Lucene search
+L

7 matches found

attackerkb
attackerkb
added 2026/07/01 11:28 a.m.6 views

CVE-2026-13323

In Open VSX Registry before 1.0.2, the /vscode/unpkg/ endpoint serves user-supplied HTML files with Content-Type: text/html and without a Content-Security-Policy or Content-Disposition: attachment response header. An unauthenticated attacker can register a publisher account, upload a VSIX...

4.1CVSS5.8AI score0.0019EPSS
Exploits1References3Affected Software1
osv
osv
added 2026/07/01 11:28 a.m.3 views

CVE-2026-13323

In Open VSX Registry before 1.0.2, the /vscode/unpkg/ endpoint serves user-supplied HTML files with Content-Type: text/html and without a Content-Security-Policy or Content-Disposition: attachment response header. An unauthenticated attacker can register a publisher account, upload a VSIX...

4.1CVSS6AI score0.0019EPSS
Exploits1References4
osv
osv
added 2026/06/16 7:27 p.m.8 views

MAL-2026-5918 Malicious code in nottuff7 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 15a5e98054661d6eea29d8120457ffc7e00d7b516223a5fa6ec91355e9434652 The tarball ships auto-publish.sh, a script that republishes the same payload under 100 distinct npm names ishowfeet1-ishowfeet20, nottuff1-nottuff30...

6.2AI score
Exploits0References4
ossf
ossf
added 2026/05/20 8:9 p.m.12 views

Malicious code in @link-assistant/hive-mind (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7dfeaad3a9eda8f440dabe165d4ff6ba593c9858b9752d9bded19b05b292072a The package fetches https://unpkg.com/use-m/use.js — an unpinned URL that resolves to the latest published version of the third-party use-m package —...

5.9AI score
Exploits0References6
thn
thn
added 2025/10/10 10:45 a.m.6 views

175 Malicious npm Packages with 26,000 Downloads Used in Credential Phishing Campaign

Cybersecurity researchers have flagged a new set of 175 malicious packages on the npm registry that have been used to facilitate credential harvesting attacks as part of an unusual campaign. The packages have been collectively downloaded 26,000 times, acting as an infrastructure for a widespread...

7AI score
Exploits0
osv
osv
added 2022/06/20 8:21 p.m.7 views

MAL-2022-696 Malicious code in @unpkg-semver/pedops-logger (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware e7b5459fd755d4527552fb55fb90015ab04eee1a1afd2678656b04c0ea32ec19 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI score
Exploits0References1
osv
osv
added 2022/06/20 8:21 p.m.12 views

MAL-2022-697 Malicious code in @unpkg-semver/wix-recorder (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 910f14b4935796b6ad35693ca2a4f0c5d3c04eefe4ebd6da1e7b75cfc03fb1fe Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI score
Exploits0References1
Rows per page
Query Builder