CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

OSSF Malicious Packages•added 4 days ago•6 views

Malicious code in @klapp-sca/routes (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 495f510483f297a56d545e8555db20eb54569f904bfd71853e54a18d89812cb0 package.json declares "preinstall": "node index.js || true", so on every npm install the bundled index.js runs automatically and collects os.hostname...

5.5AI score

OSV•added 4 days ago•4 views

MAL-2026-5414 Malicious code in @klapp-login-platform/oidc (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6c2b86b9675d4d22e101f4f10f521cc36069ecebd1680d4c3ecfa0c04e8169da On npm install, the package executes node index.js via its preinstall hook. index.js collects the installer's hostname os.hostname, username...

5.5AI score

OSV•added 2026/05/19 6:45 p.m.•3 views

MAL-2026-4655 Malicious code in qr-code-styling-temp (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 004a5cc51cc0e38448c56189fb4437ad113eec163f7ae1a7692b88d6aed71182 The package's install lifecycle script node index.js and its main entry both load lib/core.js, which reads os.userInfo.username, os.hostname, and the...

5.8AI score

GithubExploit•added 2025/08/25 3:7 a.m.•184 views

Exploit for Unprotected Alternate Channel in Crushftp

CVE-2025-54309 A CrushFTP Authentication Bypass Proof of Conce...

9.8CVSS7.2AI score0.768EPSS

Exploits7

OSV•added 2025/06/07 4:33 p.m.•5 views

MAL-2025-191884 Malicious code in tableausdk (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 2facdadd713d6c1751cf3c2ca1e5e76f1cb367c5d30c3f06fe73808c6a08fca3 While described as telemetry, importing the package attempts to send out some basic info as well as quite sensitive environmental variables. --- Category:...

7AI score

OSV•added 2025/03/24 5:43 p.m.•3 views

MAL-2025-191836 Malicious code in pyrovider (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 a346a7f634bedd557ab051ccf33b892a2b6420a97c426a877476b7a66b1acf55 On importing the module, package exfiltrates basic data like username. It's obfuscated with a lot of meaningless text and has no other purpose --- Category:...

OSSF Malicious Packages•added 2024/11/06 6:46 p.m.•3 views

Malicious code in byte-flux-3822a6dd00d6414daba3ae0de3930a5a (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 cec00e10a19e19684fc4887fa09aa1025aafc00f1121baacdf55f0c3b2ba9aec A campaign of probably pentest packages flooding PYPI. Installing the package or importing the module triggers reporting basic info like hostname, path and the...

OSSF Malicious Packages•added 2024/11/06 6:46 p.m.•3 views

Malicious code in byted-flux (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 a8424c4934716d4a7390731613807c89bca1d0f11a56e3062dacef247d859e80 A campaign of probably pentest packages flooding PYPI. Installing the package or importing the module triggers reporting basic info like hostname, path and the...

OSSF Malicious Packages•added 2024/11/06 6:46 p.m.•4 views

Malicious code in bytedsp (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 66e4cc5b96bf24d76cba76d3ffd653ae5eddc1926ddd0406c372d62a62cc7052 A campaign of probably pentest packages flooding PYPI. Installing the package or importing the module triggers reporting basic info like hostname, path and the...

OSSF Malicious Packages•added 2024/11/06 6:46 p.m.•5 views

Malicious code in byteff (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 a56aa5a63bf5b3ed081b62351f3aedb42fd6c2e834ab240922247add79aee664 A campaign of probably pentest packages flooding PYPI. Installing the package or importing the module triggers reporting basic info like hostname, path and the...

OSSF Malicious Packages•added 2024/11/06 7:57 a.m.•4 views

Malicious code in bytekafka0-0-15 (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 0f3f2cbd161379b1f474af51611780606cf694273c13d7f0db7bb3869f03de02 A campaign of probably pentest packages flooding PYPI. Installing the package or importing the module triggers reporting basic info like hostname, path and the...

OSSF Malicious Packages•added 2024/11/05 9:1 a.m.•3 views

Malicious code in bytesip (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 e2991197ed35fecd1cd6b875cde845773ed34ed5c51f1392f237ad8c9d6cb37e A campaign of probably pentest packages flooding PYPI. Installing the package or importing the module triggers reporting basic info like hostname, path and the...

OSSF Malicious Packages•added 2024/11/05 8:15 a.m.•3 views

Malicious code in bytekafka (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 32c6550914bf83f03b46acf778161efaee327dd537aa2ce0b6fbc53584c854f4 A campaign of probably pentest packages flooding PYPI. Installing the package or importing the module triggers reporting basic info like hostname, path and the...

OSV•added 2024/08/22 10:25 p.m.•2 views

MAL-2024-12366 Malicious code in ttat-api (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 171a49cab7c7b9f2c358c0e14882706dcd80cde089799698400155ee26240e80 Collects basic information about the system, most probably a pentest or bug bounty. --- Category: PROBABLYPENTEST - Packages looking like typical pentest...

6.8AI score

OSSF Malicious Packages•added 2024/07/21 5:46 p.m.•4 views

Malicious code in hexteamibm (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 7e39a6455fe7cac6fa055a3c30ea55393ca098996f1497564f4aefb6f907805a --- Category: PROBABLYPENTEST - Packages looking like typical pentest packages, but also anything that looks like testing, exploring pre-prepared kits, researc...