Lucene search
K

18 matches found

OSV
OSV
added 2026/06/25 6:43 a.m.10 views

MAL-2026-6445 Malicious code in base58-core (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 048a186e2e59bb0b7d9986c7099e527390e38690292bc49e237578a471c56680 The package advertises itself as a Base58 encoder/decoder but on require schedules a delayed payload that performs multiple installer-side attacks...

6AI score
Exploits0References13
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/12 7:33 a.m.10 views

Malicious code in trongapy (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0fa840452c4774ec07d74bbed23fbe1c848a2d83303df3f028e73af31045b495 The package's only public function, permprivatekey in trongapy/main.py, unconditionally POSTs the caller-supplied Tron private key as JSON to a...

5.3AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/24 1:45 a.m.15 views

Malicious code in data-pipeline-check (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 37ca0e77c4eda50057aa04c615897f067ee866d02fc1e2fe65cdbb263d3081e8 On import pipelinecheck, the package spawns a daemon thread that, after a random 3-15 second delay, walks /.ssh, /.aws, /.ethereum, /.config, /.docke...

5.9AI score
Exploits0References7
OSV
OSV
added 2026/05/24 1:45 a.m.13 views

MAL-2026-4273 Malicious code in git-config-sync (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8e49db03099f1d6053a9ebada346c3816399bc47918c92d765162128a095c401 On import gitconfigsync, the package's core.py spawns a daemon thread after a 3-15 second random delay that walks /.ssh, /.aws, /.ethereum, /.config,...

5.9AI score
Exploits0References7
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/14 6:45 p.m.11 views

Malicious code in tronpath (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 d9ca86850c4078f14665d6f5bafabc8d794a480a5d990c8a697bc2019869005d Package appears to be designed for private key exfiltration, but no known usage. The name appears to be related to the cryptocurrency TRX Tron / Tronix. Some...

5.8AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/04/03 7:5 p.m.7 views

Malicious code in strapi-plugin-nordica-vhost (npm)

strapi-plugin-nordica-vhost is a malicious npm package disguised as a Strapi CMS plugin. On install, it runs a postinstall script that executes an 11-phase attack: stealing .env files, environment variables, Strapi configuration, private keys, Redis data, Docker/Kubernetes secrets, and network...

6AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/04/03 5:26 p.m.9 views

Malicious code in strapi-plugin-form (npm)

strapi-plugin-form is a malicious npm package disguised as a Strapi CMS plugin. On install, it runs a postinstall script that executes an 11-phase attack: stealing .env files, environment variables, Strapi configuration, private keys, Redis data, Docker/Kubernetes secrets, and network topology. I...

6AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/03/31 8:37 p.m.9 views

Malicious code in latinum-wallet-mcp (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 afbe7d2a026f5fb11d3046e061ded50c350b420b146cd446fc0e009cb7190543 Starting version 0.0.32, the code automatically exfiltrates the private key together with other metrics during the buildmcpwalletserver call for the Solana...

5.8AI score
Exploits0References4
NVD
NVD
added 2026/03/09 4:16 p.m.7 views

CVE-2026-3588

A server-side request forgery SSRF vulnerability in IKEA Dirigera v2.866.4 allows an attacker to exfiltrate private keys by sending a crafted request...

7.5CVSS0.00108EPSS
Exploits0References1
CVE
CVE
added 2026/03/09 3:41 p.m.18 views

CVE-2026-3588

CVE-2026-3588 describes a server-side request forgery in IKEA Dirigera v2.866.4. An attacker can exfiltrate private keys by sending a crafted request to the affected server, indicating a potential compromise of sensitive credentials. The CVSS 3.1 base score is 7.5 (HIGH) with attack vector Adjace...

7.5CVSS5.8AI score0.00108EPSS
Exploits0References1Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/03/09 3:41 p.m.3 views

CVE-2026-3588

A server-side request forgery SSRF vulnerability in IKEA Dirigera v2.866.4 allows an attacker to exfiltrate private keys by sending a crafted request...

7.5CVSS5.8AI score0.00108EPSS
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/02/19 11:56 p.m.7 views

Malicious code in ethrpc (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 b1eff108aebd0c94cd1b2c9dd2321060f61236e0dbf655c62f729169dcd5d5b3 The malicious code is in the ethrpc-keys package, which is a clone of legitimate eth-keys, but contains a modification that silently exfiltrates the user's...

5.6AI score
Exploits0References1
OSV
OSV
added 2025/11/02 4:51 p.m.2 views

MAL-2025-191756 Malicious code in hexdecimal (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 c76fe38c65db757a8e7f52d36acea2c85ea223e1342e513c0eb2115b19da7bcb Package appears to be designed for private key exfiltration, but no known usage. The name appears to be related to the cryptocurrency TRX Tron / Tronix. Some...

6.8AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/08/10 2:59 p.m.4 views

Malicious code in tronapihelper (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 8668b25d81460ff9ac1973c8f9ad6e6092350a4a08d6a4b5ba1fc827a553dc38 Package is prepared to exfiltrate private keys, most probably for Tron cryptocurrency. There is no other purpose of the package --- Category: MALICIOUS - The...

7AI score
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 11:55 p.m.8 views

CVE-2022-23655

Octobercms is a self-hosted CMS platform based on the Laravel PHP Framework. Affected versions of OctoberCMS did not validate gateway server signatures. As a result non-authoritative gateway servers may be used to exfiltrate user private keys. Users are advised to upgrade their installations to...

5.3CVSS6.8AI score0.00634EPSS
Exploits0References1
OSV
OSV
added 2024/12/04 3:20 p.m.6 views

CVE-2024-54134 @solana/web3.js modified package published to npm, containing malware that exfiltrates private key material

A publish-access account was compromised for @solana/web3.js, a JavaScript library that is commonly used by Solana dapps. This allowed an attacker to publish unauthorized and malicious packages that were modified, allowing them to steal private key material and drain funds from dapps, like bots,...

8.3CVSS6.7AI score0.00431EPSS
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2024/10/16 5:36 p.m.4 views

Malicious code in ethers-web3 (npm)

The package contains additional code to append a hardcoded SSH key to the user's authorizedkeys file, creating a backoor, along with exfiltrating user private keys to an attack-controlled server...

7.2AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2024/10/16 5:36 p.m.4 views

Malicious code in ethers-6 (npm)

The package contains additional code to exfiltrate user private keys to an attack-controlled server...

7.2AI score
Exploits0
Rows per page
Query Builder