Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

88 matches found

OSSF Malicious Packages
OSSF Malicious Packagesadded 2026/05/25 5:38 p.m.8 views

Malicious code in api-rs-node (npm)

A campaign of npm packages sharing a common dropper clob.js that downloads and persistently installs a Windows executable from IPFS on postinstall. The dropper fetches the binary from IPFS CID bafybeif3zkapj364ofnrvbty7oj5h5ufpxlp4s62usk3ulxrru35e3gssa via multiple public gateways Pinata,...

5.8AI score
Exploits0References2
OSV
OSVadded 2026/05/25 5:38 p.m.6 views

MAL-2026-4348 Malicious code in api-rs-node (npm)

A campaign of npm packages sharing a common dropper clob.js that downloads and persistently installs a Windows executable from IPFS on postinstall. The dropper fetches the binary from IPFS CID bafybeif3zkapj364ofnrvbty7oj5h5ufpxlp4s62usk3ulxrru35e3gssa via multiple public gateways Pinata,...

5.8AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packagesadded 2026/05/25 12:3 p.m.8 views

Malicious code in clobprice.api (npm)

A campaign of npm packages sharing a common dropper clob.js that downloads and persistently installs a Windows executable from IPFS on postinstall. The dropper fetches the binary from IPFS CID bafybeif3zkapj364ofnrvbty7oj5h5ufpxlp4s62usk3ulxrru35e3gssa via multiple public gateways Pinata,...

5.8AI score
Exploits0References3
OSV
OSVadded 2026/05/25 12:3 p.m.7 views

MAL-2026-4350 Malicious code in clobprice.api (npm)

A campaign of npm packages sharing a common dropper clob.js that downloads and persistently installs a Windows executable from IPFS on postinstall. The dropper fetches the binary from IPFS CID bafybeif3zkapj364ofnrvbty7oj5h5ufpxlp4s62usk3ulxrru35e3gssa via multiple public gateways Pinata,...

5.8AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packagesadded 2026/05/25 12:2 p.m.9 views

Malicious code in clob.api (npm)

A campaign of npm packages sharing a common dropper clob.js that downloads and persistently installs a Windows executable from IPFS on postinstall. The dropper fetches the binary from IPFS CID bafybeif3zkapj364ofnrvbty7oj5h5ufpxlp4s62usk3ulxrru35e3gssa via multiple public gateways Pinata,...

5.8AI score
Exploits0References1
OSV
OSVadded 2026/05/25 12:2 p.m.5 views

MAL-2026-4349 Malicious code in clob.api (npm)

A campaign of npm packages sharing a common dropper clob.js that downloads and persistently installs a Windows executable from IPFS on postinstall. The dropper fetches the binary from IPFS CID bafybeif3zkapj364ofnrvbty7oj5h5ufpxlp4s62usk3ulxrru35e3gssa via multiple public gateways Pinata,...

5.8AI score
Exploits0References1
OSV
OSVadded 2026/05/25 12:0 p.m.9 views

MAL-2026-4347 Malicious code in @devcarron/clob (npm)

A campaign of npm packages sharing a common dropper clob.js that downloads and persistently installs a Windows executable from IPFS on postinstall. The dropper fetches the binary from IPFS CID bafybeif3zkapj364ofnrvbty7oj5h5ufpxlp4s62usk3ulxrru35e3gssa via multiple public gateways Pinata,...

5.8AI score
Exploits0References1
OSV
OSVadded 2026/05/20 4:4 a.m.2 views

MAL-2026-4502 Malicious code in bucket-protocol-sdk-v2 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e19ff8a6cb5a08bd0561658d41dfe3616f1680bc5acac989c97da38f37ee41b4 bucket-protocol-sdk-v2 advertises itself as a 'community maintained drop-in replacement' for the Sui ecosystem's bucket-protocol-sdk, but its src/ tr...

5.9AI score
Exploits0References7
OSV
OSVadded 2026/05/12 12:3 a.m.1 views

MAL-2026-3488 Malicious code in @tanstack/start-fn-stubs (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware e25d3624c39cfe3dae76a5630525e72d3f0fe2f8eb1bbb44a0ff17c3a39d4fe2 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.8AI score
Exploits0References6
OSSF Malicious Packages
OSSF Malicious Packagesadded 2026/05/12 12:3 a.m.4 views

Malicious code in @tanstack/start-fn-stubs (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware e25d3624c39cfe3dae76a5630525e72d3f0fe2f8eb1bbb44a0ff17c3a39d4fe2 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.8AI score
Exploits0References6
vulnersOsv
vulnersOsvadded 2026/05/12 12:3 a.m.5 views

@tanstack/react-start (>=1.142.11 <=1.161.3), @tanstack/react-start-client (>=1.142.11 <=1.161.3) +11 more potentially affected by unknown CVE via @tanstack/start-fn-stubs (>=1.142.9 <=1.154.7)

@tanstack/start-fn-stubs NPM version =1.142.9, =1.142.11, =1.142.11, =1.142.11, =1.142.11, =1.142.9, =1.142.11, =1.142.9, =1.142.11, =1.142.11, =1.142.10, =1.142.11, =1.142.9, =1.142.11, =1.161.3 Source cves: unknown CVE Source advisory: OSV:MAL-2026-3488...

5.8AI score
Exploits0
vulnersOsv
vulnersOsvadded 2026/05/11 9:0 p.m.4 views

@tanstack/react-start (>=1.142.11 <=1.161.3), @tanstack/react-start-client (>=1.142.11 <=1.161.3) +11 more potentially affected by CVE-2026-45321 via @tanstack/start-fn-stubs (>=1.142.9 <=1.154.7)

@tanstack/start-fn-stubs NPM version =1.142.9, =1.142.11, =1.142.11, =1.142.11, =1.142.11, =1.142.9, =1.142.11, =1.142.9, =1.142.11, =1.142.11, =1.142.10, =1.142.11, =1.142.9, =1.142.11, =1.161.3 Source cves: CVE-2026-45321 Source advisory: SNYK:JS-TANSTACKSTARTFNSTUBS-16640239...

9.6CVSS7.4AI score0.17051EPSS
Exploits3
vulnersOsv
vulnersOsvadded 2026/05/11 4:17 p.m.5 views

aratinga (=0.1.0a0.dev3), coop (>=7.1.0 <=7.2.1) +7 more potentially affected by CVE-2026-44201 via wagtail (>=7.1.0 <=7.2.3)

wagtail PYPI version =7.1.0, =7.1.0, =1.1.1, =2.0.0, =0.0.1, =7.1.0a1, =7.2.0b0 Source cves: CVE-2026-44201 Source advisory: OSV:PYSEC-2026-150...

5.3CVSS5.8AI score0.00013EPSS
Exploits0
vulnersOsv
vulnersOsvadded 2026/05/11 4:17 p.m.6 views

aratinga (=0.1.0a0.dev3), coop (>=7.1.0 <=7.2.1) +7 more potentially affected by CVE-2026-44198 via wagtail (>=7.1.0 <=7.2.3)

wagtail PYPI version =7.1.0, =7.1.0, =1.1.1, =2.0.0, =0.0.1, =7.1.0a1, =7.2.0b0 Source cves: CVE-2026-44198 Source advisory: OSV:PYSEC-2026-147...

4.3CVSS5.8AI score0.0003EPSS
Exploits0
vulnersOsv
vulnersOsvadded 2026/05/08 8:23 p.m.7 views

aratinga (=0.1.0a0.dev3), coop (>=7.1.0 <=7.2.1) +7 more potentially affected by CVE-2026-44200 via wagtail (>=7.1.0 <=7.2.3)

wagtail PYPI version =7.1.0, =7.1.0, =1.1.1, =2.0.0, =0.0.1, =7.1.0a1, =7.2.0b0 Source cves: CVE-2026-44200 Source advisory: OSV:GHSA-67RV-MG8Q-5PF3...

6.5CVSS5.8AI score0.00027EPSS
Exploits0
vulnersOsv
vulnersOsvadded 2026/05/08 8:21 p.m.5 views

aratinga (=0.1.0a0.dev3), coop (>=7.1.0 <=7.2.1) +7 more potentially affected by CVE-2026-44201 via wagtail (>=7.1.0 <=7.2.3)

wagtail PYPI version =7.1.0, =7.1.0, =1.1.1, =2.0.0, =0.0.1, =7.1.0a1, =7.2.0b0 Source cves: CVE-2026-44201 Source advisory: OSV:GHSA-P5GM-92H4-6PV6...

5.3CVSS5.8AI score0.00013EPSS
Exploits0
vulnersOsv
vulnersOsvadded 2026/05/08 8:20 p.m.5 views

aratinga (=0.1.0a0.dev3), coop (>=7.1.0 <=7.2.1) +7 more potentially affected by CVE-2026-44199 via wagtail (>=7.1.0 <=7.2.3)

wagtail PYPI version =7.1.0, =7.1.0, =1.1.1, =2.0.0, =0.0.1, =7.1.0a1, =7.2.0b0 Source cves: CVE-2026-44199 Source advisory: OSV:GHSA-PWM3-7FV4-G6XX...

6.5CVSS5.8AI score0.00031EPSS
Exploits0
GithubExploit
GithubExploitadded 2026/04/07 11:37 a.m.68 views

public_disclosures

Public vulnerability disclosures Contains some of my vulnerab...

5.8AI score
Exploits0
vulnersOsv
vulnersOsvadded 2026/03/27 8:35 p.m.3 views

homeassistant-stubs (>=2025.2.0 <=2025.9.4), pytest-homeassistant-custom-component (>=0.13.206 <=0.13.281) +1 more potentially affected by CVE-2026-33045 via homeassistant (>=2025.2.0 <=2025.9.4)

homeassistant PYPI version =2025.2.0, =2025.2.0, =0.13.206, =0.108.0, =0.108.1 Source cves: CVE-2026-33045 Source advisory: OSV:GHSA-46J8-VPX8-6P72...

8.8CVSS5.8AI score0.00012EPSS
Exploits1
OSV
OSVadded 2026/03/12 2:50 p.m.1 views

GHSA-X442-M7CC-HR92 kora-lib: Unrecognized Instruction Types Create Empty Stubs That Bypass Fee Payer Policy

Summary When inner CPI instructions use instruction types not recognized by Kora's parser including Token-2022 extension instructions like ConfidentialTransfer, TransferFeeExtension::WithdrawWithheldTokens, etc., they are reconstructed as stub instructions with empty accounts and empty data. Thes...

6.9CVSS6AI score
Exploits0References2
Rows per page
Query Builder