Lucene search
+L

360 matches found

Snyk
Snyk
added 2025/10/07 12:16 a.m.2 views

Malicious Package

Overview pc-analytics-promotion-creation-core is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization a...

9.8CVSS6.8AI score
Exploits0References2
Packet Storm News
Packet Storm News
added 2025/10/06 12:0 a.m.6 views

Why Software Signing (Still) Matters: Trust Boundaries in the Software Supply Chain

Software signing provides a formal mechanism for provenance by ensuring artifact integrity and verifying producer identity. It also imposes tooling and operational costs to implement in practice. In an era of centralized registries such as PyPI, npm, Maven Central, and Hugging Face, it is...

6.8AI score
Exploits0
EUVD
EUVD
added 2025/10/03 8:7 p.m.8 views

EUVD-2023-1882

Malicious code in bioql PyPI...

6.5CVSS6.5AI score0.00485EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2025-29227

Malicious code in bioql PyPI...

8.8CVSS6.3AI score0.00378EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2025-29229

Malicious code in bioql PyPI...

8.8CVSS6.3AI score0.00378EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2022-43161

Malicious code in bioql PyPI...

6.5CVSS6.4AI score0.00725EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.10 views

EUVD-2023-1763

Malicious code in bioql PyPI...

5.7CVSS5.7AI score0.00506EPSS
Exploits0References5
Fedora
Fedora
added 2025/10/01 2:45 p.m.7 views

[SECURITY] Fedora 42 Update: skopeo-1.20.0-3.fc42

Command line utility to inspect images and repositories directly on Docker registries without the need to pull them...

6.5CVSS7.1AI score0.00489EPSS
Exploits1
OSV
OSV
added 2025/09/15 11:58 p.m.77 views

GHSA-FRH7-2F84-V9MW [email protected] contains malware after npm account takeover

Impact On 8 September 2025, an npm publishing account for is-arrayish was taken over after a phishing attack. Version 0.3.3 was published, functionally identical to the previous patch version, but with a malware payload added attempting to redirect cryptocurrency transactions to the attacker's ow...

8.8CVSS6.7AI score0.00378EPSS
Exploits0References7
OSV
OSV
added 2025/09/15 11:58 p.m.3 views

GHSA-6JP5-HH4C-8C5H [email protected] contains malware after npm account takeover

Impact On 8 September 2025, an npm publishing account for error-ex was taken over after a phishing attack. Version 1.3.3 was published, functionally identical to the previous patch version, but with a malware payload added attempting to redirect cryptocurrency transactions to the attacker's own...

8.8CVSS6.7AI score0.00378EPSS
Exploits0References7
Github Security Blog
Github Security Blog
added 2025/09/15 11:32 p.m.12 views

[email protected] contains malware after npm account takeover

Impact On 8 September 2025, the npm publishing account for color-convert was taken over after a phishing attack. Version 3.1.1 was published, functionally identical to the previous patch version, but with a malware payload added attempting to redirect cryptocurrency transactions to the attacker's...

8.8CVSS6.6AI score0.00378EPSS
Exploits0References7Affected Software1
OSV
OSV
added 2025/09/15 9:23 p.m.6 views

GHSA-286P-VC9P-P5QV [email protected] contains malware after npm account takeover

Impact On 8 September 2025, the npm publishing account for color-string was taken over after a phishing attack. Version 2.1.1 was published, functionally identical to the previous patch version, but with a malware payload added attempting to redirect cryptocurrency transactions to the attacker's...

8.8CVSS6.7AI score0.00378EPSS
Exploits0References7
Vulnrichment
Vulnrichment
added 2025/09/15 8:32 p.m.1 views

CVE-2025-59145 [email protected] contains malware after npm account takeover

color-name is a JSON with CSS color names. On 8 September 2025, an npm publishing account for color-name was taken over after a phishing attack. Version 2.0.1 was published, functionally identical to the previous patch version, but with a malware payload added attempting to redirect cryptocurrenc...

8.8CVSS6.3AI score0.00473EPSS
Exploits0References5
NVD
NVD
added 2025/09/15 8:15 p.m.8 views

CVE-2025-59162

color-convert provides plain color conversion functions in JavaScript. On 8 September 2025, the npm publishing account for color-convert was taken over after a phishing attack. Version 3.1.1 was published, functionally identical to the previous patch version, but with a malware payload added...

8.8CVSS0.00378EPSS
Exploits0References5
CVE
CVE
added 2025/09/15 7:19 p.m.23 views

CVE-2025-59330

The CVE-2025-59330 entry concerns the npm package error-ex . A phishing-driven takeover of its publishing account led to version 1.3.3 containing a malware payload that attempts to redirect cryptocurrency transactions from browser environments (e.g., MetaMask) to attacker addresses. Local/server/...

8.8CVSS6.5AI score0.00378EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2025/09/15 7:16 p.m.2 views

CVE-2025-59162 [email protected] contains malware after npm account takeover

color-convert provides plain color conversion functions in JavaScript. On 8 September 2025, the npm publishing account for color-convert was taken over after a phishing attack. Version 3.1.1 was published, functionally identical to the previous patch version, but with a malware payload added...

8.8CVSS6.5AI score0.00378EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2025/09/15 7:10 p.m.2 views

CVE-2025-59143 [email protected] contains malware after npm account takeover

color is a Javascript color conversion and manipulation library. On 8 September 2025, the npm publishing account for color was taken over after a phishing attack. Version 5.0.1 was published, functionally identical to the previous patch version, but with a malware payload added attempting to...

8.8CVSS6.5AI score0.00378EPSS
Exploits0References5
CVE
CVE
added 2025/09/15 7:10 p.m.26 views

CVE-2025-59143

Summary (CVE-2025-59143) : The issue affects the npm package color ([email protected]). An account takeover via phishing allowed an attacker to publish a malicious patch that inserts a payload in the browser context to redirect cryptocurrency transactions to attacker-owned addresses (e.g., wallets like...

8.8CVSS6.5AI score0.00378EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2025/09/15 7:9 p.m.1 views

CVE-2025-59141 [email protected] contains malware after npm account takeover

simple-swizzle swizzles function arguments. On 8 September 2025, the npm publishing account for simple-swizzle was taken over after a phishing attack. Version 0.2.3 was published, functionally identical to the previous patch version, but with a malware payload added attempting to redirect...

8.8CVSS6.5AI score0.00378EPSS
Exploits0References5
CVE
CVE
added 2025/09/15 7:9 p.m.22 views

CVE-2025-59141

CVE-2025-59141 concerns the Node.js package simple-swizzle. An account takeover via phishing led to a malicious 0.2.3 release that, when used in browser contexts (e.g., direct script tags or bundlers), attempts to redirect cryptocurrency transactions to attacker-controlled addresses. Local/server...

8.8CVSS6.5AI score0.00378EPSS
Exploits0References5
Rows per page
Query Builder