959a8380a4724ec9e885b88754 Package name impersonates chai-as-promised but ships a remote-code dropper. lib/caller.js base64-decodes a hardcoded URL pointing to...

6.5AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/11 5:6 a.m.10 views

Malicious code in webpack-patch (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d0f5ce3525e99528190ba5217a777184e302d46050fc23bef173de6fda240eba Package impersonates the webpack ecosystem but is unrelated to webpack. When the exported middleware is invoked, index.js spawns a detached node...

6.5AI score
Exploits0References2
OSV
OSV
added 2026/06/10 6:44 p.m.12 views

MAL-2026-5527 Malicious code in check-error-util (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7c25cbbb904c18028cac363ba66eb89d91301bd3204a8347834e52387b4b575e On require/import, index.js executes a top-level resolveConfig that reconstructs a URL from an XOR-obfuscated integer array, AES-256-CBC-decrypts it,...

6.2AI score
Exploits0References6
OSV
OSV
added 2026/05/25 5:50 p.m.10 views

MAL-2026-4622 Malicious code in normalize-path-seq (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 048493f47bc6a8b0a61c93d14a9bfbbe5edd77baff2d2423870e3cc8b7099b0a On require, index.js invokes initPlugin at the module top level, which performs an HTTPS GET to https://jsonkeeper.com/b/VL3WY, parses the response...

6.3AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/14 7:24 p.m.12 views

Malicious code in bigint.fs (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cb3e0cb5c95475ce69c3672be6acfb9283bc6e29a1d7ba7452c922e7dc96a966 On require/import, index.js runs an IIFE that POSTs a getAccountInfo RPC call to https://api.devnet.solana.com for Solana account...

6.4AI score
Exploits0References2
The Hacker News
The Hacker News
added 2026/04/07 5:56 a.m.14 views

Flowise AI Agent Builder Under Active CVSS 10.0 RCE Exploitation; 12,000+ Instances Exposed

Threat actors are exploiting a maximum-severity security flaw in Flowise , an open-source artificial intelligence AI platform, according to new findings from VulnCheck. The vulnerability in question is CVE-2025-59528 CVSS score: 10.0, a code injection vulnerability that could result in remote cod...

10CVSS6.4AI score0.90183EPSS
Exploits25
Snyk
Snyk
added 2026/04/01 12:5 a.m.6 views

Arbitrary Code Injection

Overview Affected versions of this package are vulnerable to Arbitrary Code Injection through the escapeNodeAttributeValues process. An attacker can execute arbitrary operating system commands by crafting a malicious .sy.zip file containing specially formatted block attribute values, which, when...

9.3CVSS6.2AI score0.00343EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2025/11/20 12:0 a.m.5 views

TencentOS Server 4: kubevirt (TSSA-2025:0586)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2025:0586 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities...

8.2CVSS7.1AI score0.00868EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2009-3892

Malware in sbrugna...

4CVSS6.4AI score0.01152EPSS
Exploits0References7
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2023-0987

Malicious code in bioql PyPI...

8.2CVSS8.1AI score0.00611EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/05/21 7:55 p.m.6 views

CVE-2009-3921

The Smartqueueog module 5.x before 5.x-1.3 and 6.x before 6.x-1.0-rc3, a module for Drupal, does not verify group-node privileges in certain circumstances involving subqueue creation, which allows remote authenticated users to discover arbitrary organic group names by reading confirmation message...

4CVSS6.8AI score0.01152EPSS
Exploits0References1
Rows per page
Query Builder