Lucene search
+L

250 matches found

osv
osv
added 2026/07/09 12:0 a.m.2 views

MAL-2026-10074 Malicious code in testis-pack (npm)

The npm package testis-pack presents itself as a small binary packing/checksum utility pack/unpack/checksum/inspect but embeds an obfuscated dropper. It declares a preinstall: node index.js hook. The strings for the C2 host, path and dropped-binary name are not present in plaintext — they are...

6.5AI score
Exploits0References3
ossf
ossf
added 2026/07/09 12:0 a.m.8 views

Malicious code in testudo-pack (npm)

The npm package testudo-pack is byte-for-byte identical verified via diff to testis-pack from the same npm publisher ioa2102 [email protected], differing only in its install hook: postinstall: node index.js instead of preinstall. It presents itself as a small binary packing/checksum...

6.2AI score
Exploits0References3
osv
osv
added 2026/07/09 12:0 a.m.2 views

MAL-2026-10075 Malicious code in testudo-pack (npm)

The npm package testudo-pack is byte-for-byte identical verified via diff to testis-pack from the same npm publisher ioa2102 [email protected], differing only in its install hook: postinstall: node index.js instead of preinstall. It presents itself as a small binary packing/checksum...

6.2AI score
Exploits0References3
packetstorm
packetstorm
added 2025/12/04 12:0 a.m.211 views

📄 Discord Language Sloth Bot Directory Traversal Scanner / Payload Generator

The Language Sloth Discord bot contains a critical directory traversal vulnerability allowing attackers to read arbitrary files on the server hosting the bot through improperly sanitized user input in file path operations. This is an automated scanner with payload generation...

7.5CVSS6.7AI score0.01479EPSS
Exploits4
ossf
ossf
added 2025/11/12 3:4 a.m.4 views

Malicious code in local-aqua-sloth (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 78d45c913bbc73a37fd3cba872c5b0b747074cd3806fb01b2ea687136384857c This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.9AI score
Exploits0
euvd
euvd
added 2025/11/12 3:4 a.m.2 views

EUVD-2025-117260

Malicious code in local-aqua-sloth npm...

6.6AI score
Exploits0
euvd
euvd
added 2025/11/12 3:4 a.m.2 views

EUVD-2025-117284

Malicious code in juicy-aquamarine-sloth npm...

6.6AI score
Exploits0
euvd
euvd
added 2025/11/11 8:46 p.m.3 views

EUVD-2025-100076

Malicious code in detailedslothz3n npm...

6.6AI score
Exploits0
euvd
euvd
added 2025/11/11 8:46 p.m.4 views

EUVD-2025-104078

Malicious code in livingslothz3n npm...

6.6AI score
Exploits0
ossf
ossf
added 2025/11/11 8:46 p.m.6 views

Malicious code in horrible_sloth_z3n (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 83868d2e596126ede29aac8bcab553d135ed9d90666d1b457bff77e88dd296ec This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.9AI score
Exploits0
ossf
ossf
added 2025/11/11 8:46 p.m.4 views

Malicious code in concerned_sloth_z3n (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 417da7a6b09ddedfe30ad9fed31cc93beaa2a290c8f66ee1f39c53a43814054f This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.9AI score
Exploits0
euvd
euvd
added 2025/11/11 8:11 p.m.3 views

EUVD-2025-95789

Malicious code in physicalslothz3n npm...

6.6AI score
Exploits0
euvd
euvd
added 2025/11/11 8:11 p.m.1 views

EUVD-2025-106043

Malicious code in colouredslothz3n npm...

6.6AI score
Exploits0
ossf
ossf
added 2025/11/11 8:11 p.m.6 views

Malicious code in condemned_sloth_z3n (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 55c37a00283ae5aeb8e74f56d33f3bd3b8309ee246dec5c996cc0f08a0e9426f This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.9AI score
Exploits0
euvd
euvd
added 2025/11/11 3:19 p.m.2 views

EUVD-2025-89416

Malicious code in properslothz3n npm...

6.6AI score
Exploits0
ossf
ossf
added 2025/11/11 3:19 p.m.2 views

Malicious code in proper_sloth_z3n (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 010f2a1af8f6eb7acfc43ec1852e8f27c62eadaa46963b0901e99e1746440bdb This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.9AI score
Exploits0
euvd
euvd
added 2025/11/11 7:47 a.m.3 views

EUVD-2025-74097

Malicious code in vividslothorange-15 npm...

6.6AI score
Exploits0
euvd
euvd
added 2025/11/11 7:47 a.m.3 views

EUVD-2025-74076

Malicious code in worldwideslothorange-96 npm...

6.6AI score
Exploits0
euvd
euvd
added 2025/11/11 7:44 a.m.3 views

EUVD-2025-75750

Malicious code in saltysloth-silentdev npm...

6.6AI score
Exploits0
ossf
ossf
added 2025/11/11 7:44 a.m.4 views

Malicious code in additional_sloth-appteadev (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3abbed89ecd3b20eb1115acc58bce0ec3353226f1d0d9f3f8acae7ebc93715f2 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.9AI score
Exploits0
Rows per page
Query Builder