CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

OSV•added 2026/06/15 9:52 p.m.•4 views

MAL-2026-5841 Malicious code in twrap-toolkit (PyPI)

6.6AI score

OSV•added 2026/06/15 5:23 p.m.•7 views

MAL-2026-5804 Malicious code in flow-lending-sdk (npm)

Continuation of the flow/surf-lending DeFi cred-exfil campaign c1655. Sentinel-9.9.9 depconf squat; preinstall node index.js || true exfils env secrets mnemonic/private-key/blockfrost to raw C2 2.25.140.71:8443/surflending/npm-confusion same C2. Companions bodega-sdk/flowdefi verified identical...

5.6AI score

Exploits0References3

OSSF Malicious Packages•added 2026/06/15 5:23 p.m.•12 views

Malicious code in surf-lending (npm)

Sibling of [email protected] campaign C2 path /surflending/. Sentinel-9.9.9 dep-confusion squat; preinstall node index.js || true exfils env secrets mnemonic/key/token/blockfrost to raw C2 2.25.140.71:8443/surflending/npm-confusion. c913 + c252. --- -= Per source details. Do not edit below this...

5.4AI score

Exploits0References3

Malwarebytes•added 2026/06/12 9:27 a.m.•13 views

Fake verification pages are stealing Steam accounts from players

Online gamers should watch out for a convincing scam that aims to steal your Steam account. The scam uses fake FACEIT verification pages that look legitimate, complete with official branding, working links, and what appears to be a real Steam login window. By the time it asks for your password,...

OSSF Malicious Packages•added 2026/06/11 4:44 a.m.•9 views

Exploits0

Malicious code in solana-rpc-pool (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 59e128b9efb48222aac63385175a13c182fc4f832f83576eb80f7777f255048c On npm install, the package's postinstall hook runs install.js which performs four independent attacker-benefit actions. 1 Credential theft: it reads...

OSV•added 2026/06/11 4:44 a.m.•10 views

MAL-2026-5573 Malicious code in solana-rpc-pool (npm)

OSSF Malicious Packages•added 2026/06/10 6:41 p.m.•12 views

Malicious code in websocket-slot (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c15c40b8371646f167ffa7d5a2ba2c8d0fd454ef7054eeb41807a1a3eda8e7a6 On npm install, this package runs node test.js via scripts.postinstall, which executes the logic in index.js. The postinstall behavior performs three...

OSSF Malicious Packages•added 2026/06/10 6:34 p.m.•11 views

Malicious code in v018-axios-cdntest (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 67d30d2c9939173663f8ba1312b2591d2f86c67657bd5eeff59b19187f50b901 Package impersonates axios v0.18.0 index.js carries the genuine axios v0.18.0 | c 2018 by Matt Zabriskie header and sets window.axios=,...

5.4AI score

Exploits0References4

OSSF Malicious Packages•added 2026/06/10 6:9 p.m.•10 views

Malicious code in events-runtime (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector aac4806dc5c887c91db1f2570abcae5b98d62dfae36bea2ddb9e2449efd62eca Package name and description impersonate the popular events package Node's event emitter for all engines. The vendored events.js adds an undocumented...

OSV•added 2026/06/10 6:9 p.m.•8 views

Exploits0References6

MAL-2026-5528 Malicious code in events-runtime (npm)

OSSF Malicious Packages•added 2026/06/10 11:40 a.m.•9 views

Exploits0References6

Malicious code in coinbase-wallet-utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 1ab9b05ffef17005997a718b420c7842eaa66c9e8b6586f8f62ccaeeb3d35a4b Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Snyk•added 2026/06/10 11:40 a.m.•10 views

Malicious Package

Overview coinbase-wallet-utils is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.4AI score

OSV•added 2026/06/10 11:40 a.m.•10 views

MAL-2026-5499 Malicious code in coinbase-wallet-utils (npm)

OSSF Malicious Packages•added 2026/06/09 5:44 p.m.•12 views

Malicious code in exodus-wallet-core (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 53bf93b626689e980ef2e9c4ba33fd95e81d6a04c665f85908c8cf07b8b36e14 Package name impersonates the Exodus cryptocurrency wallet brand. package.json declares "postinstall": "node src/canary.js", and src/canary.js perfor...

6.1AI score

OSV•added 2026/06/09 5:44 p.m.•5 views

MAL-2026-5443 Malicious code in exodus-wallet-core (npm)

6.1AI score

OSSF Malicious Packages•added 2026/06/09 5:44 p.m.•13 views

Malicious code in exodus-ethereum-sdk (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b4e52a42f8980da0a9df361ef772ca31bbdaec85eb3fc7a73dbcfc8b5ca6894a Package name impersonates the Exodus cryptocurrency wallet brand and ships no real functionality src/index.js exports an empty object; package.json...

OSV•added 2026/06/09 5:44 p.m.•6 views

MAL-2026-5440 Malicious code in exodus-ethereum-sdk (npm)

OSV•added 2026/06/09 7:55 a.m.•8 views

MAL-2026-5357 Malicious code in farming-tools-12 (npm)

Crypto/SSH/wallet stealer, blockchain-helper-0 campaign sibling c960+, same aicrypto-xzggg publisher and "Core utilities for blockchain development" description as swap-sdk-87/defi-tools-39. postinstall auto-execs, src/index.js harvests /.ssh keys + Sol/Eth/BTC/Tron/Sui/Aptos wallets + .env +...

OSV•added 2026/06/09 7:55 a.m.•8 views

MAL-2026-5354 Malicious code in defi-tools-39 (npm)

Crypto/SSH/wallet stealer, blockchain-helper-0 campaign sibling c960+, byte-identical to swap-sdk-87. postinstall auto-execs, src/index.js harvests /.ssh keys + Sol/Eth/BTC/Tron/Sui/Aptos wallets + .env + seeds, self-labels "CRYPTO STEALER", exfils to SAME Telegram bot 8227918239 chat 6433587894...

5.6AI score