Lucene search
K

4 matches found

OSV
OSV
added 2026/04/03 7:10 p.m.3 views

MAL-2026-2465 Malicious code in strapi-plugin-health-check (npm)

strapi-plugin-health-check is a malicious npm package disguised as a Strapi CMS plugin. On install, it runs a postinstall script that executes an 11-phase attack: stealing .env files, environment variables, Strapi configuration, private keys, Redis data, Docker/Kubernetes secrets, and network...

6AI score
Exploits0References2
OSV
OSV
added 2026/04/03 7:10 p.m.5 views

MAL-2026-2459 Malicious code in strapi-plugin-debug-tools (npm)

strapi-plugin-debug-tools is a malicious npm package disguised as a Strapi CMS plugin. On install, it runs a postinstall script that executes an 11-phase attack: stealing .env files, environment variables, Strapi configuration, private keys, Redis data, Docker/Kubernetes secrets, and network...

6AI score
Exploits0References2
OSV
OSV
added 2026/04/03 4:11 p.m.4 views

MAL-2026-2467 Malicious code in strapi-plugin-hooks (npm)

strapi-plugin-hooks is a malicious npm package disguised as a Strapi CMS plugin. On install, it runs a postinstall script that executes an 11-phase attack: stealing .env files, environment variables, Strapi configuration, private keys, Redis data, Docker/Kubernetes secrets, and network topology. ...

6AI score
Exploits0References2
OSV
OSV
added 2026/04/03 4:9 p.m.5 views

MAL-2026-2457 Malicious code in strapi-plugin-cron (npm)

strapi-plugin-cron is a malicious npm package disguised as a Strapi CMS plugin. On install, it runs a postinstall script that executes an 11-phase attack: stealing .env files, environment variables, Strapi configuration, private keys, Redis data, Docker/Kubernetes secrets, and network topology. I...

6AI score
Exploits0References2
Rows per page
Query Builder