Lucene search
K

6 matches found

OSV
OSV
added 2025/11/24 10:25 p.m.3 views

MAL-2025-191155 Malicious code in wenk (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 209b9df1ab21f1d5e193a2a9e68ece62122dc7979592c1f21599dd018aebfff7 The package wenk was found to contain malicious code. Source: ghsa-malware 440c248dbbb7a7c4fb5db4f70f71b5dd51ca4287f3d4e83c7caceeab7aee2dd8 Any...

6.8AI score
Exploits0References4
CVE
CVE
added 2025/08/08 12:6 a.m.75 views

CVE-2025-54887

CVE-2025-54887 affects the Ruby library jwe (Ruby implementation of RFC 7516) in versions 1.1.0 and earlier. The auth tag of encrypted JWEs can be brute-forced, enabling modification of JWEs to yield arbitrary plaintext and potentially revealing the GHASH key, which requires rotating keys after u...

9.1CVSS6.5AI score0.00231EPSS
Exploits1References2
OSV
OSV
added 2025/04/22 6:57 p.m.10 views

GHSA-33QR-M49Q-RXFX Compromised xrpl.js versions 4.2.1, 4.2.2, 4.2.3, 4.2.4, and 2.14.2

Impact Versions 4.2.1, 4.2.2, 4.2.3, and 4.2.4 of xrpl.js were compromised and contained malicious code designed to exfiltrate private keys. If you are using one of these versions, stop immediately and rotate any private keys or secrets used with affected systems. Version 2.14.2 is also malicious...

9.3CVSS7.2AI score0.00818EPSS
Exploits2References6
OSV
OSV
added 2024/07/04 5:10 a.m.7 views

MAL-2024-7324 Malicious code in @zitterorg/placeat-a (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 97e140c5d10bf92587d1e454856c6c3366a04c59862e78ec07694ece8216b221 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI score
Exploits0References1
OSV
OSV
added 2024/02/14 5:33 a.m.11 views

MAL-2024-1001 Malicious code in blockledger (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 596f3b83cb6e085aeab000858462b7f8ceb37be525f283a685882a9180b6abbc Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI score
Exploits0References1
Positive Technologies
Positive Technologies
added 2023/03/01 12:0 a.m.3 views

PT-2023-22986 · Netflix · Netflix Lemur

Name of the Vulnerable Software and Affected Versions: Netflix Lemur versions prior to 1.3.2 Description: The issue is related to Netflix Lemur using insufficiently random values when generating default credentials. This may allow an attacker to guess the credentials and gain access to resources...

8.7CVSS7.3AI score0.00784EPSS
Exploits0References13
Rows per page
Query Builder