Lucene search
K

189 matches found

OSSF Malicious Packages
OSSF Malicious Packages
added 4 days ago6 views

Malicious code in type-async (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d064750b4e3821d296d538ea749483e3f9cd54299645fc1c895e5c1af3639b5d The package presents itself as pino typosquat; README mirrors pino. The main entry index.js exports a middleware factory that, on invocation, spawns...

6.5AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 6 days ago8 views

Malicious code in chai-redirection (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 38236fbbdbbaa8f8ed9315c3a4ff01fbf049215896036b1cb68611681fe0eb00 chai-redirection presents itself as a chai assertion plugin but its main entry index.js unconditionally spawns a detached Node child process running...

6.2AI score
Exploits0References4
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/12 7:43 a.m.14 views

Malicious code in pirxcypackage (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5de481a31a831804a096bf6cf87157c0b0ee158aa7306c95080447764f9f7540 PirxcyPackage/init.py fetches https://pastebin.com/raw/91tFF63S and passes the response body to exec on every import. This is a textbook...

5.9AI score
Exploits0References1
OSV
OSV
added 2026/05/12 7:43 a.m.7 views

MAL-2026-3695 Malicious code in pirxcypackage (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5de481a31a831804a096bf6cf87157c0b0ee158aa7306c95080447764f9f7540 PirxcyPackage/init.py fetches https://pastebin.com/raw/91tFF63S and passes the response body to exec on every import. This is a textbook...

5.9AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/03/03 11:29 p.m.8 views

Malicious code in dakhara (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 f530f4be41fa64a7275884280c22fb98a85accb8ef50538cd7677a109bfe3e29 Running the package automatically starts a Telegram bot waiting to execute remote commands. The bot credentials are dynamically collected from the pastebin. --...

6.1AI score
Exploits0References1
OSV
OSV
added 2026/03/03 11:29 p.m.5 views

MAL-2026-1235 Malicious code in dakhara (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 f530f4be41fa64a7275884280c22fb98a85accb8ef50538cd7677a109bfe3e29 Running the package automatically starts a Telegram bot waiting to execute remote commands. The bot credentials are dynamically collected from the pastebin. --...

6.1AI score
Exploits0References1
The Hacker News
The Hacker News
added 2026/03/02 8:44 a.m.7 views

North Korean Hackers Publish 26 npm Packages Hiding Pastebin C2 for Cross-Platform RAT

Cybersecurity researchers have disclosed a new iteration of the ongoing Contagious Interview campaign, where the North Korean threat actors have published a set of 26 malicious packages to the npm registry. The packages masquerade as developer tools, but contain functionality to extract the actua...

6.2AI score
Exploits0
The Hacker News
The Hacker News
added 2025/11/14 6:25 p.m.8 views

North Korean Hackers Turn JSON Services into Covert Malware Delivery Channels

The North Korean threat actors behind the Contagious Interview campaign have once again tweaked their tactics by using JSON storage services to stage malicious payloads. "The threat actors have recently resorted to utilizing JSON storage services like JSON Keeper, JSONsilo, and npoint.io to host...

6.7AI score
Exploits0
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2012-3793

Malware in sbrugna...

4.3CVSS6.4AI score0.01161EPSS
Exploits0References6
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2018-0398

Malware in sbrugna...

7.3CVSS7.6AI score0.00749EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2025-3523

Malicious code in bioql PyPI...

6.5CVSS8.7AI score0.00357EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 11:38 a.m.6 views

CVE-2025-23908

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Rami Yushuvaev Pastebin pastebin-embed allows Stored XSS.This issue affects Pastebin: from n/a through = 1.5...

6.5CVSS7.2AI score0.00357EPSS
Exploits0References1
NVD
NVD
added 2025/01/16 9:15 p.m.19 views

CVE-2025-23908

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Rami Yushuvaev Pastebin pastebin-embed allows Stored XSS.This issue affects Pastebin: from n/a through = 1.5...

6.5CVSS0.00357EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/01/16 8:7 p.m.7 views

CVE-2025-23908 WordPress Pastebin plugin <= 1.5 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Rami Yushuvaev Pastebin pastebin-embed allows Stored XSS.This issue affects Pastebin: from n/a through = 1.5...

6.5CVSS7.2AI score0.00357EPSS
Exploits0References1
CVE
CVE
added 2025/01/16 8:7 p.m.54 views

CVE-2025-23908

CVE-2025-23908 is a concrete stored XSS vulnerability in the Pastebin WordPress plugin (pastebin-embed) prior to or up to version 1.5. The issue stems from improper input neutralization during web page generation. Affected product is the Pastebin WordPress plugin; no exploitation details or in‑th...

6.5CVSS7.2AI score0.00357EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/01/16 8:7 p.m.24 views

CVE-2025-23908 WordPress Pastebin plugin <= 1.5 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Rami Yushuvaev Pastebin pastebin-embed allows Stored XSS.This issue affects Pastebin: from n/a through = 1.5...

6.5CVSS0.00357EPSS
Exploits0References1
Patchstack
Patchstack
added 2025/01/16 6:42 p.m.3 views

WordPress Pastebin plugin <= 1.5 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by SOPROBRO in WordPress Plugin Pastebin versions = 1.5...

6.5CVSS6.1AI score0.00357EPSS
Exploits0Affected Software1
Positive Technologies
Positive Technologies
added 2025/01/16 12:0 a.m.3 views

PT-2025-5187 · Pastebin · Pastebin

Name of the Vulnerable Software and Affected Versions: Pastebin versions n/a through 1.5 Description: The issue is related to improper neutralization of input during web page generation, also known as 'Cross-site Scripting', which allows Stored XSS. This means that an attacker can inject maliciou...

6.5CVSS9.1AI score0.00357EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/01/16 12:0 a.m.3 views

WordPress plugin Pastebin 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

6.5CVSS7.6AI score0.00357EPSS
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2024/11/26 3:11 a.m.5 views

Malicious code in hacker_for_pastebin (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b86d3e7dd7e4513b7ffc80616aa25c0330b91d9af1cedcb8e8943ed7b12e364c Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.9AI score
Exploits0References3
Rows per page
Query Builder