Lucene search
K

3365 matches found

ATTACKERKB
ATTACKERKB
added 2026/03/31 1:28 p.m.1 views

CVE-2026-34155

RAUC controls the update process on embedded Linux systems. Prior to version 1.15.2, RAUC bundles using the 'plain' format exceeding a payload size of 2 GiB cause an integer overflow which results in a signature which covers only the first few bytes of the payload. Given such a bundle with a...

7.2CVSS5.8AI score0.00141EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2026/03/31 1:28 p.m.5 views

CVE-2026-34155 RAUC: Improper Signing of Plain Bundles Exceeding 2 GiB

RAUC controls the update process on embedded Linux systems. Prior to version 1.15.2, RAUC bundles using the 'plain' format exceeding a payload size of 2 GiB cause an integer overflow which results in a signature which covers only the first few bytes of the payload. Given such a bundle with a...

7.2CVSS5.8AI score0.00141EPSS
Exploits0References5
Debian CVE
Debian CVE
added 2026/03/31 1:28 p.m.4 views

CVE-2026-34155

RAUC controls the update process on embedded Linux systems. Prior to version 1.15.2, RAUC bundles using the 'plain' format exceeding a payload size of 2 GiB cause an integer overflow which results in a signature which covers only the first few bytes of the payload. Given such a bundle with a...

7.2CVSS5.4AI score0.00141EPSS
Exploits0
Snyk
Snyk
added 2026/03/31 6:1 a.m.5 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a cross-platform remote access trojan by injecting a hidden dependency named plain-crypto-js. RAT Behavior The injected plain-crypto-js dependency automatically executes an obfuscated postinstall...

9.8CVSS5.9AI score
Exploits0References2
Snyk
Snyk
added 2026/03/31 6:1 a.m.7 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a cross-platform remote access trojan by injecting a hidden dependency named plain-crypto-js. RAT Behavior The injected plain-crypto-js dependency automatically executes an obfuscated postinstall...

9.8CVSS5.9AI score
Exploits0References2
Snyk
Snyk
added 2026/03/31 3:25 a.m.4 views

Malicious Package

Overview plain-crypto-js is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and the author of this...

9.8CVSS5.8AI score
Exploits0References2
OSV
OSV
added 2026/03/31 3:15 a.m.5 views

MAL-2026-2307 Malicious code in axios (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 503284900929e333b801f9f47419a2b4c21e4022d13a03fc14e4b5390767a51d The package axios was found to contain malicious code. Source: ghsa-malware bcd851213ecf0f8dc58fe88d79b3d19a59388272b2426097de7edc4c53df5d9e Any...

5.9AI score
Exploits0References3
Snyk
Snyk
added 2026/03/31 3:15 a.m.12 views

Embedded Malicious Code

Overview axios is a promise-based HTTP client for the browser and Node.js. Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a cross-platform remote access trojan RAT and whose content was removed from the official package manager. A malicious actor...

9.8CVSS6AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/03/31 2:7 a.m.20 views

Malicious code in plain-crypto-js (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f18d90df82216aedaaeca02607816457cfe0df4bc89bf292a4d7f3549e912d8c The package plain-crypto-js was found to contain malicious code. Source: ghsa-malware 4dfdc3dd18fb6fe824f34c663d26a2f7225e65a4b858a6f3ed6620a7a725c86...

5.9AI score
Exploits0References3
OSV
OSV
added 2026/03/31 2:7 a.m.11 views

MAL-2026-2306 Malicious code in plain-crypto-js (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f18d90df82216aedaaeca02607816457cfe0df4bc89bf292a4d7f3549e912d8c The package plain-crypto-js was found to contain malicious code. Source: ghsa-malware 4dfdc3dd18fb6fe824f34c663d26a2f7225e65a4b858a6f3ed6620a7a725c86...

5.9AI score
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/03/31 12:0 a.m.6 views

PT-2026-29250

RAUC controls the update process on embedded Linux systems. Prior to version 1.15.2, RAUC bundles using the 'plain' format exceeding a payload size of 2 GiB cause an integer overflow which results in a signature which covers only the first few bytes of the payload. Given such a bundle with a...

7.2CVSS5.8AI score0.00141EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/03/31 12:0 a.m.15 views

Node.js Module plain-crypto-js 4.2.1 installed

The package was confirmed by Socket as malicious and should be removed from the system. The malicious package deploys a multi-stage payload, including a remote access trojan RAT capable of executing arbitrary commands, exfiltrating system data, and persisting on infected machines. Note that Nessu...

6AI score
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/03/31 12:0 a.m.13 views

Node.js Module axios 0.30.4 / 1.14.1 Supply Chain Vulnerability

The version of the axios Node.js module installed on the remote host is 0.30.4 or 1.14.1. It is, therefore, affected by a supply chain vulnerability where a supply chain attack targeting the widely used HTTP client Axios has introduced a malicious dependency into specific npm releases, including...

6.1AI score
Exploits0References1
Snyk
Snyk
added 2026/03/29 3:16 p.m.4 views

Time-of-check Time-of-use (TOCTOU) Race Condition

Overview org.webjars.npm:handlebars is an extension to the Mustache templating language. Affected versions of this package are vulnerable to Time-of-check Time-of-use TOCTOU Race Condition in the lookup function. An attacker can access properties that should be restricted by bypassing...

6.3CVSS5.5AI score
Exploits0References2
Snyk
Snyk
added 2026/03/29 3:16 p.m.11 views

Time-of-check Time-of-use (TOCTOU) Race Condition

Overview handlebars is an extension to the Mustache templating language. Affected versions of this package are vulnerable to Time-of-check Time-of-use TOCTOU Race Condition in the lookup function. An attacker can access properties that should be restricted by bypassing prototype-access controls...

6.3CVSS5.5AI score
Exploits0References2
CNNVD
CNNVD
added 2026/03/27 12:0 a.m.10 views

WWBN AVideo 安全漏洞

WWBN AVideo is a video platform building system written in PHP, developed by the WWBN team. Versions of WWBN AVideo prior to version 26 contain security vulnerabilities. These vulnerabilities stem from the fact that video passwords are stored in the database as plain text, which may lead to the...

9.1CVSS5.8AI score0.00152EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2026/03/27 12:0 a.m.5 views

IBM InfoSphere 11.7.0.x <= 11.7.1.6 Multiple Vulnerabilities

The version of IBM InfoSphere Information Server installed on the remote host is 11.7.0.0 through 11.7.1.6. It is, therefore, affected by multiple vulnerabilities, including: - IBM InfoSphere Information Server stores user credentials and other sensitive information in plain text which can be rea...

7.5CVSS5.9AI score0.00327EPSS
Exploits0References28
RedhatCVE
RedhatCVE
added 2026/03/26 11:3 p.m.5 views

CVE-2025-36258

IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 product stores user credentials and other sensitive information in plain text which can be read by a local user...

7.1CVSS5.8AI score0.00155EPSS
Exploits0References1
Slackware Linux
Slackware Linux
added 2026/03/26 12:0 a.m.9 views

[slackware-security] tigervnc

New tigervnc packages are available for Slackware 15.0 and -current to fix security issues. Here are the details from the Slackware 15.0 ChangeLog: extra/tigervnc/tigervnc-1.16.1-i586-1slack15.0.txz: Upgraded. The bug fix release TigerVNC 1.16.1 is now available. This release is primarily a...

5.8AI score
Exploits0
EUVD
EUVD
added 2026/03/25 9:30 p.m.8 views

EUVD-2025-209023

IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 product stores user credentials and other sensitive information in plain text which can be read by a local user...

7.1CVSS5.8AI score0.00155EPSS
Exploits0References2
Rows per page
Query Builder