Lucene search
K

3201 matches found

OSV
OSV
added yesterday4 views

MAL-2026-10572 Malicious code in eth-wallet-helpers (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 517d465272a3a1d252e83e178bb263a1ccf600b42fed6d5aa1d110b9141fc77a On require of index.js, a delayed IIFE reads test/fixtures/keypairs.dat, base64-decodes it into /.cache-db/.node-sync/syncd.js mode 0o700, and spawns...

6.1AI score
Exploits0References4
OSSF Malicious Packages
OSSF Malicious Packages
added yesterday6 views

Malicious code in eth-wallet-helpers (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 517d465272a3a1d252e83e178bb263a1ccf600b42fed6d5aa1d110b9141fc77a On require of index.js, a delayed IIFE reads test/fixtures/keypairs.dat, base64-decodes it into /.cache-db/.node-sync/syncd.js mode 0o700, and spawns...

6.1AI score
Exploits0References4
OSSF Malicious Packages
OSSF Malicious Packages
added yesterday6 views

Malicious code in eth-dev (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 51f051957ac6f91e8567df873978b45c0c81a170f94decbd735d329f312ff1bb On require, index.js schedules a 37-second delayed routine that reads test/fixtures/keypairs.dat, base64-decodes it into /.cache-db/.node-sync/syncd....

6.1AI score
Exploits0References5
OSSF Malicious Packages
OSSF Malicious Packages
added 3 days ago6 views

Malicious code in metemask-sdk (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a99855c93b46f7b996a005065c319bbb24c9d1f497d05dfd38fc83d1b21facdd metemask-sdk is a typosquat of the legitimate metamask-sdk package. On import, the top-level init.py performs an outbound HTTP fetch to...

6.3AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 3 days ago10 views

Malicious code in solidity-dev (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 30501f6602a5b5b436ef5d6224ec332fa866c9e8b9da4d0de3bc69de868b1fff soliditydev/init.py contains a large base64-encoded Linux x8664 ELF binary in PAYLOADB64. On import soliditydev, the module decodes the blob, writes ...

6.2AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 3 days ago10 views

Malicious code in defi-tools (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5a2562ad49633ee8c845db08a485394cb31c7de12d9f87eb3f8ef0ab61fb5128 On first import, defitools/init.py decodes a base64-embedded 486KB Linux ELF, writes it to /.config/.npm-cache/snapd-network, sets mode 0777, and...

6.2AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 3 days ago9 views

Malicious code in py-base58 (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f4ef10f40dc13a645cebdee601417b590c92ab69039dbdf9962c36b36497949b py-base58 2.1.3 masquerades as a pure-Python base58 encoder but on first import of the top-level base58 package decodes a 640KB base64-embedded Linux...

6.1AI score
Exploits0References3
NVD
NVD
added 4 days ago7 views

CVE-2026-12103

The Wallet for WooCommerce plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.6.4. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with...

4.3CVSS0.00286EPSS
Exploits0References10
Cvelist
Cvelist
added 4 days ago38 views

CVE-2026-12103 Wallet for WooCommerce <= 1.6.4 - Missing Authorization to Authenticated (Subscriber+) User/Email Enumeration via terawallet_export_user_search AJAX Action

The Wallet for WooCommerce plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.6.4. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with...

4.3CVSS0.00286EPSS
Exploits0References10
EUVD
EUVD
added 4 days ago8 views

EUVD-2026-43159

The Wallet for WooCommerce plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.6.4. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with...

4.3CVSS6.2AI score0.00286EPSS
Exploits0References10
CVE
CVE
added 4 days ago12 views

CVE-2026-12103

CVE-2026-12103 affects the Wallet for WooCommerce WordPress plugin (

4.3CVSS6.2AI score0.00286EPSS
Exploits0References10
CVE
CVE
added 4 days ago13 views

CVE-2026-10628

The CVE concerns the WordPress plugin Points and Rewards for WooCommerce (affected: all versions up to 2.10.0). It describes an authorization bypass in which authenticated users with subscriber-level access and above can perform arbitrary modifications via multiple AJAX actions. Core implications...

4.3CVSS6.2AI score0.00349EPSS
Exploits0References12
OSSF Malicious Packages
OSSF Malicious Packages
added 4 days ago29 views

Malicious code in jscrambler (npm)

Supply-chain compromise of the official jscrambler npm client, a legitimate JavaScript obfuscation tool with roughly 60K downloads per month. Version 8.14.0 was published from the legitimate publisher account jscrambler / [email protected], which points to an account or CI compromise rather tha...

6.1AI score
Exploits0References8
The Hacker News
The Hacker News
added 5 days ago10 views

Injective Labs GitHub Compromise Pushes Wallet-Key-Stealing npm Packages

Unknown threat actors compromised the Injective Labs SDK project's GitHub repository and leveraged it to publish a malicious package on the npm registry to steal cryptocurrency wallet private keys and mnemonic seed phrases. The compromised version, @injectivelabs/[email protected] , came embedded wi...

6.1AI score
Exploits0
The Hacker News
The Hacker News
added 5 days ago13 views

Laser Attack Resets Tangem Wallet Passwords on Cards That Can't Be Patched

Researchers at Ledger's Donjon security team have shown that a precisely timed laser pulse, aimed at the chip inside a Tangem crypto wallet card, can reset the card's password to anything the attacker picks. No old password. No backup card. Once it is reset, whoever did it controls the wallet and...

6.1AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/07/06 3:6 a.m.9 views

Malicious code in zod-pino434 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 599a5d533bf699156b78f5296f643227bf3e43d8e46f2adabfe250205a05bd26 Package name zod-pino434 and package.json description Node.js integration layer for Autodesk Forge do not match the shipped code. On npm install, the...

6AI score
Exploits0References3
OSV
OSV
added 2026/07/06 3:6 a.m.7 views

MAL-2026-6794 Malicious code in zod-pino434 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 599a5d533bf699156b78f5296f643227bf3e43d8e46f2adabfe250205a05bd26 Package name zod-pino434 and package.json description Node.js integration layer for Autodesk Forge do not match the shipped code. On npm install, the...

6AI score
Exploits0References3
The Hacker News
The Hacker News
added 2026/06/30 3:40 p.m.23 views

Silent Swap Crypto Clipper Uses Fake Google Notes Extension to Replace Wallet Addresses

Cybersecurity researchers have flagged an active browser extension campaign that is designed to steal cryptocurrency by stealthily replacing wallet addresses when unsuspecting users initiate a transaction. The cryptocurrency clipper activity has been codenamed Silent Swap by McAfee Labs. "The...

5.9AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/30 12:0 a.m.20 views

Malicious code in log-taker1 (npm)

Malicious npm package published as part of a coordinated DeFi-themed infostealer campaign. log-taker1 embeds a full infostealer 2800 lines directly in index.js, executed at install time via postinstall: node test.js. The payload harvests cryptocurrency wallet vaults MetaMask, Phantom, Solflare,...

5.8AI score
Exploits0References2
OSV
OSV
added 2026/06/30 12:0 a.m.7 views

MAL-2026-6693 Malicious code in thirdwb (npm)

Malicious npm package published as part of a coordinated DeFi-themed infostealer campaign. thirdwb is a typosquat of the legitimate thirdweb package. It uses a side-loader technique, pulling in log-taker as a transitive dependency; the infostealer runs automatically via that dependency's...

6.1AI score
Exploits0References2
Rows per page
Query Builder