Lucene search
K

485 matches found

OSV
OSV
added 2026/03/16 12:0 a.m.3 views

MAL-2026-1574 Malicious code in transform-spread (npm)

The package 'transform-spread' is part of the PhantomRaven supply chain attack campaign Wave 3. It uses a Remote Dynamic Dependency RDD technique: the published package appears benign but includes a URL-based dependency in package.json pointing to an attacker-controlled C2 server...

5.6AI score
Exploits0References3
The Hacker News
The Hacker News
added 2026/02/27 10:6 a.m.9 views

Trojanized Gaming Tools Spread Java-Based RAT via Browser and Chat Platforms

Threat actors are luring unsuspecting users into running trojanized gaming utilities that are distributed via browsers and chat platforms to distribute a remote access trojan RAT. "A malicious downloader staged a portable Java runtime and executed a malicious Java archive JAR file named...

6.5AI score
Exploits0
The Hacker News
The Hacker News
added 2026/02/23 5:59 p.m.15 views

Wormable XMRig Campaign Uses BYOVD Exploit and Time-Based Logic Bomb

Cybersecurity researchers have disclosed details of a new cryptojacking campaign that uses pirated software bundles as lures to deploy a bespoke XMRig miner program on compromised hosts. "Analysis of the recovered dropper, persistence triggers, and mining payload reveals a sophisticated,...

10CVSS7.2AI score0.99562EPSS
Exploits374
NVD
NVD
added 2026/02/20 11:16 p.m.11 views

CVE-2026-27121

svelte performance oriented web framework. Versions of svelte prior to 5.51.5 are vulnerable to cross-site scripting XSS during server-side rendering. When using spread syntax to render attributes from untrusted data, event handler properties are included in the rendered HTML output. If an...

5.4CVSS0.00189EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/02/20 10:27 p.m.5 views

CVE-2026-27121

svelte performance oriented web framework. Versions of svelte prior to 5.51.5 are vulnerable to cross-site scripting XSS during server-side rendering. When using spread syntax to render attributes from untrusted data, event handler properties are included in the rendered HTML output. If an...

5CVSS5.2AI score0.00189EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/02/20 10:27 p.m.4 views

CVE-2026-27121 Svelte affected by cross-site scripting via spread attributes in Svelte SSR

svelte performance oriented web framework. Versions of svelte prior to 5.51.5 are vulnerable to cross-site scripting XSS during server-side rendering. When using spread syntax to render attributes from untrusted data, event handler properties are included in the rendered HTML output. If an...

5CVSS5.1AI score0.00189EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/02/20 10:27 p.m.26 views

CVE-2026-27121 Svelte affected by cross-site scripting via spread attributes in Svelte SSR

svelte performance oriented web framework. Versions of svelte prior to 5.51.5 are vulnerable to cross-site scripting XSS during server-side rendering. When using spread syntax to render attributes from untrusted data, event handler properties are included in the rendered HTML output. If an...

5CVSS0.00189EPSS
Exploits0References1
CVE
CVE
added 2026/02/20 10:27 p.m.19 views

CVE-2026-27121

Technical details for CVE-2026-27121 are not publicly available in the provided documents. Monitor for updates.

5.4CVSS5.2AI score0.00189EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2026/02/20 10:27 p.m.5 views

CVE-2026-27121 Svelte affected by cross-site scripting via spread attributes in Svelte SSR

svelte performance oriented web framework. Versions of svelte prior to 5.51.5 are vulnerable to cross-site scripting XSS during server-side rendering. When using spread syntax to render attributes from untrusted data, event handler properties are included in the rendered HTML output. If an...

5CVSS5.3AI score0.00189EPSS
Exploits0References3
Snyk
Snyk
added 2026/02/19 3:18 p.m.2 views

Cross-site Scripting (XSS)

Overview svelte is a package for building web applications. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the spread syntax when rendering attributes from untrusted data during server-side rendering. An attacker can execute arbitrary JavaScript in the context of...

5.5CVSS5.6AI score0.00189EPSS
Exploits0References2
Snyk
Snyk
added 2026/02/19 3:18 p.m.2 views

Cross-site Scripting (XSS)

Overview org.webjars.npm:svelte is a package for building web applications. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the spread syntax when rendering attributes from untrusted data during server-side rendering. An attacker can execute arbitrary JavaScript i...

5.5CVSS5.9AI score0.00189EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/02/19 3:18 p.m.7 views

Svelte affected by cross-site scripting via spread attributes in Svelte SSR

Versions of svelte prior to 5.51.5 are vulnerable to cross-site scripting XSS during server-side rendering. When using spread syntax to render attributes from untrusted data, event handler properties are included in the rendered HTML output. If an application spreads user-controlled or external...

5.4CVSS5.2AI score0.00189EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2026/02/19 3:18 p.m.3 views

GHSA-F7GR-6P89-R883 Svelte affected by cross-site scripting via spread attributes in Svelte SSR

Versions of svelte prior to 5.51.5 are vulnerable to cross-site scripting XSS during server-side rendering. When using spread syntax to render attributes from untrusted data, event handler properties are included in the rendered HTML output. If an application spreads user-controlled or external...

5CVSS5.2AI score0.00189EPSS
Exploits0References3
Trellix
Trellix
added 2026/02/17 12:0 a.m.9 views

Technical Deep Dive: The Monero Mining Campaign

Technical Deep Dive: The Monero Mining Campaign By Aswath A · February 17, 2026 Executive summary In the contemporary threat landscape, while ransomware grabs headlines with high-impact disruptions, cryptojacking operations have quietly evolved into sophisticated, persistent threats. This report...

7.8CVSS8.2AI score0.00605EPSS
Exploits1
Wired Threat Level
Wired Threat Level
added 2026/01/03 10:0 a.m.6 views

How to Protect Your iPhone or Android Device From Spyware

Being targeted by sophisticated spyware is relatively rare, but experts say that everyone needs to stay vigilant as this dangerous malware continues to proliferate worldwide...

7AI score
Exploits0
Wiz blog
Wiz blog
added 2025/12/01 5:52 p.m.4 views

Shai-Hulud 2.0 Aftermath: Trends, Victimology and Impact

A deeper look at the Shai-Hulud 2.0 supply chain attack: reviewing the infection spread, victimology, leaked secrets distribution, and community response so far...

6.9AI score
Exploits0
OSV
OSV
added 2025/11/25 12:16 a.m.5 views

MAL-2025-191252 Malicious code in @oku-ui/checkbox (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 85b761a46dff9ea0ec6705cfe75221ceb7a3adeac0b4a2954618b3b069db3824 The package @oku-ui/checkbox was found to contain malicious code. Source: google-open-source-security...

6.8AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/11/25 12:16 a.m.8 views

Malicious code in @voiceflow/prettier-config (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d559f73440d8fdf3f6f155244ce54b5d8d829700d5780778a26f0ac94fb5b59e The package @voiceflow/prettier-config was found to contain malicious code. Source: ghsa-malware...

6.9AI score
Exploits0References4
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/11/25 12:16 a.m.6 views

Malicious code in @voiceflow/nestjs-rate-limit (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3a0dac1431983489842c368c5db298d65dc30278340ee47cf01c5fb3fc2f178b The package @voiceflow/nestjs-rate-limit was found to contain malicious code. Source: google-open-source-security...

6.9AI score
Exploits0References9
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/11/25 12:16 a.m.9 views

Malicious code in @oku-ui/dismissable-layer (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8e3f3fce07b25fef3b52f9f9cccfdaa44fd55e8721c6d7c287e1fbd9379359f0 The package @oku-ui/dismissable-layer was found to contain malicious code. Source: google-open-source-security...

6.9AI score
Exploits0References3
Rows per page
Query Builder