Lucene search
+L

512 matches found

osv
osv
added 2 days ago4 views

MAL-2026-10540 Malicious code in postcss-processor-utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b0253c4f750443ba47f0ab61347fa85a1659b847190a85757575e904966636da On require, src/index.js loads src/token-loader.js, which reads data/design-tokens.json, XOR-decodes the base64 blobs under encrypted.chunks using a...

6.1AI score
Exploits0References5
metasploit
metasploit
added 6 days ago16 views

XOR Encoder with Cipher Feedback

Dword XOR encoder with cipher feedback for RISC-V 64-bit Little Endian. Each dword is XORed with the previous encoded dword rather than a static key, creating a chained dependency that makes the output more resistant to frequency analysis. The first dword is XORed with the key to bootstrap the...

6.1AI score
Exploits0
metasploit
metasploit
added 6 days ago13 views

XOR Encoder

Dword XOR encoder for RISC-V 32-bit Little Endian. Encodes the payload with a 4-byte XOR key. Module Options msf use encoder/riscv32le/longxor msf encoderlongxor show actions ...actions... msf encoderlongxor set ACTION msf encoderlongxor show options ...show and set options... msf encoderlongxor...

6.1AI score
Exploits0
metasploit
metasploit
added 6 days ago13 views

XOR Encoder with Cipher Feedback

Dword XOR encoder with cipher feedback for RISC-V 32-bit Little Endian. Each dword is XORed with the previous encoded dword rather than a static key, creating a chained dependency that makes the output more resistant to frequency analysis. The first dword is XORed with the key to bootstrap the...

6.1AI score
Exploits0
metasploit
metasploit
added 6 days ago14 views

Byte XORi Encoder

Byte XOR encoder for RISC-V 32-bit Little Endian. Encodes the payload byte-by-byte with a 1-byte XOR key using the xori instruction. Useful when R-type XOR instruction bytes 0x33 are bad characters. Module Options msf use encoder/riscv32le/bytexori msf encoderbytexori show actions ...actions... m...

6.1AI score
Exploits0
metasploit
metasploit
added 6 days ago14 views

Byte XORi Encoder

Byte XOR encoder for RISC-V 64-bit Little Endian. Encodes the payload byte-by-byte with a 1-byte XOR key using the xori instruction. Useful when R-type XOR instruction bytes 0x33 are bad characters. Module Options msf use encoder/riscv64le/bytexori msf encoderbytexori show actions ...actions... m...

6.1AI score
Exploits0
metasploit
metasploit
added 6 days ago54 views

XOR Encoder

Dword XOR encoder for RISC-V 64-bit Little Endian. Encodes the payload with a 4-byte XOR key. Module Options msf use encoder/riscv64le/longxor msf encoderlongxor show actions ...actions... msf encoderlongxor set ACTION msf encoderlongxor show options ...show and set options... msf encoderlongxor...

6.1AI score
Exploits0
cve
cve
added 6 days ago15 views

CVE-2026-53450

The CVE-2026-53450 entry affects Coturn (TURN/STUN server). A defect in prior releases (

7.4CVSS6.1AI score0.00287EPSS
Exploits0References2
osv
osv
added 6 days ago2 views

CVE-2026-53450 Coturn: IPv4-mapped 127.0.0.1 bypasses default loopback peer protection

Coturn is a free open source implementation of TURN and STUN Server. Prior to 4.13.0, coturn rejects loopback peers by default unless allow-loopback-peers is enabled, but the default loopback guard can be bypassed by using the IPv4-mapped IPv6 peer address ::ffff:127.0.0.1 in a TURN...

7.4CVSS6.1AI score0.00287EPSS
Exploits0References4
snyk
snyk
added 2026/07/04 9:0 p.m.6 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code and was identified as part of the PolinRider supply chain campaign, linked to North Korean threat actors associated with the Contagious Interview/Famous Chollima activity...

9.8CVSS6AI score
Exploits0References2
snyk
snyk
added 2026/07/04 9:0 p.m.5 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code and was identified as part of the PolinRider supply chain campaign, linked to North Korean threat actors associated with the Contagious Interview/Famous Chollima activity...

9.8CVSS6AI score
Exploits0References2
ossf
ossf
added 2026/07/02 12:0 a.m.5 views

Malicious code in @marketfront/blenderdevtool (npm)

The @marketfront/blenderdevtool package is part of a 25-package malicious campaign batch-published to the @marketfront npm scope by npm user 'marketfront' [email protected] within a roughly 3-minute window on 2026-07-01. All packages in the campaign were published at version 7.0.0 and use...

6AI score
Exploits0References2
osv
osv
added 2026/07/02 12:0 a.m.6 views

MAL-2026-6772 Malicious code in @marketfront/customdealsfeed (npm)

The @marketfront/customdealsfeed package is part of a 25-package malicious campaign batch-published to the @marketfront npm scope by npm user 'marketfront' [email protected] within a roughly 3-minute window on 2026-07-01. All packages in the campaign were published at version 7.0.0 and use...

6.2AI score
Exploits0References2
osv
osv
added 2026/07/02 12:0 a.m.7 views

MAL-2026-6786 Malicious code in @marketfront/mychatspreloader (npm)

The @marketfront/mychatspreloader package is part of a 25-package malicious campaign batch-published to the @marketfront npm scope by npm user 'marketfront' [email protected] within a roughly 3-minute window on 2026-07-01. All packages in the campaign were published at version 7.0.0 and us...

6.2AI score
Exploits0References2
ossf
ossf
added 2026/07/02 12:0 a.m.11 views

Malicious code in @marketfront/dynamicpageparams (npm)

The @marketfront/dynamicpageparams package is part of a 25-package malicious campaign batch-published to the @marketfront npm scope by npm user 'marketfront' [email protected] within a roughly 3-minute window on 2026-07-01. All packages in the campaign were published at version 7.0.0 and u...

6.1AI score
Exploits0References2
osv
osv
added 2026/07/02 12:0 a.m.7 views

MAL-2026-6765 Malicious code in @marketfront/bannerpopup (npm)

The @marketfront/bannerpopup package is part of a 25-package malicious campaign batch-published to the @marketfront npm scope by npm user 'marketfront' [email protected] within a roughly 3-minute window on 2026-07-01. All packages in the campaign were published at version 7.0.0 and use...

6.1AI score
Exploits0References2
osv
osv
added 2026/07/02 12:0 a.m.4 views

MAL-2026-6785 Malicious code in @marketfront/madvpopup (npm)

The @marketfront/madvpopup package is part of a 25-package malicious campaign batch-published to the @marketfront npm scope by npm user 'marketfront' [email protected] within a roughly 3-minute window on 2026-07-01. All packages in the campaign were published at version 7.0.0 and use...

6.2AI score
Exploits0References2
ossf
ossf
added 2026/06/23 9:53 p.m.9 views

Malicious code in theme-color-picker (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f7a4ba7e8664b9e1d99c4018963a4731d591653d7f2a9b879ba090e7a7f6e7bd Although the package presents itself as a 'theme color picker', package.json identifies the publisher as analysis-chart.io with repository...

5.9AI score
Exploits0References4
osv
osv
added 2026/06/23 3:25 p.m.9 views

MAL-2026-6299 Malicious code in analysis-chart (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a1ab4349bcc1e8f4434817d242b136f6e6050d4acb234aa833d81ffd74942066 The package's postinstall hook install-hook.js, invoked via package.json scripts.postinstall fetches an opaque binary 'payload.bin' from...

6AI score
Exploits0References22
ossf
ossf
added 2026/06/17 4:26 a.m.10 views

Malicious code in gpu-accelerator (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ab0d6b253674f5eef505fbffb76003d2071569fd9d8abdf8993197738bb27759 The package advertises itself as a PostCSS plugin for CSS hardware-acceleration hints, but its only legitimate behavior is a 3-line walkDecls that ad...

6.2AI score
Exploits0References7
Rows per page
Query Builder