Lucene search
K

7921 matches found

OSV
OSV
added 2026/03/24 10:21 p.m.7 views

MAL-2026-2146 Malicious code in databricks-clean-room-orchestrator (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 fbc98178bc405d7a11a93726ed2eb1919477f5fad01b06272d90615c87755663 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

6AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/03/24 10:21 p.m.9 views

Malicious code in databricks-clean-room-orchestrator (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 fbc98178bc405d7a11a93726ed2eb1919477f5fad01b06272d90615c87755663 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

6AI score
Exploits0References1
OSV
OSV
added 2026/03/24 10:21 p.m.8 views

MAL-2026-2145 Malicious code in compose-rl (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 d7bb3250324aea46c0121883650a393aeee3569ba3a3a8f202530bdc523a5735 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

6AI score
Exploits0References1
OSV
OSV
added 2026/03/24 10:20 p.m.6 views

MAL-2026-2152 Malicious code in target-iceberg (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 95793a2b88fbc5bdaa5d42387e7472b796fe34c61959909a928f534137c101d9 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

6AI score
Exploits0References1
EUVD
EUVD
added 2026/03/24 5:53 p.m.4 views

EUVD-2026-14601

Trivy ecosystem supply chain was briefly compromised...

9.4CVSS6AI score0.60368EPSS
Exploits2References3
OSV
OSV
added 2026/03/24 5:53 p.m.2 views

GHSA-69FQ-XP46-6X23 Trivy ecosystem supply chain was briefly compromised

Summary On March 19, 2026, a threat actor used compromised credentials to publish a malicious Trivy v0.69.4 release, force-push 76 of 77 version tags in aquasecurity/trivy-action to credential-stealing malware, and replace all 7 tags in aquasecurity/setup-trivy with malicious commits. On March 22...

9.4CVSS6.2AI score0.60368EPSS
Exploits2References16
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/03/24 2:2 p.m.5 views

Malicious code in privaton-beacon-img-8f3603448690bdde-png (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: oracle-using-macaron be565465ab48d5cf9d07625d2414c21814f63826ea9325c35dca838e40aa24e9 This package is an install-time-executable sdist that uses setup.py paired with an opaque data.bin payload and a beacon name...

5.8AI score
Exploits0
OSV
OSV
added 2026/03/24 2:2 p.m.8 views

MAL-2026-2201 Malicious code in privaton-beacon-img-8f3603448690bdde-png (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: oracle-using-macaron be565465ab48d5cf9d07625d2414c21814f63826ea9325c35dca838e40aa24e9 This package is an install-time-executable sdist that uses setup.py paired with an opaque data.bin payload and a beacon name...

5.8AI score
Exploits0
NVD
NVD
added 2026/03/23 10:16 p.m.4 views

CVE-2026-33634

Trivy is a security scanner. On March 19, 2026, a threat actor used compromised credentials to publish a malicious Trivy v0.69.4 release, force-push 76 of 77 version tags in aquasecurity/trivy-action to credential-stealing malware, and replace all 7 tags in aquasecurity/setup-trivy with malicious...

9.4CVSS0.60368EPSS
Exploits2References14
OSV
OSV
added 2026/03/23 9:47 p.m.5 views

CVE-2026-33634 Trivy ecosystem supply chain briefly compromised

Trivy is a security scanner. On March 19, 2026, a threat actor used compromised credentials to publish a malicious Trivy v0.69.4 release, force-push 76 of 77 version tags in aquasecurity/trivy-action to credential-stealing malware, and replace all 7 tags in aquasecurity/setup-trivy with malicious...

9.4CVSS6.2AI score0.60368EPSS
Exploits2References16
Cvelist
Cvelist
added 2026/03/23 9:47 p.m.40 views

CVE-2026-33634 Trivy ecosystem supply chain briefly compromised

Trivy is a security scanner. On March 19, 2026, a threat actor used compromised credentials to publish a malicious Trivy v0.69.4 release, force-push 76 of 77 version tags in aquasecurity/trivy-action to credential-stealing malware, and replace all 7 tags in aquasecurity/setup-trivy with malicious...

9.4CVSS0.60368EPSS
Exploits2References10
Vulnrichment
Vulnrichment
added 2026/03/23 9:47 p.m.1 views

CVE-2026-33634 Trivy ecosystem supply chain briefly compromised

Trivy is a security scanner. On March 19, 2026, a threat actor used compromised credentials to publish a malicious Trivy v0.69.4 release, force-push 76 of 77 version tags in aquasecurity/trivy-action to credential-stealing malware, and replace all 7 tags in aquasecurity/setup-trivy with malicious...

9.4CVSS5.9AI score0.60368EPSS
Exploits2References10
ATTACKERKB
ATTACKERKB
added 2026/03/23 9:47 p.m.3 views

CVE-2026-33634

Trivy is a security scanner. On March 19, 2026, a threat actor used compromised credentials to publish a malicious Trivy v0.69.4 release, force-push 76 of 77 version tags in aquasecurity/trivy-action to credential-stealing malware, and replace all 7 tags in aquasecurity/setup-trivy with malicious...

9.4CVSS5.9AI score0.60368EPSS
In wildExploits2References11Affected Software5
CVE
CVE
added 2026/03/23 9:47 p.m.43 views

CVE-2026-33634

CVE-2026-33634 is tied to a supply-chain compromise involving Aqua Security Trivy. Concrete details show: (1) affected items include Trivy binary/image v0.69.4, and GitHub Actions components aquasecurity/trivy-action (versions 0.0.1–0.34.2, 76/77 forced-pushed) and aquasecurity/setup-trivy (0.2.0...

9.4CVSS5.9AI score0.60368EPSS
In wildExploits2References14Affected Software3
CNNVD
CNNVD
added 2026/03/23 12:0 a.m.11 views

Aqua Security多款产品 安全漏洞

Aqua Security Trivy and Trivy Action are both products of Aqua Security. Trivy is a comprehensive and multifunctional security scanner. Trivy Action is a container vulnerability scanning software. Several products from Aqua Security have security vulnerabilities, which stem from supply chain...

9.4CVSS6.3AI score0.60368EPSS
Exploits2References3
VulnCheck KEV
VulnCheck KEV
added 2026/03/23 12:0 a.m.18 views

VulnCheck KEV: CVE-2026-33634

Trivy is a security scanner. On March 19, 2026, a threat actor used compromised credentials to publish a malicious Trivy v0.69.4 release, force-push 76 of 77 version tags in aquasecurity/trivy-action to credential-stealing malware, and replace all 7 tags in aquasecurity/setup-trivy with malicious...

9.4CVSS5.9AI score0.60368EPSS
In wildExploits2References5
Positive Technologies
Positive Technologies
added 2026/03/23 12:0 a.m.5 views

PT-2026-27246

Name of the Vulnerable Software and Affected Versions aquasecurity/trivy version 0.69.4 aquasecurity/trivy versions 0.69.5 through 0.69.6 aquasecurity/trivy-action versions 0.0.1 through 0.34.2 aquasecurity/setup-trivy versions 0.2.0 through 0.2.6 Description A supply chain attack occurred where ...

9.4CVSS6.2AI score0.60368EPSS
Exploits2References114
OSV
OSV
added 2026/03/22 4:56 p.m.14 views

MAL-2026-2028 Malicious code in pipinpeace-bind (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 e78be1bf65bda1455a5f08dafdf69aef528e4fb206333e1ecb6c6a97fe8adbc2 Package is designed to start a bind shell during installation. However, it requires providing the port as an installation parameter, which suggests it's more...

6AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/03/22 4:50 p.m.9 views

Malicious code in pipinpeace-reverse (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 471ba9f8dde66035e8bff446fc8acb160f041648a1fc47dd3f00db6e2ea58d08 Package is designed to start a reverse shell during installation. However, it requires providing a URL as an installation parameter, which suggests it's more...

6AI score
Exploits0References1
OSV
OSV
added 2026/03/22 4:50 p.m.12 views

MAL-2026-2029 Malicious code in pipinpeace-reverse (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 471ba9f8dde66035e8bff446fc8acb160f041648a1fc47dd3f00db6e2ea58d08 Package is designed to start a reverse shell during installation. However, it requires providing a URL as an installation parameter, which suggests it's more...

6AI score
Exploits0References1
Rows per page
Query Builder