Lucene search
K

94739 matches found

The Hacker News
The Hacker News
added 15 minutes ago2 views

Researcher Drops New Windows Zero-Day PoC Hours After Microsoft Patch Tuesday

Security researcher Chaotic Eclipse aka Nightmare-Eclipse has released a new proof-of-concept PoC exploit called LegacyHive. It has been described as a Windows User Profile Service arbitrary hive load elevation of privileges vulnerability. The Windows User Profile Service, also referred to as...

9.8CVSS6.7AI score
Exploits0
GithubExploit
GithubExploit
added 1 hour ago6 views

vulnerable-web-app

vulnerable-web-app ⚠️ Intentionally vulnerable. A runna...

6.1AI score
Exploits0
GithubExploit
GithubExploit
added 1 hour ago6 views

Exploit for Improper Authentication in Google Android

BT-HID-PoC — CVE-2023-45866 Interactive Wizard DISCLAIMER...

6.3CVSS6.8AI score0.07879EPSS
Exploits9
The Hacker News
The Hacker News
added 2 hours ago4 views

Compromised AsyncAPI npm Packages Deliver Multi-Stage Botnet Malware

Four compromised npm packages in the @asyncapi namespace have been observed distributing a multi-stage botnet loader, according to findings from OX Security, SafeDep, Socket, and StepSecurity. The affected packages are listed below - @asyncapi/[email protected]...

6.3AI score
Exploits0
GithubExploit
GithubExploit
added 3 hours ago9 views

Exploit for Deserialization of Untrusted Data in Metabase

CVE-2026-59827 — Unsafe Deserialization of H2 Query Results in...

9.9CVSS6.8AI score0.00457EPSS
Exploits1
OSSF Malicious Packages
OSSF Malicious Packages
added 3 hours ago5 views

Malicious code in chain-as-log (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 86f8946bf37a9861239e59a78f2d003612494061d5aa60c5f7e54379e72f0ac7 chain-as-log advertises itself as a chai plugin providing deep-equal-excluding assertion helpers. At plugin load time when a consumer calls...

6.1AI score
Exploits0References1
OSV
OSV
added 3 hours ago0 views

MAL-2026-10668 Malicious code in chain-as-log (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 86f8946bf37a9861239e59a78f2d003612494061d5aa60c5f7e54379e72f0ac7 chain-as-log advertises itself as a chai plugin providing deep-equal-excluding assertion helpers. At plugin load time when a consumer calls...

6.1AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 3 hours ago4 views

Malicious code in eslintcmd (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2cf4500fbbfc85f42275772210ace6efb69c5f90d9d0a5edd7c0c75fa271f0c3 The package's postinstall script scripts/install-check.cjs fetches a JSON config from https://slimopump.vercel.app/config/clob-math.json, downloads...

6.3AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 6 hours ago2 views

Malicious code in @sauruslord/libsignal (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b0c2cf2672d98396a7b66cb732741d269732f5faae72293ea46e06b879e7a45b Package name impersonates Open Whisper Systems' libsignal-node but ships unrelated code. On require of index.js, after a 1-second delay, install.js...

6.1AI score
Exploits0References2
OSV
OSV
added 6 hours ago2 views

MAL-2026-10659 Malicious code in @sauruslord/libsignal (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b0c2cf2672d98396a7b66cb732741d269732f5faae72293ea46e06b879e7a45b Package name impersonates Open Whisper Systems' libsignal-node but ships unrelated code. On require of index.js, after a 1-second delay, install.js...

6.1AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 6 hours ago2 views

Malicious code in @debile/require-dir (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3075732c05c8b941b57fed9e8fe9c788b28f9ff6fe9ef91936d1802f568c594e Package @debile/require-dir republishes the code of the well-known require-dir package under a different scope. Its package.json preinstall script ru...

6.1AI score
Exploits0References2
OSV
OSV
added 6 hours ago2 views

MAL-2026-10654 Malicious code in @debile/require-dir (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3075732c05c8b941b57fed9e8fe9c788b28f9ff6fe9ef91936d1802f568c594e Package @debile/require-dir republishes the code of the well-known require-dir package under a different scope. Its package.json preinstall script ru...

6.1AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 7 hours ago7 views

Malicious code in core-dotenv (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector aad83962ee4db02c1bf43558ed5fe6bf79f66754b070415223d29643a8ff754e core-dotenv presents itself as a dotenv/env-var wrapper. On calling the package's config or get, which lazily invokes config, a worker plugin.worker....

6.1AI score
Exploits0References1
OSV
OSV
added 7 hours ago2 views

MAL-2026-10631 Malicious code in core-dotenv (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector aad83962ee4db02c1bf43558ed5fe6bf79f66754b070415223d29643a8ff754e core-dotenv presents itself as a dotenv/env-var wrapper. On calling the package's config or get, which lazily invokes config, a worker plugin.worker....

6.1AI score
Exploits0References1
OSV
OSV
added 7 hours ago2 views

MAL-2026-10639 Malicious code in ogensec-sdk (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4acb9448e8289c41cb35a883074545d2a790b719104b2f7c9a99bfca3e3f64ff The package ships an Express middleware that, on each incoming request, POSTs appId, endpoint to a configured $baseUrl and interprets the response as...

6.4AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 7 hours ago5 views

Malicious code in ogensec-sdk (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4acb9448e8289c41cb35a883074545d2a790b719104b2f7c9a99bfca3e3f64ff The package ships an Express middleware that, on each incoming request, POSTs appId, endpoint to a configured $baseUrl and interprets the response as...

6.4AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 9 hours ago3 views

Malicious code in chai-as-byte (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a6820ba756fd8d2eb81435c478feb269e34f2aea859e42b42861d0a28f914a1f On require of the package's main entry, index.js detaches a child process that runs lib/initializeCaller.js. That script posts the caller's entire...

6.5AI score
Exploits0References2
OSV
OSV
added 9 hours ago2 views

MAL-2026-10630 Malicious code in chai-as-byte (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a6820ba756fd8d2eb81435c478feb269e34f2aea859e42b42861d0a28f914a1f On require of the package's main entry, index.js detaches a child process that runs lib/initializeCaller.js. That script posts the caller's entire...

6.5AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 10 hours ago3 views

Malicious code in @sqlite-frame/nodesql (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0b24506932cbd3f2258f2448b83918ba2acee09cd896467780f8b1dc18b9eb42 index.js is a near-verbatim copy of the upstream feross/buffer library with a single injected top-level statement var ins =...

6.2AI score
Exploits0References2
OSV
OSV
added 10 hours ago2 views

MAL-2026-10627 Malicious code in @sqlite-frame/nodesql (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0b24506932cbd3f2258f2448b83918ba2acee09cd896467780f8b1dc18b9eb42 index.js is a near-verbatim copy of the upstream feross/buffer library with a single injected top-level statement var ins =...

6.2AI score
Exploits0References2
Rows per page
Query Builder