Lucene search
K

125 matches found

OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/26 12:22 a.m.9 views

Malicious code in hexo-deployer-wrangler (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ebc95a6a1ae1e522feabf03446f9791372191e27ca9da454717559b6cc6948eb The package ships a binding.gyp file line 6 containing GYP command-expansion syntax !... inside the targets/sources fields. npm implicitly runs...

6.4AI score
Exploits0References2
OSV
OSV
added 2026/06/26 12:22 a.m.3 views

MAL-2026-6491 Malicious code in hexo-deployer-wrangler (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ebc95a6a1ae1e522feabf03446f9791372191e27ca9da454717559b6cc6948eb The package ships a binding.gyp file line 6 containing GYP command-expansion syntax !... inside the targets/sources fields. npm implicitly runs...

6.4AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/05 12:53 a.m.16 views

Malicious code in wrangler-deploy (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0d2085fa4916157b99799df085aa11e3d29bdb9a47f5798c85375b1bfdf8bd7e Package name wrangler-deploy is close to Cloudflare's official wrangler CLI, which raises confusion-risk concerns for developers who may install it...

6AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/05 12:53 a.m.27 views

Malicious code in create-wrangler-deploy (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c3bd71e3d5a93887188f34c9434d24b09d1108a2471ab437d6e78ae216162b05 The package was found to contain malicious code or consuming dependency that contains malicious code Source: google-open-source-security...

6.1AI score
Exploits0References3
Snyk
Snyk
added 2026/06/02 9:0 p.m.10 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code containing a malicious binding.gyp file that drops and runs a self-propagating cloud secret stealer. The malicious code attempts to exfiltrate AWS, GCP, Azure, Vault, and Kubernetes credentials, as well as npm an...

9.8CVSS5.6AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/07 12:0 a.m.22 views

Malicious code in camelotlabs-sdk (npm)

Five packages camelotlabs-sdk, camelotlabs-core, camelotlabs-config, camelotlabs-worker, and camelotlabs-utils were published to the public npm registry at version 99.0.0 by the actor madman0619 as a dependency confusion attack targeting the internal npm packages of Camelot Labs. The inflated...

5.9AI score
Exploits0
OSV
OSV
added 2026/05/07 12:0 a.m.9 views

MAL-2026-3644 Malicious code in camelotlabs-worker (npm)

Five packages camelotlabs-sdk, camelotlabs-core, camelotlabs-config, camelotlabs-worker, and camelotlabs-utils were published to the public npm registry at version 99.0.0 by the actor madman0619 as a dependency confusion attack targeting the internal npm packages of Camelot Labs. The inflated...

5.9AI score
Exploits0
RedhatCVE
RedhatCVE
added 2026/03/26 5:3 p.m.3 views

CVE-2026-25447

Improper Control of Generation of Code 'Code Injection' vulnerability in Jonathan Daggerhart Widget Wrangler widget-wrangler allows Code Injection.This issue affects Widget Wrangler: from n/a through = 2.3.9...

9.1CVSS5.8AI score0.00314EPSS
Exploits0References1
EUVD
EUVD
added 2026/03/25 6:31 p.m.5 views

EUVD-2026-15728

Improper Control of Generation of Code 'Code Injection' vulnerability in Jonathan Daggerhart Widget Wrangler widget-wrangler allows Code Injection.This issue affects Widget Wrangler: from n/a through = 2.3.9...

9.1CVSS5.8AI score0.00314EPSS
Exploits0References2
NVD
NVD
added 2026/03/25 5:16 p.m.12 views

CVE-2026-25447

Improper Control of Generation of Code 'Code Injection' vulnerability in Jonathan Daggerhart Widget Wrangler widget-wrangler allows Code Injection.This issue affects Widget Wrangler: from n/a through = 2.3.9...

9.1CVSS0.00314EPSS
Exploits0References1
CVE
CVE
added 2026/03/25 4:14 p.m.11 views

CVE-2026-25447

CVE-2026-25447 describes an Unauthenticated remote code execution vector in the WordPress plugin Widget Wrangler (

9.1CVSS5.8AI score0.00314EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/03/25 4:14 p.m.28 views

CVE-2026-25447 WordPress Widget Wrangler plugin <= 2.3.9 - Remote Code Execution (RCE) vulnerability

Improper Control of Generation of Code 'Code Injection' vulnerability in Jonathan Daggerhart Widget Wrangler widget-wrangler allows Code Injection.This issue affects Widget Wrangler: from n/a through = 2.3.9...

9.1CVSS0.00314EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/03/25 4:14 p.m.1 views

CVE-2026-25447 WordPress Widget Wrangler plugin <= 2.3.9 - Remote Code Execution (RCE) vulnerability

Improper Control of Generation of Code 'Code Injection' vulnerability in Jonathan Daggerhart Widget Wrangler widget-wrangler allows Code Injection.This issue affects Widget Wrangler: from n/a through = 2.3.9...

9.1CVSS5.8AI score0.00314EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/03/25 12:0 a.m.17 views

PT-2026-27948

Name of the Vulnerable Software and Affected Versions Widget Wrangler versions prior to 2.3.9 Description A code injection issue exists in Jonathan Daggerhart Widget Wrangler. The issue involves improper control of code generation. This allows for code injection. Recommendations Update Widget...

9.1CVSS5.9AI score0.00314EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/03/25 12:0 a.m.6 views

WordPress plugin Widget Wrangler 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...

9.1CVSS5.9AI score0.00314EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/03/18 8:16 a.m.9 views

WordPress Widget Wrangler plugin <= 2.3.9 - Remote Code Execution (RCE) vulnerability

Remote Code Execution RCE vulnerability discovered by NumeX in WordPress Plugin Widget Wrangler versions = 2.3.9...

9.1CVSS5.9AI score0.00314EPSS
Exploits0Affected Software1
RedhatCVE
RedhatCVE
added 2026/01/22 12:20 a.m.12 views

CVE-2026-0933

SummaryA command injection vulnerability CWE-78 has been found to exist in the wrangler pages deploy command. The issue occurs because the --commit-hash parameter is passed directly to a shell command without proper validation or sanitization, allowing an attacker with control of --commit-hash to...

9.9CVSS6.1AI score0.01393EPSS
Exploits0References1
vulnersOsv
vulnersOsv
added 2026/01/21 11:0 p.m.7 views

@abuiles/vite-plugin (>=1.8.0 <=1.10.0), @anyauth/design-system (>=0.5.0 <=0.5.1) +18 more potentially affected by CVE-2026-0933 via wrangler (>=4.0.0 <=4.59.0)

wrangler NPM version =4.0.0, =1.8.0, =0.5.0, =12.6.6, =0.1.11, =0.8.0, =0.2.0, =0.0.0, =0.0.0-snapshot-0ac76b86f5045e62447317d6844f3c9c364df5e8, =1.0.6, =0.16.0, =0.37.0, =0.37.0, =0.1.0, =0.2.9 and more Source cves: CVE-2026-0933 Source advisory: OSV:GHSA-36P8-MVP6-CV38...

9.9CVSS5.7AI score0.01393EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2026/01/21 11:0 p.m.8 views

@astrojs/cloudflare (=0.4.0), @cfpreview/pages-e2e-test-runner-cli (>=0.0.1 <=0.0.8) +20 more potentially affected by CVE-2026-0933 via wrangler (>=2.0.23 <=3.114.1)

wrangler NPM version =2.0.23, =0.0.1, =1.0.387, =0.5.41, =2.1.0, =0.0.0-next-20230221055802, =1.0.0, =0.0.3, =0.0.47, =1.0.0, =1.0.0, =0.1.1, =0.1.106 and more Source cves: CVE-2026-0933 Source advisory: OSV:GHSA-36P8-MVP6-CV38...

9.9CVSS5.8AI score0.01393EPSS
Exploits0
Github Security Blog
Github Security Blog
added 2026/01/21 11:0 p.m.12 views

Wrangler affected by OS Command Injection in `wrangler pages deploy`

Summary A command injection vulnerability CWE-78 has been found to exist in the wrangler pages deploy command. The issue occurs because the --commit-hash parameter is passed directly to a shell command without proper validation or sanitization, allowing an attacker with control of --commit-hash t...

9.9CVSS6.1AI score0.01393EPSS
Exploits0References6Affected Software1
Rows per page
Query Builder