Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7 matches found

OSV
OSVadded 11 hours ago5 views

MAL-2026-5726 Malicious code in ecto_module (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7e66c690abd94ee498cd359eb076451c0f6ea3956d8221616bbf8990d35a38c5 On npm install, the package's preinstall hook node index.js reads /flag.txt falling back to execSync'cat /flag' and transmits the captured contents i...

5.6AI score
Exploits0References1
Snyk
Snykadded 2025/08/14 3:31 p.m.2 views

Malicious Package

Overview tiupd is a malicious package. This package contains malicious code, and its content was removed from the official package manager. The package appears to be part of a larger campaign targeting user credentials. It, and several other variations, masquerade as automation tools for social...

8.6CVSS6.9AI score
Exploits0References3
Snyk
Snykadded 2024/10/02 12:28 p.m.1 views

Malicious Package

Overview redis-examples is a malicious package. This package contains malicious code that collects sensitive information about the victim and sends it to the attacker's remote server. While this package might be attempting to impersonate a valid organization, there is no connection between that...

9.8CVSS7AI score
Exploits0References2
Snyk
Snykadded 2024/10/02 12:28 p.m.1 views

Malicious Package

Overview language-rego is a malicious package. This package contains malicious code that collects sensitive information about the victim and sends it to the attacker's remote server. While this package might be attempting to impersonate a valid organization, there is no connection between that...

9.8CVSS7AI score
Exploits0References2
Snyk
Snykadded 2024/10/02 12:28 p.m.2 views

Malicious Package

Overview braintree.github.io is a malicious package. This package contains malicious code that collects sensitive information about the victim and sends it to the attacker's remote server. While this package might be attempting to impersonate a valid organization, there is no connection between...

9.8CVSS7AI score
Exploits0References2
Snyk
Snykadded 2024/10/02 12:28 p.m.2 views

Malicious Package

Overview sp-api-app-cdk is a malicious package. This package contains malicious code that collects sensitive information about the victim and sends it to the attacker's remote server. While this package might be attempting to impersonate a valid organization, there is no connection between that...

9.8CVSS7AI score
Exploits0References2
Snyk
Snykadded 2024/10/02 12:28 p.m.3 views

Malicious Package

Overview videojs-sneakpeek is a malicious package. This package contains malicious code that collects sensitive information about the victim and sends it to the attacker's remote server. While this package might be attempting to impersonate a valid organization, there is no connection between tha...

9.8CVSS7AI score
Exploits0References2
Rows per page
Query Builder