Lucene search
K

30 matches found

OSSF Malicious Packages
OSSF Malicious Packages
added 2026/03/24 4:0 p.m.6 views

Malicious code in stormbreaker-shade (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6c845d690b6091601683bf61bdd858e5579c2fd4d33b770806b1bb113e9533f1 The package stormbreaker-shade was found to contain malicious code...

5.9AI score
Exploits0
OSV
OSV
added 2026/03/24 4:0 p.m.6 views

MAL-2026-2392 Malicious code in stormbreaker-shade (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6c845d690b6091601683bf61bdd858e5579c2fd4d33b770806b1bb113e9533f1 The package stormbreaker-shade was found to contain malicious code...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/06/17 12:0 a.m.38 views

SHADE-Arena: Evaluating Sabotage and Monitoring in LLM Agents

As Large Language Models LLMs are increasingly deployed as autonomous agents in complex and long horizon settings, it is critical to evaluate their ability to sabotage users by pursuing hidden objectives. We study the ability of frontier LLMs to evade monitoring and achieve harmful hidden goals...

7.1AI score
Exploits0
OSV
OSV
added 2024/11/11 9:29 a.m.46 views

SUSE-RU-2024:3971-1 Recommended update for mojo-parent

This update for mojo-parent fixes the following issues: xalan-j2 was updated from version 2.7.2 to 2.7.3: - Security issues fixed: CVE-2022-34169: Fixed integer truncation issue when processing malicious XSLT stylesheets bsc1201684 - Changes and Bugs fixed: Java 8 is now the minimum requirement...

7.5CVSS8.4AI score0.17673EPSS
Exploits2References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2024/06/25 1:31 p.m.2 views

Malicious code in Shade.WPF.Controls (NuGet)

--- -= Per source details. Do not edit below this line.=-...

7AI score
Exploits0References1
OpenVAS
OpenVAS
added 2024/03/08 12:0 a.m.23 views

Fedora: Security Advisory for maven-shade-plugin (FEDORA-2024-129d8ca6fc)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.8CVSS9.2AI score0.02557EPSS
Exploits3References2
Fedora
Fedora
added 2024/03/07 10:33 p.m.22 views

[SECURITY] Fedora 40 Update: maven-shade-plugin-3.5.1-4.fc40

This plugin provides the capability to package the artifact in an uber-jar, including its dependencies and to shade - i.e. rename - the packages of some of the dependencies. %javadocpackage...

8.8CVSS6.8AI score0.02557EPSS
Exploits3
vulnersOsv
vulnersOsv
added 2024/01/31 9:30 a.m.5 views

gradle.plugin.org.springframework.cloud:spring-cloud-contract-gradle-plugin (=4.1.0), org.springframework.cloud.contract:org.springframework.cloud.contract.gradle.plugin (=4.1.0) +10 more potentially affected by CVE-2024-22236 via org.springframework.cloud:spring-cloud-contract-shade (=4.1.0)

org.springframework.cloud:spring-cloud-contract-shade MAVEN version =4.1.0 is affected by a known vulnerability. The following packages have a transitive dependency on org.springframework.cloud:spring-cloud-contract-shade and may be impacted: -...

5.5CVSS6AI score0.00223EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2024/01/31 9:30 a.m.4 views

gradle.plugin.org.springframework.cloud:spring-cloud-contract-gradle-plugin (>=4.0.1 <=4.0.4), org.springframework.cloud.contract:org.springframework.cloud.contract.gradle.plugin (>=4.0.0 <=4.0.4) +10 more potentially affected by CVE-2024-22236 via org.springframework.cloud:spring-cloud-contract-shade (>=4.0.0 <=4.0.4)

org.springframework.cloud:spring-cloud-contract-shade MAVEN version =4.0.0, =4.0.1, =4.0.0, =4.0.0, =4.0.0, =4.0.0, =4.0.0, =4.0.0, =4.0.0, =4.0.0, =4.0.0, =4.0.0, =4.0.0, =4.0.4 Source cves: CVE-2024-22236 Source advisory: OSV:GHSA-P6RP-MX85-M459...

5.5CVSS6AI score0.00223EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2024/01/31 12:0 a.m.6 views

PT-2024-19288 · Google +1 · Guava +1

Name of the Vulnerable Software and Affected Versions: Spring Cloud Contract versions 3.1.x prior to 3.1.10 Spring Cloud Contract versions 4.0.x prior to 4.0.5 Spring Cloud Contract versions 4.1.x prior to 4.1.1 Description: The issue concerns local information disclosure via a temporary director...

5.5CVSS5.2AI score0.00223EPSS
Exploits0References11
SUSE CVE
SUSE CVE
added 2023/02/15 3:55 a.m.4 views

SUSE CVE-2020-21683

A global buffer overflow in the shadeortintnameafterdeclarecolor in genpstricks.c of fig2dev 3.2.7b allows attackers to cause a denial of service DOS via converting a xfig file into pstricks format...

7.5CVSS7.2AI score0.00782EPSS
Exploits1References10
OSV
OSV
added 2022/12/13 4:15 p.m.4 views

CVE-2022-20466

In applyKeyguardFlags of NotificationShadeWindowControllerImpl.java, there is a possible way to observe the user's password on a secondary display due to an insecure default value. This could lead to local information disclosure with no additional execution privileges needed. User interaction is...

5.5CVSS5.9AI score0.00104EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2022/12/13 12:0 a.m.4 views

CVE-2022-20466

In applyKeyguardFlags of NotificationShadeWindowControllerImpl.java, there is a possible way to observe the user's password on a secondary display due to an insecure default value. This could lead to local information disclosure with no additional execution privileges needed. User interaction is...

5.5AI score0.00104EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2022/04/05 12:0 a.m.5 views

The vulnerability of the `shade_or_tint_name_after_declare_color` function in the `genpstricks.c` component, a utility for converting .fig files with the .fig2dev extension, allows a malicious actor to cause a service failure.

The vulnerability of the shadeortintnameafterdeclarecolor function in the genpstricks.c component, a utility for converting .fig files in the Fig2dev format, involves copying buffers without checking input data. Exploiting this vulnerability allows an attacker to cause service failure by converti...

7.1CVSS6.5AI score0.00782EPSS
Exploits1References5Affected Software2
ThreatPost
ThreatPost
added 2020/04/30 12:17 p.m.45 views

Shade Threat Actors Call It Quits, Release 750K Encryption Keys

The threat actors behind the Shade ransomware have called it quits, releasing 750,000 encryption keys on GitHub and publicly apologizing to victims affected by the malware. User “shade-team” posted four files on the code repository earlier this week, one containing the file keys and four “ReadMe”...

7.4AI score
Exploits0References15
Malwarebytes
Malwarebytes
added 2020/04/28 5:8 p.m.33 views

Threat actors release Troldesh decryption keys

Update: Kaspersky has updated their ShadeDecryptor tool to include decryption for the keys released by "shade team". You can download the tool and find instructions here. A GitHub user claiming to represent the authors of the Troldesh Ransomware calling themselves the “Shade team” published this...

7AI score
Exploits0
OSV
OSV
added 2020/04/07 2:15 p.m.2 views

CVE-2016-11027

An issue was discovered on Samsung mobile devices with M6.0 software. In the Shade Locked state, a physically proximate attacker can read notifications on the lock screen. The Samsung ID is SVE-2016-7132 December 2016...

2.4CVSS5.8AI score0.00139EPSS
Exploits0References1
Talos Blog
Talos Blog
added 2019/09/27 7:22 a.m.203 views

Threat Roundup for September 20 to September 27

Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Sept. 20 and Sept. 27. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral...

10CVSS10AI score0.99999EPSS
Exploits123
Talos Blog
Talos Blog
added 2019/09/13 2:6 p.m.353 views

Threat Roundup for September 6 to September 13

Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Sept. 6 and Sept. 13. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristic...

10CVSS10AI score0.99999EPSS
Exploits123
ThreatPost
ThreatPost
added 2019/05/23 8:24 p.m.103 views

Shade Ransomware Expands to U.S. Targets

Shade, a ransomware known to target Russian victims, has been spotted in several recent campaigns scoping out new locations – including in the U.S. and Japan. The ransomware, first spotted in late 2014 by Kaspersky Lab researchers, has been known for focusing on Russian victims – but more recent...

0.9AI score
Exploits0References6
Rows per page
Query Builder