Lucene search
K

252661 matches found

OSSF Malicious Packages
OSSF Malicious Packages
added 2026/03/26 12:57 a.m.7 views

Malicious code in @zecho/baileys-mod (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6e4d4b2c49e19b5e36babb83f8095290c3bd09ad9fb4065ccf3769bb9be4c53d The package @zecho/baileys-mod was found to contain malicious code. Source: ghsa-malware...

5.8AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/03/26 12:52 a.m.4 views

Malicious code in jito-validator-sdk (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5744d7d3aef03ec852963ebeca1a6357db3aa7bc925bae6e85f173692fc12eb0 The package jito-validator-sdk was found to contain malicious code. Source: ghsa-malware...

5.8AI score
Exploits0References1
OSV
OSV
added 2026/03/26 12:42 a.m.5 views

MAL-2026-2222 Malicious code in chain-coremesh (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 53c78d25a9b5c960f74dda3653e6f237df054e60b0234511fa4e9fe3d650a00f The package chain-coremesh was found to contain malicious code. Source: ghsa-malware 7c22f3e9c994c2b163ca8dc9cfdd501768a8ed0163ccc7c9fde8160ace616303...

5.8AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/03/26 12:42 a.m.8 views

Malicious code in node-coremesh (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3c5a0cdd89bf30a4af39a8b084445dc8db5a9433149b2935e8c2ad63a3cef008 The package node-coremesh was found to contain malicious code. Source: ghsa-malware f8ed9a272c9d2d960b2ddae6ef1f7128ff576014f4d3c296ca2b6d74eaea4ceb...

5.8AI score
Exploits0References1
Snyk
Snyk
added 2026/03/26 12:42 a.m.5 views

Malicious Package

Overview node-coremesh is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.9AI score
Exploits0References2
OSV
OSV
added 2026/03/26 12:42 a.m.6 views

MAL-2026-2226 Malicious code in node-coremesh (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3c5a0cdd89bf30a4af39a8b084445dc8db5a9433149b2935e8c2ad63a3cef008 The package node-coremesh was found to contain malicious code. Source: ghsa-malware f8ed9a272c9d2d960b2ddae6ef1f7128ff576014f4d3c296ca2b6d74eaea4ceb...

5.8AI score
Exploits0References1
CVE
CVE
added 2026/03/26 12:34 a.m.12 views

CVE-2026-33285

CVE-2026-33285 concerns LiquidJS (template engine for Shopify/GitHub Pages). Vulnerability: memoryLimit protection can be bypassed by reverse range expressions (e.g., (100000000..1)), allowing unbounded memory allocation. When combined with string flattening operations (e.g., replace filter), thi...

7.5CVSS5.8AI score0.00398EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2026/03/26 12:34 a.m.6 views

CVE-2026-33285 LiquidJS: memoryLimit Bypass through Negative Range Values Leads to Process Crash

LiquidJS is a Shopify / GitHub Pages compatible template engine in pure JavaScript. Prior to version 10.25.1, LiquidJS's memoryLimit security mechanism can be completely bypassed by using reverse range expressions e.g., 100000000..1, allowing an attacker to allocate unlimited memory. Combined wit...

7.5CVSS5.9AI score0.00398EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2026/03/26 12:34 a.m.2 views

CVE-2026-33285 LiquidJS: memoryLimit Bypass through Negative Range Values Leads to Process Crash

LiquidJS is a Shopify / GitHub Pages compatible template engine in pure JavaScript. Prior to version 10.25.1, LiquidJS's memoryLimit security mechanism can be completely bypassed by using reverse range expressions e.g., 100000000..1, allowing an attacker to allocate unlimited memory. Combined wit...

7.5CVSS5.9AI score0.00398EPSS
Exploits1References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/03/26 12:33 a.m.5 views

Malicious code in @emilgroup/translation-sdk-node (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c57e1ecf29d7f74f2eaa6c7a75ff66ffc3ddc722a9076bcdc634c9798d578d84 The package @emilgroup/translation-sdk-node was found to contain malicious code. Source: google-open-source-security...

5.9AI score
Exploits0References3
OSV
OSV
added 2026/03/26 12:33 a.m.3 views

MAL-2026-2206 Malicious code in @emilgroup/process-manager-sdk (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9c387184509fe5ed2657f553bc35f51353adfe2f37b6b1a4817cec868cb653cf The package @emilgroup/process-manager-sdk was found to contain malicious code. Source: google-open-source-security...

5.9AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/03/26 12:33 a.m.8 views

Malicious code in @opengov/qa-record-types-api (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0be39ed161d642824f2ce1f8511e03759918909ba0218265174294129a172d01 The package @opengov/qa-record-types-api was found to contain malicious code. Source: google-open-source-security...

5.9AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/03/26 12:33 a.m.5 views

Malicious code in @emilgroup/setting-sdk (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 679e8996c56ffd334a5fd610afb087430e91e54ef7371e70ba8ce6170b3b9cf9 The package @emilgroup/setting-sdk was found to contain malicious code. Source: google-open-source-security...

5.9AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/03/26 12:33 a.m.9 views

Malicious code in @opengov/form-renderer (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f6c8cb05cb54fe0f2f81f0c9a5ff43f2c4a45ab0fa31bcc1d1cade080e731c3d The package @opengov/form-renderer was found to contain malicious code. Source: ghsa-malware...

5.9AI score
Exploits0References4
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/03/26 12:33 a.m.5 views

Malicious code in @emilgroup/partner-sdk (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6b0abde6a2a005b2c63f18e87169a3b47ddfe6fb943ad82a005e1d3d3a8e5887 The package @emilgroup/partner-sdk was found to contain malicious code. Source: google-open-source-security...

5.9AI score
Exploits0References3
OSV
OSV
added 2026/03/26 12:33 a.m.5 views

MAL-2026-2208 Malicious code in @emilgroup/setting-sdk (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 679e8996c56ffd334a5fd610afb087430e91e54ef7371e70ba8ce6170b3b9cf9 The package @emilgroup/setting-sdk was found to contain malicious code. Source: google-open-source-security...

5.9AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/03/26 12:33 a.m.5 views

Malicious code in @emilgroup/discount-sdk-node (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 98b66c2b21da822102c367293fd9acc95e864afb9bb8ddebcb3ac0d49ccf583e The package @emilgroup/discount-sdk-node was found to contain malicious code. Source: google-open-source-security...

5.9AI score
Exploits0References3
Snyk
Snyk
added 2026/03/26 12:33 a.m.3 views

Malicious Package

Overview cr-static-shared-components is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...

9.8CVSS5.9AI score
Exploits0References2
Snyk
Snyk
added 2026/03/26 12:31 a.m.2 views

Malicious Package

Overview @universeorg/dotenv is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.9AI score
Exploits0References2
CNNVD
CNNVD
added 2026/03/26 12:0 a.m.6 views

Drupal Unpublished Node Permissions 安全漏洞

Drupal Unpublished Node Permissions is an extension developed by Drupal Corporation that allows for controlling access to unpublished content. Versions of Drupal Unpublished Node Permissions prior to 1.7.0 contained security vulnerabilities; these vulnerabilities were due to improper authorizatio...

7.5CVSS5.8AI score0.00232EPSS
Exploits0References2
Rows per page
Query Builder