Lucene search
K

1130 matches found

OSV
OSV
added 9 hours ago2 views

MAL-2026-10665 Malicious code in @fhkry/x-baileys (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector db9f6c3e5c391d9d3ffeb7f6c1b4154b0266efeb73bdf5543ad81f50236bdabc This package presents itself as a fork of @whiskeysockets/baileys impersonating the original author 'Adhiraj Singh' in package.json and exposing the...

6.1AI score
Exploits0References9
Nuclei
Nuclei
added 11 hours ago104 views

Jeecg-boot 3.5.0 qurestSql - SQL Injection

A vulnerability classified as critical has been found in jeecg-boot 3.5.0. This affects an unknown part of the file jmreport/qurestSql. The manipulation of the argument apiSelectId leads to sql injection. It is possible to initiate the attack remotely. id: CVE-2023-1454 info: name: Jeecg-boot 3.5...

9.8CVSS6.5AI score0.35825EPSS
Exploits3References5
OSSF Malicious Packages
OSSF Malicious Packages
added yesterday3 views

Malicious code in install-skia (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b665b508eeae9e0e619ed7b68e3a43248cd81d67d40a0516bbd62981ddb2359f The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...

6.1AI score
Exploits0References2
Nuclei
Nuclei
added yesterday39 views

PaperCut NG - Authentication Bypass

This vulnerability allows remote attackers to bypass authentication on affected installations of PaperCut NG 22.0.5 Build 63914. Authentication is not required to exploit this vulnerability. The specific flaw exists within the SecurityRequestFilter class. The issue results from improper...

8.2CVSS7.1AI score0.77388EPSS
Exploits2References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2 days ago5 views

Malicious code in testdonotredeemit (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b9f9461b13f64b90e569dcc6354708559128c23f4e47e4ac5842b46ce0fb6ed2 The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...

6.1AI score
Exploits0References4
OSSF Malicious Packages
OSSF Malicious Packages
added 2 days ago4 views

Malicious code in nottuff1 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5133eecd8c40ac8e4617b364ea9710a03f88e60f8e2d1252a8ee539282da29e1 The tarball ships auto-publish.sh, a script that republishes the same payload under 100 distinct npm names ishowfeet1-ishowfeet20, nottuff1-nottuff30...

6.2AI score
Exploits0References4
ATTACKERKB
ATTACKERKB
added 5 days ago7 views

CVE-2026-15330

A vulnerability was determined in zhayujie CowAgent up to 2.1.1. Impacted is the function buildimagecontent/downloadtodataurl of the file agent/tools/vision/vision.py of the component Vision Tool. Executing a manipulation of the argument image can lead to server-side request forgery. The attack c...

7.5CVSS6.6AI score0.00352EPSS
Exploits0References9Affected Software1
CVE
CVE
added 2026/06/29 5:15 a.m.19 views

CVE-2026-13538

The CVE concerns Wavlink WL-NU516U1-A (M16U1_V240425) with a vulnerability in /cgi-bin/wireless.cgi, function sub_401D68, within the POST Parameter Handler. Manipulating arguments SSID2G2/SSID5G2/AuthMethod2/WPAPSK12 leads to command injection. Remote exploitation is possible, and an exploit has ...

6.5CVSS6.4AI score0.01306EPSS
Exploits0References10
OSV
OSV
added 2026/06/23 3:38 p.m.10 views

MAL-2026-6336 Malicious code in sync-external (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector dc297a0deaba794fdbfccc280a79c7cc895f21fc4e0122b1fba1bc4759b66c3f The package ships an obfuscated JavaScript file at shim/index.js using hex-style identifier mangling 0x391f3f, 0x3eff0a, 0x534564, etc. characteristi...

5.8AI score
Exploits0References4
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/23 12:5 p.m.9 views

Malicious code in local-ip-helper (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5741cea5f57c51246c2944fda4ecf601f191b482e5c6effa22b640f8701a00e8 index.js imports childprocess and calls execSync with bash and zsh lines 301 and 317. Without further context, it is unclear whether these invocation...

6AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/19 8:28 a.m.10 views

Malicious code in ts-ecro-helper (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 86149b041033a917b3b743b9381a14368e79015385b27b89429cf7f6a35d0d30 No suspicious behaviors were identified in this package version. There are no lifecycle hook hazards, no outbound network calls to attacker-controlle...

5.9AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/18 3:18 p.m.13 views

Malicious code in parket-helper (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 31d62a38af75a45a91e590e0cffe4f58e900fe726b4323af1e481118d146277c index.js imports childprocess and invokes execSync with bash and zsh shells lines 315 and 331. Without traced reachability, it is not established...

5.9AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/17 11:50 a.m.11 views

Malicious code in @mastra/voice-playai (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 095ae6a310d12472e2f23394b600c1465acb4921d1ae78a38893ff567518437f The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...

5.9AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/17 5:7 a.m.10 views

Malicious code in @mastra/voice-google (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ec7a69b358b2f5ed11287ca744502237a1b6971aac05d462222656a70b5864b3 The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...

5.9AI score
Exploits0References2
OSV
OSV
added 2026/06/17 5:7 a.m.6 views

MAL-2026-6048 Malicious code in @mastra/voice-openai (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 636dbce2606cf797f51ebd7c7e76ee2154a1e00e61b734cef90f19ca02ad397c The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...

6.1AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/16 12:29 a.m.18 views

Malicious code in tailwind-typography-style (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5b5b1eea6bfed81a0e57b9af519c45155347e3937a20dc8ef4e9ab1cae6ff73d The package impersonates @tailwindcss/typography by name and ships a verbatim copy of tailwindlabs/tailwindcss-typography's src/ tree index.js,...

5.5AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/15 11:45 p.m.15 views

Malicious code in prettier_v1 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1ae1d77d25db3af85295c48a446f6c0f2f65252ea2483c45ce81df12c75b1fcb Package name 'prettierv1' closely resembles the widely-used 'prettier' formatter package, a classic typosquat naming pattern. The file lib/mirror.js...

5.9AI score
Exploits0References3
OSV
OSV
added 2026/06/11 1:54 p.m.10 views

MAL-2026-5671 Malicious code in sitecore-mm-component-style (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware e1e025725001efb60959449e734f39db775cc54e77abb0c97364f7929cf54a8c Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.5AI score
Exploits0References1
OSV
OSV
added 2026/06/11 9:35 a.m.13 views

MAL-2026-5626 Malicious code in rate-limit-flexible (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 166436585b1666871717d2202a01b64cfc580432ad36d90fa05903daf050d8f7 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.5AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/09 3:10 p.m.14 views

Malicious code in enquriers (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7c7f041bb6800c0c765683543b18f204299e64265c3d9124c54f7f0169b53348 Package name 'enquriers' closely resembles the widely-used 'enquirer' package transposed/added characters, suggesting potential name-confusion risk. ...

6.3AI score
Exploits0References3
Rows per page
Query Builder