Lucene search
K

1938 matches found

Nuclei
Nuclei
added 2 days ago49 views

XWiki < 4.10.15 - Email Disclosure

The Solr-based search in XWiki discloses the email addresses of users even when obfuscation of email addresses is enabled. To demonstrate the vulnerability, search for objcontent:email using XWiki's regular search interface. id: CVE-2023-50720 info: name: XWiki 4.10.15 - Email Disclosure author:...

5.3CVSS6.1AI score0.59119EPSS
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 3 days ago6 views

Malicious code in jsonschemavalidation (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector eae82aa94c358f1f00f8a12e8b583cee82efdcf09d2f80263e6851ac0fec98f3 The PyPI project jsonschemavalidation builds a wheel whose installed top-level package is literally jsonschema tool.hatch.build.targets.wheel package...

6.1AI score
Exploits0References2
OSV
OSV
added 3 days ago5 views

MAL-2026-6929 Malicious code in paysafe-sdk (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 ae864f77805fa7e1facccf45d1af67d37603c5a085f55d733d9d3eb8cf4d26c8 When using a provided class, the code exfiltrates basic data and parts of sensitive env variables to a remote host. --- Category: MALICIOUS - The campaign has...

6.1AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 3 days ago7 views

Malicious code in paysafe-sdk (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 12ef2b75345902c9fe851d85e09c4b6680a3685669ab4dcd8b827ebaebb46626 Package metadata claims to be the 'Official Paysafe SDK for Python' by 'Paysafe Developer Team', but the shipped module is a stealer disguised as a...

6.1AI score
Exploits0References3
OSV
OSV
added 3 days ago5 views

MAL-2026-6928 Malicious code in paysafe-payments (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 cc8e13806589e7fbb3dbe284624b88d6de8c030f32c04c20f8c76af059f33515 When using a provided class, the code exfiltrates basic data and parts of sensitive env variables to a remote host. --- Category: MALICIOUS - The campaign has...

6.1AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 3 days ago7 views

Malicious code in paysafe-payments (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7e2b7f287703755dab866acf1047a148e321d06a84353238936eaba58b6e7fda Package impersonates the Paysafe payments SDK metadata claims 'Paysafe Developer Team', 'Paysafe Payments processing library' but its advertised...

6.1AI score
Exploits0References3
OSV
OSV
added 3 days ago5 views

MAL-2026-6927 Malicious code in paysafe-kyc (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 7089650efc5360b819e8831801bcedf6489945f5b563729e99f036461bd59092 When using a provided class, the code exfiltrates basic data and parts of sensitive env variables to a remote host. --- Category: MALICIOUS - The campaign has...

6.1AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 3 days ago6 views

Malicious code in paysafe-kyc (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8c619e500f8070a5525694f42547c0b73e8189965f8816f1a124190f50bed6f5 The paysafe-kyc package impersonates a legitimate Paysafe KYC/payments SDK author string 'Paysafe Developer Team', base URL https://api.paysafe.com,...

6.1AI score
Exploits0References3
OSV
OSV
added 3 days ago6 views

MAL-2026-6926 Malicious code in paysafe-api (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 caf46df1f47845e37bbc00d4e8f160dcf057b67aee189c7e7919f32d662f2915 When using a provided class, the code exfiltrates basic data and parts of sensitive env variables to a remote host. --- Category: MALICIOUS - The campaign has...

6.1AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 3 days ago6 views

Malicious code in paysafe-api (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9d9cc9039ffa3e8cadc8a24b0ccd83bcc8eca2fe88e25f35b2022cc1957220fb paysafe-api impersonates the Paysafe payments provider package name, description, author 'Paysafe Developer Team', and use of api.paysafe.com /...

6.1AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added last week5 views

Malicious code in schemavault (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4ae0aa9efa2a8389cfe9d5c41d5ab3689f4965c945a24613493f94f9de033ab1 schemavault 4.1.0 is presented as a schema-validation library but ships capabilities and data that have no relationship to schema validation...

6.2AI score
Exploits0References4
OSSF Malicious Packages
OSSF Malicious Packages
added last week6 views

Malicious code in confighub (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 805d9b5848999d2ba85368446cb12d90bf350b8201a78dd475079c04f180dd81 confighub 7.0.1 declares installrequires='procwire' and imports procwire at package load in init.py under a version gate that silently swallows...

6.1AI score
Exploits0References4
OSV
OSV
added last week10 views

MAL-2026-6748 Malicious code in haproxy-config-client (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 f70d07844bca4fadfcedb195f5768c8a95318af4d62a4bcec94556b99b72c4ad During installation the obfuscated code downloads a malicious executable from a remote location. Code is designed to survive different blocks: first, there is ...

6.2AI score
Exploits0References2
Krebs on Security
Krebs on Security
added 2026/07/02 7:27 p.m.14 views

FBI Seizes NetNut Proxy Platform, Popa Botnet

The Federal Bureau of Investigation FBI said today it worked with industry partners to seize hundreds of domains associated with NetNut , a sprawling residential proxy service operated by the publicly-traded Israeli company Alarum TechnologiesNASDAQ: ALAR. The action comes roughly two weeks after...

5.9AI score
Exploits0
EUVD
EUVD
added 2026/06/30 4:15 p.m.8 views

EUVD-2022-52713

RabbitMQ has predictable credential obfuscation seed value used in Shovel and Federation plugins...

7.5CVSS7.1AI score0.00307EPSS
Exploits0References4
OSV
OSV
added 2026/06/27 8:52 p.m.11 views

MAL-2026-6549 Malicious code in discord-token-generator (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ebd016cfcb52b59c0141268099b96c1336a15ca1d0afce46f367c7fe376f57de discordtokengenerator/init.py imports tokens.py, which instantiates TokenManager at module load. The constructor calls notin, which concatenates eigh...

5.9AI score
Exploits0References6
OSV
OSV
added 2026/06/26 9:23 a.m.5 views

MAL-2026-6515 Malicious code in sqligen (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector de59ac5884f286d69e42a71ba0cb7b99aa06d2b1f0e28a279a84d3db86eb3196 setup.py contains an obfuscated install-time dropper that fires on Windows. Two functions with diagnostic-sounding names 'GetDefaultSystemPolicy' /...

6.5AI score
Exploits0References7
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/26 9:23 a.m.8 views

Malicious code in sqligen (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector de59ac5884f286d69e42a71ba0cb7b99aa06d2b1f0e28a279a84d3db86eb3196 setup.py contains an obfuscated install-time dropper that fires on Windows. Two functions with diagnostic-sounding names 'GetDefaultSystemPolicy' /...

6.5AI score
Exploits0References13
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/23 2:12 p.m.7 views

Malicious code in @outmarket/utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2cd90f0d706cda01a5740f120f6e8d22ae57d907a5000854439c201b3c53a8c0 package.json declares a postinstall lifecycle script that fires automatically on npm install. The inline node -e payload uses hex-encoded property...

5.9AI score
Exploits0References3
OSV
OSV
added 2026/06/20 11:24 p.m.18 views

MAL-2026-6247 Malicious code in requests-enhancer (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a0f61f1a905e0ec1bb593f7b20d4f9a8a9e72deeb16440f72acbcaf00aeab1cd On import requestsenhancer, the package's init.py spawns a daemon thread that runs pip install...

6.7AI score
Exploits0References5
Rows per page
Query Builder