CVE-2026-33467

Elastic Package Registry is affected by CVE-2026-33467 due to improper verification of cryptographic signatures (CWE-347), enabling package integrity bypass for self-hosted deployments that sync from upstream. Affected versions: all up to and including 1.37.0. The issue can be exploited if an att...

Malicious Package

Overview pulse-rsvp-card-entity is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this packag...

Malicious Package

Overview @yaoii-bails/libsignal-node is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...

Malicious Package

Overview @coinmetro/app is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

cosign 信任管理问题漏洞

Cosign is a container signature, verification, and storage mechanism in the OCI registry of the United States. Versions of Cosign prior to 3.0.4 contained a trust management vulnerability. This vulnerability stemmed from issues with the certificate verification logic, potentially causing the...

Malicious Package

Overview @peterwilson12091/internal-json-test-parser is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that...

EUVD-2025-68575

Malicious code in patria-empal37-ruro npm...

EUVD-2025-87179

Malicious code in andi-martabak99-miaww npm...

EUVD-2002-0064

Malware in sbrugna...

EUVD-2005-4584

Malware in sbrugna...

EUVD-2022-4077

Malicious code in bioql PyPI...

EUVD-2023-1916

Malicious code in bioql PyPI...

Malicious Package

Overview vite-jsconfig is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

Malicious code in lemputes (npm)

The package lemputes was found to contain malicious code...

CVE-2018-0898

creationtimestamp| type| source ---|---|--- 2025-05-23 05:00:00+00:00| seen| https://projectzero.google/2025/05/the-windows-registry-adventure-7-attack-surface.html 2025-05-23 07:05:54+00:00| seen| https://googleprojectzero.blogspot.com/2025/05/the-windows-registry-adventure-7-attack-surface.html...

CVE-2020-9482

If NiFi Registry 0.1.0 to 0.5.0 uses an authentication mechanism other than PKI, when the user clicks Log Out, NiFi Registry invalidates the authentication token on the client side but not on the server side. This permits the user's client-side token to be used for up to 12 hours after logging ou...

Oracle VirtualBox Security Update (Apr 2025) - Windows

Oracle VirtualBox is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:oracle:vmvirtualbox";...

Windows Registry Security Descriptor Utility

Read or write a Windows registry security descriptor remotely. In READ mode, the FILE option can be set to specify where the security descriptor should be written to. The following format is used: key: securityinfo: sd: In WRITE mode, the FILE option can be used to specify the information needed ...

CVE-2023-28293

creationtimestamp| type| source ---|---|--- 2024-04-18 16:45:00+00:00| seen| https://googleprojectzero.blogspot.com/2024/04/the-windows-registry-adventure-1.html 2025-01-15 00:14:12+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/1653 2025-05-23 05:00:00+00:00| seen|...

CVE-2023-36403

creationtimestamp| type| source ---|---|--- 2024-04-18 16:45:00+00:00| seen| https://googleprojectzero.blogspot.com/2024/04/the-windows-registry-adventure-1.html...