VDB

GCVE-110-OSM-2026-1815

GCVE-110-OSM-2026-1815
Advisory PublishedCVSS 9.6/10
Vulnetix · Advisory published April 11, 2026
Malicious code embedded in repository, this code is capable of communicating with attacker controlled C2 and delivering malware on user's device. The payload embedded in the code uses base64 encoded JavaScript when decoded uses APTOS and Tron blockchain addresses as C2. These addresses match with PolinRider campaign reported by OSM.

Weaknesses (CWE)

CWE-506Embedded Malicious Code

Risk Scores

CVSS 3.1
9.6/10
Critical · CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

Affected Products

VendorProductVersionsPlatforms
unknownall (affected)

References

Browse GCVE Records

72,337 records in the GCVE database · Updated July 14, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›