Lucene search
+L

269 matches found

ossf
ossf
added 2026/05/28 1:39 p.m.15 views

Malicious code in @service-suppliers/set_initial_loaded (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 2bd44f16d8e16a982d3d1b38f7956db80de10ef3c0c176e7079e684926c1c3c7 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.8AI score
Exploits0References1
osv
osv
added 2026/05/23 12:0 a.m.12 views

MAL-2026-4283 Malicious code in token-usage-tracker (npm)

Ten packages published by npm user asdxzxc at version 1.0.10 target developers working on AI and LLM tooling. Each package masquerades as a developer utility while executing a two-stage payload triggered via postinstall: package.json → lib/setup.js → lib/worker.js. Credential harvesting:...

6AI score
Exploits0References3
redhatcve
redhatcve
added 2026/05/19 7:57 p.m.11 views

CVE-2026-8803

A flaw has been found in opensourcepos Open Source Point of Sale up to 3.4.2. Impacted is the function Login of the file app/Models/Employee.php of the component Employee Login. This manipulation causes use of weak hash. Remote exploitation of the attack is possible. The attack is considered to...

6.3CVSS5.3AI score0.00182EPSS
Exploits0References1
ptsecurity
ptsecurity
added 2026/05/18 12:0 a.m.19 views

PT-2026-41671

Name of the Vulnerable Software and Affected Versions opensourcepos Open Source Point of Sale versions prior to 3.4.3 Description A flaw in the Employee Login component allows for the use of a weak hash. The issue is located in the Login function within the app/Models/Employee.php file. This...

6.3CVSS5.8AI score0.00182EPSS
Exploits0References7
osv
osv
added 2026/05/15 11:24 a.m.7 views

MAL-2026-3795 Malicious code in dowload_ebok_como_leer_el_futbol_by_ruud_gullit_8qd97 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 60192fdff4e24c7d8a8a8feebf26b8aa9408dacbc59475649335e0efc03969f6 The package dowloadebokcomoleerelfutbolbyruudgullit8qd97 was found to contain malicious code. Source: ghsa-malware...

5.8AI score
Exploits0References1
osv
osv
added 2026/05/15 11:24 a.m.7 views

MAL-2026-3799 Malicious code in dowload_ebok_the_testament_of_solomon_by_king_solomon_frederick_cornwallis_conybeare_5201c (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b33d6c492e4871ad2384480820ba9bbefb5a987a0675139c6358cc58e645fd95 The package dowloadebokthetestamentofsolomonbykingsolomonfrederickcornwallisconybeare5201c was found to contain malicious code. Source: ghsa-malware...

5.8AI score
Exploits0References1
ossf
ossf
added 2026/04/20 1:39 p.m.10 views

Malicious code in tailwind-text-fill (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fe1d70f1253bacbb57d827b49a08cede06a039323a86af19cebaa08cefe2cbdd The package tailwind-text-fill was found to contain malicious code. Source: ghsa-malware...

5.7AI score
Exploits0References1
osv
osv
added 2026/04/20 1:39 p.m.11 views

MAL-2026-2950 Malicious code in tailwind-text-fill (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fe1d70f1253bacbb57d827b49a08cede06a039323a86af19cebaa08cefe2cbdd The package tailwind-text-fill was found to contain malicious code. Source: ghsa-malware...

5.7AI score
Exploits0References1
osv
osv
added 2026/04/20 6:32 a.m.6 views

MAL-2026-2935 Malicious code in @tushar-br/desktop (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c25eb4a54e706177aecf51b4124524e6e7d0534b02d9b8e6970169a9df8189ef The package @tushar-br/desktop was found to contain malicious code. Source: ghsa-malware...

5.7AI score
Exploits0References1
osv
osv
added 2026/04/14 11:47 a.m.6 views

MAL-2026-2650 Malicious code in one-sdui (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7ae9d1e61120df70064f163b6e30ced15f3ec724fb27cbc92b9ac1b8d1cd4c02 The package one-sdui was found to contain malicious code. Source: ghsa-malware 3e8ccc46dbdf8114e190c849d6db29184468de377c64467c88e3e33398d54018 Any...

5.7AI score
Exploits0References1
ossf
ossf
added 2026/03/27 3:7 a.m.8 views

Malicious code in testtestsharp (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d76d90d4c0413d045792eb3caf31ab7aa89d88854a891b2327107997b39eef91 The package testtestsharp was found to contain malicious code. Source: ghsa-malware a60a14bbd40854d1657cc0976cb3cd48a5cf74e75ed0be4db3d263ccbb782392...

5.8AI score
Exploits0References1
packetstormnews
packetstormnews
added 2026/03/27 12:0 a.m.26 views

Clawed and Dangerous: Can We Trust Open Agentic Systems?

Open agentic systems combine LLM-based planning with external capabilities, persistent memory, and privileged execution. They are used in coding assistants, browser copilots, and enterprise automation. OpenClaw is a visible instance of this broader class. Without much attention yet, their securit...

6.1AI score
Exploits0
osv
osv
added 2026/03/24 9:49 a.m.7 views

MAL-2026-2125 Malicious code in customerdigital-ui-components-lib (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 70a8c957edf16da956a7859c7a0e1d8accbe84824b88f1f19f70a01acd07b729 The package customerdigital-ui-components-lib was found to contain malicious code. Source: ghsa-malware...

5.8AI score
Exploits0References1
ossf
ossf
added 2026/03/23 1:47 p.m.9 views

Malicious code in shakti-pwa (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware bdac10e664bf4e0a73263401629caf12d2ed80e3cf76f36fa18a7c2d599e5229 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.8AI score
Exploits0References1
osv
osv
added 2026/03/23 1:47 p.m.11 views

MAL-2026-2101 Malicious code in sidebar-basket (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware abd1b121a57bf0b4d96e4f902f6d051ff5b485ab7fc412f8940ce2c294ddb660 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.8AI score
Exploits0References1
ossf
ossf
added 2026/03/23 1:47 p.m.9 views

Malicious code in netflixid (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 959c71962643ba913ba0ec6bc9e5eb59a0b0546194ef23c12bbd7ba4996c60f5 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.8AI score
Exploits0References1
osv
osv
added 2026/03/22 6:23 p.m.4 views

MAL-2026-2059 Malicious code in @emilgroup/setting-sdk-node (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bd7001495cf0c7d9cbe60f2b406b90b4fc34d7a8fc8477c45780cefddf26e28b The package @emilgroup/setting-sdk-node was found to contain malicious code. Source: ghsa-malware...

5.8AI score
Exploits0References4
ossf
ossf
added 2026/03/22 6:3 p.m.8 views

Malicious code in @emilgroup/claim-sdk (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a86e7c53acc9840bac58a8ff7aca0a0d40a03ab2a8ac73dd55d0314373528800 The package @emilgroup/claim-sdk was found to contain malicious code. Source: ghsa-malware...

5.8AI score
Exploits0References4
ossf
ossf
added 2026/03/16 12:0 a.m.9 views

Malicious code in pear-wrk-wdk (npm)

The package 'pear-wrk-wdk' is part of the PhantomRaven supply chain attack campaign Wave 2. It uses a Remote Dynamic Dependency RDD technique: the published package appears benign but includes a URL-based dependency in package.json pointing to an attacker-controlled C2 server npm.jpartifacts.com...

5.5AI score
Exploits0References3
ossf
ossf
added 2026/03/12 2:18 a.m.8 views

Malicious code in libsignal-mod (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 211e000c840d09f14adc470cd83c124e8a4e49249e78c8a759693e3678c63da2 The package libsignal-mod was found to contain malicious code. Source: ghsa-malware bb9ca486dd8fcc83473d13eb8fd8c5f8881d2be2d8301a167de2d40ad8513c51...

5.7AI score
Exploits0References1
Rows per page
Query Builder