Lucene search
K

40 matches found

Vulnrichment
Vulnrichment
added 2026/06/09 9:51 a.m.10 views

CVE-2026-41031 A Stored Cross-Site Scripting (XSS) vulnerability occurs in Vinna Process Monitor

A Stored Cross-Site Scripting vulnerability in Vinna Process Monitor Version 4.0 Service Pack 1 Build 63255 allows an authenticated remote attacker with low privileges to inject malicious JavaScript code into the application. This enables attackers to steal administrative access tokens and sessio...

9.3CVSS5.6AI score0.00242EPSS
Exploits0References1
OSV
OSV
added 2026/06/05 12:53 a.m.11 views

MAL-2026-5244 Malicious code in discord-search (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1588cbceb5959b1a1b9e22d2b54d3d67e6bac9c8be4538df23f809772e4a9850 The package was found to contain malicious code or consuming dependency that contains malicious code Source: google-open-source-security...

6.2AI score
Exploits0References4
OSV
OSV
added 2026/05/21 5:52 a.m.20 views

MAL-2026-4490 Malicious code in auth0-templates-scripts-utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ed9a505fcbf6daef28b6625dcbde65ea1dd00b01c1a684debfdedfc7e5bc3643 Package name impersonates the Auth0 ecosystem. Its postinstall hook node index.js runs unconditionally on npm install and performs a multi-stage data...

5.5AI score
Exploits0References3
Snyk
Snyk
added 2026/05/18 9:0 p.m.8 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a credential-stealing payload and worm propagation logic. A malicious actor associated with the "TeamPCP" or "Mini Shai-Hulud" campaign compromised a maintainer's access token; this allowed the...

9.8CVSS5.9AI score
Exploits0References2
Snyk
Snyk
added 2026/05/18 9:0 p.m.15 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a credential-stealing payload and worm propagation logic. A malicious actor associated with the "TeamPCP" or "Mini Shai-Hulud" campaign compromised a maintainer's access token; this allowed the...

9.8CVSS5.9AI score
Exploits0References2
Snyk
Snyk
added 2026/05/11 9:0 p.m.11 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a credential stealer worm. A malicious actor managed to extract a GitHub Actions OIDC token from the runner process and publish tampered versions of 42 @tanstack/ packages to npm, which then spread ...

9.8CVSS6AI score0.02342EPSS
Exploits3References2
Snyk
Snyk
added 2026/05/11 9:0 p.m.10 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a credential stealer worm. A malicious actor managed to extract a GitHub Actions OIDC token from the runner process and publish tampered versions of 42 @tanstack/ packages to npm, which then spread ...

9.8CVSS5.8AI score
Exploits0References2
EUVD
EUVD
added 2026/04/09 9:31 p.m.4 views

EUVD-2023-60559

Joomla Solidres 2.13.3 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by manipulating multiple GET parameters including show, reviews, typeid, distance, facilities, categories, prices, location, and Itemid. Attackers can...

6.1CVSS5.8AI score0.00226EPSS
Exploits0References5
Snyk
Snyk
added 2025/12/29 8:41 a.m.2 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Shai-hulud supply chain attacks. The malware functions as a self-replicating worm that spreads via npm dependencies to compromise developer environments;...

9.8CVSS6.8AI score
Exploits0References2
NVD
NVD
added 2025/12/09 4:17 p.m.5 views

CVE-2025-42872

Due to a Cross-Site Scripting XSS vulnerability in SAP NetWeaver Enterprise Portal, an unauthenticated attacker could inject malicious scripts that execute in the context of other users� browsers, allowing the attacker to steal session cookies, tokens, and other sensitive information. As a result...

6.1CVSS0.00221EPSS
Exploits0References2
CVE
CVE
added 2025/12/09 2:13 a.m.18 views

CVE-2025-42872

CVE-2025-42872 describes a Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Enterprise Portal. An unauthenticated attacker can inject scripts that run in other users’ browsers, potentially stealing session cookies, tokens, and other sensitive information. The impact is characterized as l...

6.1CVSS5.5AI score0.00221EPSS
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/11/25 12:16 a.m.6 views

Malicious code in quickswap-ads-list (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7a51e9188f2b9786cc34efba72bae1dbcf1b659db890a4b5d133a8b94ea60c13 The package quickswap-ads-list was found to contain malicious code. Source: ghsa-malware...

6.9AI score
Exploits0References4
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/11/25 12:16 a.m.8 views

Malicious code in @voiceflow/secrets-provider (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 527df6a20822831f2bc2435e1db61fcc192d163d6a81240078e8e93066dc1235 The package @voiceflow/secrets-provider was found to contain malicious code. Source: ghsa-malware...

6.9AI score
Exploits0References10
OSV
OSV
added 2025/11/25 12:16 a.m.2 views

MAL-2025-191265 Malicious code in @oku-ui/presence (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9ccfe3cd227dfd52c2a7bb6d2c15fc511a5d1baab2eb3378960905005e421b9a The package @oku-ui/presence was found to contain malicious code. Source: google-open-source-security...

6.8AI score
Exploits0References3
OSV
OSV
added 2025/11/24 11:48 p.m.4 views

MAL-2025-191236 Malicious code in @ifings/design-system (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c8a2d458b22985eaf37f768018a4359ed4e32182c1c21f0f204e440b8f37772f The package @ifings/design-system was found to contain malicious code. Source: ghsa-malware...

6.8AI score
Exploits0References4
OSV
OSV
added 2025/11/24 11:42 p.m.7 views

MAL-2025-191224 Malicious code in @fishingbooker/react-swiper (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 06f57ab28c32fa764c92d001b6c970f064bf1c5544959b2c677d8ce8f26d3bd5 The package @fishingbooker/react-swiper was found to contain malicious code. Source: ghsa-malware...

6.8AI score
Exploits0References10
Snyk
Snyk
added 2025/11/24 8:33 p.m.3 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Sha1-hulud supply chain attack, and its content was removed from the official package manager. The malware functions as a self-replicating worm capable of...

9.8CVSS6.8AI score
Exploits0References3
Snyk
Snyk
added 2025/11/24 4:24 p.m.1 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Sha1-hulud supply chain attack, and its content was removed from the official package manager. The malware functions as a self-replicating worm capable of...

9.8CVSS6.8AI score
Exploits0References3
Snyk
Snyk
added 2025/11/24 4:24 p.m.6 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Sha1-hulud supply chain attack, and its content was removed from the official package manager. The malware functions as a self-replicating worm capable of...

9.8CVSS6.8AI score
Exploits0References3
Snyk
Snyk
added 2025/11/24 4:24 p.m.1 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Sha1-hulud supply chain attack, and its content was removed from the official package manager. The malware functions as a self-replicating worm capable of...

9.8CVSS6.8AI score
Exploits0References3
Rows per page
Query Builder