{"vulnerability": "CVE-2018-1000", "sightings": [{"uuid": "f6acac14-0323-45ad-9c73-d24fc0b55854", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-1000861", "type": "seen", "source": "MISP/5ccf3134-ea64-43c1-a356-f9f3950d210f", "content": "", "creation_timestamp": "2019-05-13T08:12:02.000000Z"}, {"uuid": "405269f3-8655-49ac-a603-087d492e3eb1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-1000861", "type": "seen", "source": "MISP/5d8090e3-60f4-466c-95fb-25640a3b4631", "content": "", "creation_timestamp": "2019-09-17T07:57:53.000000Z"}, {"uuid": "62b3af15-44ae-48df-a4b9-65f13dd7cbc0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-1000861", "type": "seen", "source": "MISP/5dad8c03-98b4-405a-a52d-30090a3b4631", "content": "", "creation_timestamp": "2019-10-21T10:44:41.000000Z"}, {"uuid": "9350a064-aa3a-4cbe-a9a8-ccde2b1e47b6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-1000861", "type": "seen", "source": "MISP/d242633d-9d52-4527-ac05-95ce6550cfae", "content": "", "creation_timestamp": "2020-10-09T14:44:05.000000Z"}, {"uuid": "f635d0c4-3695-4afa-828b-f31630377db4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-1000861", "type": "seen", "source": "MISP/b60ecd6e-648d-4bc4-a6ad-3527a2216be1", "content": "", "creation_timestamp": "2020-10-09T13:26:55.000000Z"}, {"uuid": "9acc743d-98b1-4955-bb6c-9a8dd25c42f1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-1000861", "type": "seen", "source": "MISP/b909d469-014d-4c2b-a989-4618f5a3a92b", "content": "", "creation_timestamp": "2020-10-16T03:00:22.000000Z"}, {"uuid": "9aa19fd9-5c1c-4728-b6f1-62317ca114ed", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-1000861", "type": "seen", "source": "MISP/e6fe42d5-2d65-4430-a1f1-dc057b94d89e", "content": "", "creation_timestamp": "2020-10-09T13:23:54.000000Z"}, {"uuid": "23d94d1e-040a-4bf9-a7b4-b34ef761cac0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-1000861", "type": "seen", "source": "MISP/3897e904-72b7-4620-b536-ae0a0a8546b1", "content": "", "creation_timestamp": "2020-10-09T14:34:07.000000Z"}, {"uuid": "810579b7-4392-43fa-af57-e11ef7666760", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-1000861", "type": "seen", "source": "MISP/e1d58ad8-7800-491b-a63b-a03d081914d4", "content": "", "creation_timestamp": "2020-06-25T12:24:13.000000Z"}, {"uuid": "4cb1b3d8-c933-4afa-85bb-1bf77bc843fa", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-1000861", "type": "seen", "source": "MISP/3c19819c-1dac-4ef2-bfed-be5efa7e0123", "content": "", "creation_timestamp": "2023-06-14T21:10:03.000000Z"}, {"uuid": "62a81567-ffa4-4d80-bc6f-8fd13cd410c6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-1000049", "type": "exploited", "source": "https://www.exploit-db.com/exploits/44638", "content": "", "creation_timestamp": "2018-05-17T00:00:00.000000Z"}, {"uuid": "35f733e9-b81a-44fd-9755-e9487f05dd81", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-1000094", "type": "exploited", "source": "https://www.exploit-db.com/exploits/44976", "content": "", "creation_timestamp": "2018-07-04T00:00:00.000000Z"}, {"uuid": "c4e01ec3-862b-4e08-9027-922befe6f76a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-1000001", "type": "exploited", "source": "https://www.exploit-db.com/exploits/44889", "content": "", "creation_timestamp": "2018-06-13T00:00:00.000000Z"}, {"uuid": "15dfb481-b306-424c-85a2-bb1e1f0a5ef3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-1000049", "type": "exploited", "source": "https://www.exploit-db.com/exploits/45044", "content": "", "creation_timestamp": "2018-07-17T00:00:00.000000Z"}, {"uuid": "201b81e7-ad38-41fa-8918-a26f4d681b03", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-1000006", "type": "exploited", "source": "https://www.exploit-db.com/exploits/44357", "content": "", "creation_timestamp": "2018-03-29T00:00:00.000000Z"}, {"uuid": "e4148b95-20c8-4423-beef-1fc4e37465f2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-1000001", "type": "exploited", "source": "https://www.exploit-db.com/exploits/43775", "content": "", "creation_timestamp": "2018-01-16T00:00:00.000000Z"}, {"uuid": "ebeedfaa-47aa-4c6b-a924-f46c38d5ceb9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-1000861", "type": "seen", "source": "https://feedsin.space/feed/CISAKevBot/items/2971249", "content": "", "creation_timestamp": "2024-12-24T20:26:29.774301Z"}, {"uuid": "06ecd8a7-6219-48f1-8690-11065f45e477", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-1000130", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2025-01-30)", "content": "", "creation_timestamp": "2025-01-30T00:00:00.000000Z"}, {"uuid": "555f0c19-2a78-478a-8f00-ea54285faade", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-100009", "type": "seen", "source": "MISP/a1e796df-2ad8-4c8d-8b69-737a004e72dd", "content": "", "creation_timestamp": "2025-02-06T03:13:43.000000Z"}, {"uuid": "70012ef8-ee8d-4d3d-9d6b-d4607e9d88e8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-100000", "type": "seen", "source": "MISP/a1e796df-2ad8-4c8d-8b69-737a004e72dd", "content": "", "creation_timestamp": "2025-02-06T03:13:43.000000Z"}, {"uuid": "739a0a3c-0d6f-446c-b191-f00fd6457f1d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-100011", "type": "seen", "source": "MISP/a1e796df-2ad8-4c8d-8b69-737a004e72dd", "content": "", "creation_timestamp": "2025-02-06T03:13:43.000000Z"}, {"uuid": "6395d6f7-2667-4329-b766-70c12c8849d4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-100004", "type": "seen", "source": "MISP/a1e796df-2ad8-4c8d-8b69-737a004e72dd", "content": "", "creation_timestamp": "2025-02-06T03:13:43.000000Z"}, {"uuid": "4040afe8-4c78-4d56-806b-fd5bfaa5dc92", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-100040", "type": "seen", "source": "MISP/a1e796df-2ad8-4c8d-8b69-737a004e72dd", "content": "", "creation_timestamp": "2025-02-06T03:13:43.000000Z"}, {"uuid": "d261ec9a-d74d-4b77-96d1-b1c52adf0d76", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-100053", "type": "seen", "source": "MISP/a1e796df-2ad8-4c8d-8b69-737a004e72dd", "content": "", "creation_timestamp": "2025-02-06T03:13:43.000000Z"}, {"uuid": "908aa9c8-ea82-4ce8-91b8-9bd58f1913b2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-100086", "type": "seen", "source": "MISP/a1e796df-2ad8-4c8d-8b69-737a004e72dd", "content": "", "creation_timestamp": "2025-02-06T03:13:43.000000Z"}, {"uuid": "542ba332-7c77-4d6c-ab86-b2089bc6e143", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-1000130", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2024-12-29)", "content": "", "creation_timestamp": "2024-12-29T00:00:00.000000Z"}, {"uuid": "09a66858-5ea4-498c-9905-0b56d0550206", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-1000130", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2024-12-25)", "content": "", "creation_timestamp": "2024-12-25T00:00:00.000000Z"}, {"uuid": "f7d4a75a-ad89-4b55-b000-421a5d404c22", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-1000130", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2024-12-28)", "content": "", "creation_timestamp": "2024-12-28T00:00:00.000000Z"}, {"uuid": "9e5cf7e1-2e33-48a8-8f53-ddd0332ec82d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-1000130", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2024-12-26)", "content": "", "creation_timestamp": "2024-12-26T00:00:00.000000Z"}, {"uuid": "174750c7-af62-4d56-a94c-1792a49a147d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-1000130", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2024-12-27)", "content": "", "creation_timestamp": "2024-12-27T00:00:00.000000Z"}, {"uuid": "b9c42b8e-3d00-473b-8fb7-9656a2f8b340", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-1000130", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2025-01-10)", "content": "", "creation_timestamp": "2025-01-10T00:00:00.000000Z"}, {"uuid": "163e9158-2097-40af-8e30-ac10c0150b9b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-1000130", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2024-12-30)", "content": "", "creation_timestamp": "2024-12-30T00:00:00.000000Z"}, {"uuid": "4c626c8b-7149-49a0-94a2-af2d315f0cf8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-1000130", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2025-01-04)", "content": "", "creation_timestamp": "2025-01-04T00:00:00.000000Z"}, {"uuid": "923d090a-5597-4057-befa-acdd66e2b670", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-1000130", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2025-01-11)", "content": "", "creation_timestamp": "2025-01-11T00:00:00.000000Z"}, {"uuid": "e0566877-1319-431d-a0d2-671ad4ac425f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-1000130", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2025-01-26)", "content": "", "creation_timestamp": "2025-01-26T00:00:00.000000Z"}, {"uuid": "b694b359-55df-45e1-b245-aff1ff241bc4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-1000130", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2024-12-31)", "content": "", "creation_timestamp": "2024-12-31T00:00:00.000000Z"}, {"uuid": "8540154e-daa2-4d0e-b2fb-b49219878872", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-1000130", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2025-01-03)", "content": "", "creation_timestamp": "2025-01-03T00:00:00.000000Z"}, {"uuid": "aadb89af-1207-4f23-bf30-7c68bfd7193a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-1000130", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2025-01-01)", "content": "", "creation_timestamp": "2025-01-01T00:00:00.000000Z"}, {"uuid": "5cfb51c9-a2f2-414e-89d8-e05e7b09a772", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-1000130", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2025-01-06)", "content": "", "creation_timestamp": "2025-01-06T00:00:00.000000Z"}, {"uuid": "06fc3003-cb14-461c-9219-3f94ff0d4fd9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-1000130", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2025-01-09)", "content": "", "creation_timestamp": "2025-01-09T00:00:00.000000Z"}, {"uuid": "aea80d34-b97a-456a-bc65-a49ba6e98d9e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-100085", "type": "seen", "source": "MISP/a1e796df-2ad8-4c8d-8b69-737a004e72dd", "content": "", "creation_timestamp": "2025-02-06T03:13:43.000000Z"}, {"uuid": "5864b0ac-1eb4-41a9-ac8f-d7ade207629d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-1000130", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2025-01-19)", "content": "", "creation_timestamp": "2025-01-19T00:00:00.000000Z"}, {"uuid": "7418beaa-bb70-4fcd-b5ed-58d01084c5df", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-1000130", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2025-01-21)", "content": "", "creation_timestamp": "2025-01-21T00:00:00.000000Z"}, {"uuid": "8b887d41-6b04-4f04-a2a3-5169fc67ca73", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-100086", "type": "seen", "source": "MISP/a1e796df-2ad8-4c8d-8b69-737a004e72dd", "content": "", "creation_timestamp": "2025-02-23T04:10:02.000000Z"}, {"uuid": "3453409c-c988-48aa-adef-855ab91cafd1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-1000130", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2025-02-03)", "content": "", "creation_timestamp": "2025-02-03T00:00:00.000000Z"}, {"uuid": "bd3b25a7-4f07-4681-8014-9a8a5b982a15", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-100085", "type": "seen", "source": "MISP/a1e796df-2ad8-4c8d-8b69-737a004e72dd", "content": "", "creation_timestamp": "2025-02-23T04:10:02.000000Z"}, {"uuid": "00e3a611-3d25-47d4-ab4a-5fabdac31e1a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-100004", "type": "seen", "source": "MISP/a1e796df-2ad8-4c8d-8b69-737a004e72dd", "content": "", "creation_timestamp": "2025-02-23T04:10:02.000000Z"}, {"uuid": "c7a4e6f1-18d5-49fb-ab21-409bc583fe8f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-100040", "type": "seen", "source": "MISP/a1e796df-2ad8-4c8d-8b69-737a004e72dd", "content": "", "creation_timestamp": "2025-02-23T04:10:02.000000Z"}, {"uuid": "6fa1de3f-50e7-4034-adb1-22ff966e368c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-1000130", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2025-03-25)", "content": "", "creation_timestamp": "2025-03-25T00:00:00.000000Z"}, {"uuid": "78ea087f-8ab7-4911-bb3d-876de9d285b4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-100000", "type": "seen", "source": "MISP/a1e796df-2ad8-4c8d-8b69-737a004e72dd", "content": "", "creation_timestamp": "2025-02-23T04:10:02.000000Z"}, {"uuid": "734945c2-649b-4c5e-9639-a8a97e34e430", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-100053", "type": "seen", "source": "MISP/a1e796df-2ad8-4c8d-8b69-737a004e72dd", "content": "", "creation_timestamp": "2025-02-23T04:10:02.000000Z"}, {"uuid": "1a68c270-96f3-4286-a662-ebfd971643fa", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-100009", "type": "seen", "source": "MISP/a1e796df-2ad8-4c8d-8b69-737a004e72dd", "content": "", "creation_timestamp": "2025-02-23T04:10:02.000000Z"}, {"uuid": "4e316105-f888-4c34-b143-3743805fa15c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-100011", "type": "seen", "source": "MISP/a1e796df-2ad8-4c8d-8b69-737a004e72dd", "content": "", "creation_timestamp": "2025-02-23T04:10:02.000000Z"}, {"uuid": "4a3003e7-2d91-4375-ab18-b424798b8d0d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-1000130", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2025-02-12)", "content": "", "creation_timestamp": "2025-02-12T00:00:00.000000Z"}, {"uuid": "dba5decb-424e-4468-9191-f1c9b0ab245b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-1000130", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2025-02-26)", "content": "", "creation_timestamp": "2025-02-26T00:00:00.000000Z"}, {"uuid": "73decb5b-0d61-47b2-ab58-e29f48fe4125", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-1000130", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2025-02-14)", "content": "", "creation_timestamp": "2025-02-14T00:00:00.000000Z"}, {"uuid": "3072780f-264a-4c90-bfda-ab5dfa2f72ea", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-1000130", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2025-03-09)", "content": "", "creation_timestamp": "2025-03-09T00:00:00.000000Z"}, {"uuid": "614f744d-dbb6-4765-a255-2958915a1b9f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-1000130", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2025-03-07)", "content": "", "creation_timestamp": "2025-03-07T00:00:00.000000Z"}, {"uuid": "182cee20-6e1b-41c9-9a39-0b95495a6493", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-1000130", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2025-03-20)", "content": "", "creation_timestamp": "2025-03-20T00:00:00.000000Z"}, {"uuid": "9f768a8a-935f-4b48-a3da-95aad2cf3a63", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-1000130", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2025-02-19)", "content": "", "creation_timestamp": "2025-02-19T00:00:00.000000Z"}, {"uuid": "c68a0e11-1103-40fd-ba73-91fe27444e91", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-1000130", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2025-03-19)", "content": "", "creation_timestamp": "2025-03-19T00:00:00.000000Z"}, {"uuid": "9442cd56-1e6f-4b94-a6d1-089c3bf7d052", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-1000861", "type": "seen", "source": "MISP/3c19819c-1dac-4ef2-bfed-be5efa7e0123", "content": "", "creation_timestamp": "2025-02-23T02:10:18.000000Z"}, {"uuid": "b5f00147-158f-4aa3-89e5-6b3a2797df2d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-1000130", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2025-02-28)", "content": "", "creation_timestamp": "2025-02-28T00:00:00.000000Z"}, {"uuid": "c076ef56-439e-462c-995b-10487ad65aa2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-1000130", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2025-02-21)", "content": "", "creation_timestamp": "2025-02-21T00:00:00.000000Z"}, {"uuid": "f8412230-c311-4e39-b6ad-483aff3d2c96", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-1000130", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2025-04-02)", "content": "", "creation_timestamp": "2025-04-02T00:00:00.000000Z"}, {"uuid": "adae3902-c48d-4f41-a38d-087b1ee9df54", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-1000130", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2025-03-06)", "content": "", "creation_timestamp": "2025-03-06T00:00:00.000000Z"}, {"uuid": "063a7e59-c4cc-4589-a1d2-6ad8fc76e769", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-1000130", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2025-03-06)", "content": "", "creation_timestamp": "2025-03-06T00:00:00.000000Z"}, {"uuid": "0d045023-2e61-473e-bf38-39e04758fb95", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-1000130", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2025-03-08)", "content": "", "creation_timestamp": "2025-03-08T00:00:00.000000Z"}, {"uuid": "08f3e1ce-c98d-47d7-a0c1-b072c50402e7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-1000130", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2025-03-31)", "content": "", "creation_timestamp": "2025-03-31T00:00:00.000000Z"}, {"uuid": "5f5e256b-722d-40be-bf4e-e112b3d31c55", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-1000130", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2025-04-01)", "content": "", "creation_timestamp": "2025-04-01T00:00:00.000000Z"}, {"uuid": "639bd1fb-01e9-4d85-8385-82cf18d4e06d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-1000130", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2025-03-28)", "content": "", "creation_timestamp": "2025-03-28T00:00:00.000000Z"}, {"uuid": "8bcf78c3-8602-4a8e-b951-836c23ec1ad0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-1000861", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2025-03-28)", "content": "", "creation_timestamp": "2025-03-28T00:00:00.000000Z"}, {"uuid": "cdac3290-e1cc-4b67-9f4e-2923a7b84325", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-1000861", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2025-04-02)", "content": "", "creation_timestamp": "2025-04-02T00:00:00.000000Z"}, {"uuid": "f5604b20-b9e2-4de3-9a51-add3edc5d4ed", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-1000130", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2025-06-17)", "content": "", "creation_timestamp": "2025-06-17T00:00:00.000000Z"}, {"uuid": "539ff283-22e5-4603-8906-09b2b8c07b89", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-1000130", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2025-04-06)", "content": "", "creation_timestamp": "2025-04-06T00:00:00.000000Z"}, {"uuid": "c841dd07-f958-4457-a9b7-304b0a1901a7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-1000861", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2025-04-04)", "content": "", "creation_timestamp": "2025-04-04T00:00:00.000000Z"}, {"uuid": "a5ccb56d-4480-4cba-adf5-1bdd74b5b522", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-1000130", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2025-04-05)", "content": "", "creation_timestamp": "2025-04-05T00:00:00.000000Z"}, {"uuid": "487e1f25-cf1d-4a2b-9e6e-d4f08c520f4b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-1000130", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2025-04-09)", "content": "", "creation_timestamp": "2025-04-09T00:00:00.000000Z"}, {"uuid": "cb41f648-fdc9-4124-88fd-2145be58948f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-1000130", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2025-07-05)", "content": "", "creation_timestamp": "2025-07-05T00:00:00.000000Z"}, {"uuid": "cc930304-a32e-47c6-9723-dc12b2bdf703", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-1000130", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2025-04-10)", "content": "", "creation_timestamp": "2025-04-10T00:00:00.000000Z"}, {"uuid": "44c93b03-58f9-44cc-9de5-e78ed5047c51", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-1000130", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2025-07-15)", "content": "", "creation_timestamp": "2025-07-15T00:00:00.000000Z"}, {"uuid": "75ae3a53-efe9-4092-acb4-c137e5c2f0f6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-1000130", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2025-04-14)", "content": "", "creation_timestamp": "2025-04-14T00:00:00.000000Z"}, {"uuid": "730478eb-4cbe-491f-b253-3c6f71b12c0b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-1000638", "type": "seen", "source": "https://bsky.app/profile/beikokucyber.bsky.social/post/3lmngl2knos2a", "content": "", "creation_timestamp": "2025-04-12T21:02:13.801695Z"}, {"uuid": "2f95fbfd-437a-4c52-997a-9c79753391e6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-1000130", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2025-04-19)", "content": "", "creation_timestamp": "2025-04-19T00:00:00.000000Z"}, {"uuid": "e618b5db-905d-4613-8adc-f2fa6a2a6313", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-1000130", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2025-07-05)", "content": "", "creation_timestamp": "2025-07-05T00:00:00.000000Z"}, {"uuid": "f4ad5d13-a4e1-483b-9ac2-00ca1776727e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-1000130", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2025-07-07)", "content": "", "creation_timestamp": "2025-07-07T00:00:00.000000Z"}, {"uuid": "0fbf9848-9746-4d14-80ce-85f8ac2561d3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-1000130", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2025-06-28)", "content": "", "creation_timestamp": "2025-06-28T00:00:00.000000Z"}, {"uuid": "938a7620-b8c3-4613-af6c-7979fb56e0e1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-1000130", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2025-07-10)", "content": "", "creation_timestamp": "2025-07-10T00:00:00.000000Z"}, {"uuid": "b5b79857-32a5-40f2-8716-21daa1868a4f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-1000130", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2025-06-02)", "content": "", "creation_timestamp": "2025-06-02T00:00:00.000000Z"}, {"uuid": "2dde8010-accb-4b42-a0dc-7932c2c7d8e7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-1000130", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2025-06-14)", "content": "", "creation_timestamp": "2025-06-14T00:00:00.000000Z"}, {"uuid": "0f8c1b7a-b928-4900-afc4-eb05c1fe8f29", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-1000130", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2025-05-19)", "content": "", "creation_timestamp": "2025-05-19T00:00:00.000000Z"}, {"uuid": "3ef496b9-34c3-40b7-965e-41d6985bb53d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-1000130", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2025-06-30)", "content": "", "creation_timestamp": "2025-06-30T00:00:00.000000Z"}, {"uuid": "eadadc04-f594-40dc-bc75-3051d8a1a8d7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-1000130", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2025-04-29)", "content": "", "creation_timestamp": "2025-04-29T00:00:00.000000Z"}, {"uuid": "45535232-4b36-4bfc-81bc-e833568b6b34", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-1000130", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2025-06-20)", "content": "", "creation_timestamp": "2025-06-20T00:00:00.000000Z"}, {"uuid": "0df1fa2c-eaa0-4f4f-982d-f809deabda54", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-1000130", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2025-05-31)", "content": "", "creation_timestamp": "2025-05-31T00:00:00.000000Z"}, {"uuid": "de03e934-6508-4661-9755-7d5b46632ffa", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-1000861", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2025-05-07)", "content": "", "creation_timestamp": "2025-05-07T00:00:00.000000Z"}, {"uuid": "552ca599-8c46-4f43-a7bf-c40bc223de0b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-1000130", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2025-07-25)", "content": "", "creation_timestamp": "2025-07-25T00:00:00.000000Z"}, {"uuid": "ba807448-90ed-44cb-beb7-c4d87f6969df", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-1000130", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2025-07-11)", "content": "", "creation_timestamp": "2025-07-11T00:00:00.000000Z"}, {"uuid": "2ad218d5-10a0-46a7-9ef4-c2d47490e87c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-1000130", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2025-07-16)", "content": "", "creation_timestamp": "2025-07-16T00:00:00.000000Z"}, {"uuid": "8d5ec06b-c517-47e7-9d94-bf17eca44fce", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-1000130", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2025-07-23)", "content": "", "creation_timestamp": "2025-07-23T00:00:00.000000Z"}, {"uuid": "03147a4b-29b5-488b-9937-c08f7a414e12", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-1000861", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2025-05-07)", "content": "", "creation_timestamp": "2025-05-07T00:00:00.000000Z"}, {"uuid": "cf560181-a746-4706-b92a-09a8ba6aa89c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-1000861", "type": "seen", "source": "https://gist.github.com/Devball406/7c3257f2034c725588426e563837ad80", "content": "", "creation_timestamp": "2025-05-12T15:51:09.000000Z"}, {"uuid": "9cad7424-f17a-409a-a2eb-5ecb31b95bef", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-1000130", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2025-05-12)", "content": "", "creation_timestamp": "2025-05-12T00:00:00.000000Z"}, {"uuid": "08034b5f-c12e-4ccc-9e8b-11578d778160", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-1000130", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2025-11-21)", "content": "", "creation_timestamp": "2025-11-21T00:00:00.000000Z"}, {"uuid": "2f32acbd-0390-4bbc-994e-5a78ba40a152", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-1000130", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2025-07-17)", "content": "", "creation_timestamp": "2025-07-17T00:00:00.000000Z"}, {"uuid": "233afea4-f5f7-43c8-9295-7df57d60562f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-1000130", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2025-09-12)", "content": "", "creation_timestamp": "2025-09-12T00:00:00.000000Z"}, {"uuid": "95796bf5-1c7c-4d9b-9d3e-6c96b53f7d98", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-1000130", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2025-07-24)", "content": "", "creation_timestamp": "2025-07-24T00:00:00.000000Z"}, {"uuid": "de00d533-95dd-4962-a446-02758f7dabba", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-1000130", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2025-10-15)", "content": "", "creation_timestamp": "2025-10-15T00:00:00.000000Z"}, {"uuid": "4afdc0c0-3755-4a62-8327-73f9136afb0f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-1000130", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2025-07-28)", "content": "", "creation_timestamp": "2025-07-28T00:00:00.000000Z"}, {"uuid": "644417b0-8532-47b0-ab88-355ba8ca8e2d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-1000130", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2025-07-29)", "content": "", "creation_timestamp": "2025-07-29T00:00:00.000000Z"}, {"uuid": "b7dc08c0-cc3c-4e5d-beed-6598ca84de25", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-1000130", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2025-07-27)", "content": "", "creation_timestamp": "2025-07-27T00:00:00.000000Z"}, {"uuid": "39c033c6-e091-4561-a1af-1f11fe3ef94c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-1000130", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2025-09-27)", "content": "", "creation_timestamp": "2025-09-27T00:00:00.000000Z"}, {"uuid": "c9c94d8e-7d5f-44f8-a77a-f350b829c7b3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-1000130", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2025-07-26)", "content": "", "creation_timestamp": "2025-07-26T00:00:00.000000Z"}, {"uuid": "e44b912e-9d7b-41fa-b00d-b1fcd8e8c878", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-1000130", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2025-07-27)", "content": "", "creation_timestamp": "2025-07-27T00:00:00.000000Z"}, {"uuid": "31849283-3081-498f-a3a3-2b38796248c4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-1000130", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2025-08-01)", "content": "", "creation_timestamp": "2025-08-01T00:00:00.000000Z"}, {"uuid": "e946122c-1845-44cb-a036-29e837adc333", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-1000130", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2025-09-09)", "content": "", "creation_timestamp": "2025-09-09T00:00:00.000000Z"}, {"uuid": "c27d0555-1251-42b6-9ab4-acd66526d452", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-1000130", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2025-11-03)", "content": "", "creation_timestamp": "2025-11-03T00:00:00.000000Z"}, {"uuid": "03985f0e-2f2c-499f-89ca-360e1e66f0f7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-1000130", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2025-08-03)", "content": "", "creation_timestamp": "2025-08-03T00:00:00.000000Z"}, {"uuid": "5983cd45-16ee-4f8c-9510-a2a52ae9325a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-1000130", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2025-08-05)", "content": "", "creation_timestamp": "2025-08-05T00:00:00.000000Z"}, {"uuid": "093ce496-6dba-4803-8923-ed7a1f28c5cd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-1000036", "type": "seen", "source": "https://gist.github.com/Darkcrai86/5f8fdc3f74ca6b1ca4bc23bf7fb17c2e", "content": "", "creation_timestamp": "2025-10-16T10:17:08.000000Z"}, {"uuid": "c4a37f2a-1dab-4a54-8b36-96d19ac5e869", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-1000130", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2025-09-13)", "content": "", "creation_timestamp": "2025-09-13T00:00:00.000000Z"}, {"uuid": "098ed591-5002-4ee5-abbc-a51dfee7efc4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-1000130", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2025-10-23)", "content": "", "creation_timestamp": "2025-10-23T00:00:00.000000Z"}, {"uuid": "6a2d02dd-16fa-4190-8c52-19badc98c0c2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-1000130", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2025-10-08)", "content": "", "creation_timestamp": "2025-10-08T00:00:00.000000Z"}, {"uuid": "5bfcb6c2-6781-402a-ac41-7698c1aea238", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-1000130", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2025-08-10)", "content": "", "creation_timestamp": "2025-08-10T00:00:00.000000Z"}, {"uuid": "0ee94c13-6b5b-46b5-924b-e93c1dfe0846", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-1000130", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2025-09-07)", "content": "", "creation_timestamp": "2025-09-07T00:00:00.000000Z"}, {"uuid": "0641e036-f0a9-443f-a66d-b6141c15b317", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-1000129", "type": "seen", "source": "https://bsky.app/profile/beikokucyber.bsky.social/post/3lwmrsakv3t2w", "content": "", "creation_timestamp": "2025-08-17T21:02:24.677614Z"}, {"uuid": "cc1140fa-70ca-487b-a8f1-058eac9d37e6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-1000130", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2025-08-11)", "content": "", "creation_timestamp": "2025-08-11T00:00:00.000000Z"}, {"uuid": "d649c329-a64f-49ff-822d-3fa5bfd1f762", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-1000130", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2025-11-16)", "content": "", "creation_timestamp": "2025-11-16T00:00:00.000000Z"}, {"uuid": "5cb24458-16fa-4bdf-8ca7-ac1b20772160", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-1000130", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2025-11-10)", "content": "", "creation_timestamp": "2025-11-10T00:00:00.000000Z"}, {"uuid": "05f8f0a9-8977-4398-9a4b-1f70ec951102", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-1000130", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2025-09-17)", "content": "", "creation_timestamp": "2025-09-17T00:00:00.000000Z"}, {"uuid": "18450eeb-0150-481e-8176-b342fed442cd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-1000130", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2025-08-15)", "content": "", "creation_timestamp": "2025-08-15T00:00:00.000000Z"}, {"uuid": "f262540d-01ca-40c7-bb74-eb6e792dc3d1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-1000130", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2025-11-25)", "content": "", "creation_timestamp": "2025-11-25T00:00:00.000000Z"}, {"uuid": "09f63be2-c7e4-47b1-9cc9-5031da2a3c5d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-1000130", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2025-11-05)", "content": "", "creation_timestamp": "2025-11-05T00:00:00.000000Z"}, {"uuid": "a63543fb-ce50-4c2e-b5b7-b99f13894031", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-1000130", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2025-08-19)", "content": "", "creation_timestamp": "2025-08-19T00:00:00.000000Z"}, {"uuid": "0f7c1655-a2d5-4fa4-ae67-d1ea394bc58a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-1000861", "type": "seen", "source": "MISP/d17bd6ef-d68b-317b-ac33-cdbc44c5fc57", "content": "", "creation_timestamp": "2025-08-31T03:13:16.000000Z"}, {"uuid": "67472690-d430-4531-87a9-04c2a289f3ab", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-1000130", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2025-09-29)", "content": "", "creation_timestamp": "2025-09-29T00:00:00.000000Z"}, {"uuid": "e411ade6-57fa-4a1f-b2f5-d7d51839a5bc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-1000130", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2025-11-27)", "content": "", "creation_timestamp": "2025-11-27T00:00:00.000000Z"}, {"uuid": "272b716a-dcf7-4310-b3d8-fd575f2d2c21", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-1000850", "type": "seen", "source": "https://bsky.app/profile/beikokucyber.bsky.social/post/3lwze4upjz32c", "content": "", "creation_timestamp": "2025-08-22T21:02:25.180895Z"}, {"uuid": "732862bd-ec53-4d92-9c14-8f75935f062c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-1000130", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2025-11-26)", "content": "", "creation_timestamp": "2025-11-26T00:00:00.000000Z"}, {"uuid": "b1e9eb1c-0da9-4faa-96c6-b43be31ba29a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-1000130", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2025-09-15)", "content": "", "creation_timestamp": "2025-09-15T00:00:00.000000Z"}, {"uuid": "cd406c78-326b-47a6-be9b-84d9f7c512ef", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-1000130", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2025-08-29)", "content": "", "creation_timestamp": "2025-08-29T00:00:00.000000Z"}, {"uuid": "445cdb7f-5286-4f5f-bb5b-84210dd34808", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-1000130", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2025-10-10)", "content": "", "creation_timestamp": "2025-10-10T00:00:00.000000Z"}, {"uuid": "6b952b16-a9c5-4a65-9d18-561672e48b8c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-1000130", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2025-09-08)", "content": "", "creation_timestamp": "2025-09-08T00:00:00.000000Z"}, {"uuid": "ea090cdf-7bab-4805-91c1-6d1ee51faf77", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-1000115", "type": "seen", "source": "https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/scanner/memcached/memcached_amp.rb", "content": "", "creation_timestamp": "2018-05-29T15:50:33.000000Z"}, {"uuid": "12ff8c73-e43e-4f6e-b5d4-719ef9d5c1f5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-1000859", "type": "seen", "source": "https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/php_imap_open_rce.rb", "content": "", "creation_timestamp": "2018-11-27T22:53:35.000000Z"}, {"uuid": "95d1cc5a-842e-4e24-b44e-79b5b40b66eb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-1000861", "type": "seen", "source": "https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/jenkins_metaprogramming.rb", "content": "", "creation_timestamp": "2019-03-18T12:37:31.000000Z"}, {"uuid": "3f092696-5780-4f24-9e3c-7350c1deb555", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-1000130", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2025-09-11)", "content": "", "creation_timestamp": "2025-09-11T00:00:00.000000Z"}, {"uuid": "792fb6b6-2a91-4468-abdd-bdb8b9a80cd6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-1000130", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2025-08-26)", "content": "", "creation_timestamp": "2025-08-26T00:00:00.000000Z"}, {"uuid": "28395604-8833-4b36-b31e-842cf05fcdc5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-1000130", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2025-08-30)", "content": "", "creation_timestamp": "2025-08-30T00:00:00.000000Z"}, {"uuid": "2c429b61-eba5-43fb-9369-f2cc1f9df40e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-1000130", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2025-09-26)", "content": "", "creation_timestamp": "2025-09-26T00:00:00.000000Z"}, {"uuid": "847a294a-4c85-4fa8-b6f2-46565635ff4c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-1000130", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2025-11-21)", "content": "", "creation_timestamp": "2025-11-21T00:00:00.000000Z"}, {"uuid": "044788cd-e6be-4f70-bf84-86fa9d74bdeb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-1000130", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2025-09-02)", "content": "", "creation_timestamp": "2025-09-02T00:00:00.000000Z"}, {"uuid": "2e4aa9c6-a8fd-48cc-841c-c0911ba6afc8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-1000130", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2025-11-15)", "content": "", "creation_timestamp": "2025-11-15T00:00:00.000000Z"}, {"uuid": "b1fd94ce-a0ca-4bf5-a83d-168d74689cd1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-1000001", "type": "seen", "source": "https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/local/glibc_realpath_priv_esc.rb", "content": "", "creation_timestamp": "2018-06-12T21:50:04.000000Z"}, {"uuid": "2eeadb40-5be6-49c3-9184-6a0eecd72703", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-1000094", "type": "seen", "source": "https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/cmsms_upload_rename_rce.rb", "content": "", "creation_timestamp": "2018-07-19T17:25:57.000000Z"}, {"uuid": "afd54e24-064e-4a80-be88-fa85c6b97f96", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-1000533", "type": "seen", "source": "https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/gitlist_arg_injection.rb", "content": "", "creation_timestamp": "2018-07-06T19:46:25.000000Z"}, {"uuid": "179a0bdc-12f3-49ba-b8c8-b9a31ac50346", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-1000656", "type": "seen", "source": "https://gist.github.com/Ottapiens/e20fd8a5b3d73cb0ffa38013f25292e1", "content": "", "creation_timestamp": "2025-11-22T10:05:19.000000Z"}, {"uuid": "edc2f577-4b93-48ca-bf47-a43eec0e5527", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-1000049", "type": "seen", "source": "https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/misc/claymore_dual_miner_remote_manager_rce.rb", "content": "", "creation_timestamp": "2018-07-16T23:15:15.000000Z"}, {"uuid": "8cc3849e-16bf-436e-b6f1-ceb8c45d36aa", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-1000656", "type": "seen", "source": "https://gist.github.com/Ottapiens/eec03543750502c92edc81d7c568d88c", "content": "", "creation_timestamp": "2025-11-22T10:06:48.000000Z"}, {"uuid": "374de765-b698-4c96-aca2-25adc0be5c68", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-1000130", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2026-02-10)", "content": "", "creation_timestamp": "2026-02-10T00:00:00.000000Z"}, {"uuid": "f6ed7c72-f4fa-404c-a28c-bcb2fa66cf92", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-1000006", "type": "seen", "source": "https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/browser/exodus.rb", "content": "", "creation_timestamp": "2018-05-29T15:50:33.000000Z"}, {"uuid": "bf197f14-4e40-4b1f-be6e-786222451f75", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-1000130", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2025-09-04)", "content": "", "creation_timestamp": "2025-09-04T00:00:00.000000Z"}, {"uuid": "748f672a-0464-4107-a860-04bc4d316eeb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-1000130", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2025-12-10)", "content": "", "creation_timestamp": "2025-12-10T00:00:00.000000Z"}, {"uuid": "1ff887e2-f7d3-4ea4-b2f9-9a698250dce8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-1000130", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2026-02-13)", "content": "", "creation_timestamp": "2026-02-13T00:00:00.000000Z"}, {"uuid": "d334d31a-1492-4bcf-b4d2-0d690e948b94", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-1000130", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2025-12-05)", "content": "", "creation_timestamp": "2025-12-05T00:00:00.000000Z"}, {"uuid": "bd35cf76-e45a-436d-b2c5-9a1911e68ec4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-1000130", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2025-12-06)", "content": "", "creation_timestamp": "2025-12-06T00:00:00.000000Z"}, {"uuid": "a0ea9b7c-7a30-4c84-82a0-c409a7ace56b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-1000130", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2025-12-10)", "content": "", "creation_timestamp": "2025-12-10T00:00:00.000000Z"}, {"uuid": "3d51ec04-0aab-49dc-a391-461a0e631a19", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-1000873", "type": "seen", "source": "https://gist.github.com/might-might/40e680f1f9ce10e8b91c6629d1f0fec9", "content": "", "creation_timestamp": "2025-12-13T20:32:11.000000Z"}, {"uuid": "9a3afb51-ef89-4084-8e56-310f78b04a2e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-1000130", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2025-12-15)", "content": "", "creation_timestamp": "2025-12-15T00:00:00.000000Z"}, {"uuid": "121c2702-4811-4ed7-b7ed-41d96a3daa7e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-1000873", "type": "seen", "source": "https://gist.github.com/might-might/7893a493252338fe360077f6f10e55e2", "content": "", "creation_timestamp": "2025-12-13T20:32:46.000000Z"}, {"uuid": "3e953b2d-b8f3-42f2-8496-eb9f44f9d64d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-1000130", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2025-12-20)", "content": "", "creation_timestamp": "2025-12-20T00:00:00.000000Z"}, {"uuid": "c38e7639-13f6-4581-970e-d92c5db4acab", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-1000130", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2026-02-08)", "content": "", "creation_timestamp": "2026-02-08T00:00:00.000000Z"}, {"uuid": "2239a312-6a2a-4696-8aa2-6e4ee2ace528", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-1000130", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2025-12-30)", "content": "", "creation_timestamp": "2025-12-30T00:00:00.000000Z"}, {"uuid": "ef8a0892-8ebe-4bb1-ace0-d92bc55ae511", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-1000130", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2026-02-24)", "content": "", "creation_timestamp": "2026-02-24T00:00:00.000000Z"}, {"uuid": "ed6d9f8a-9d27-49a2-a046-d275888549b1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-1000130", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2026-01-03)", "content": "", "creation_timestamp": "2026-01-03T00:00:00.000000Z"}, {"uuid": "24dc0770-3222-4efa-8c1a-c70a82042eb0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-1000130", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2026-01-03)", "content": "", "creation_timestamp": "2026-01-03T00:00:00.000000Z"}, {"uuid": "b47363c6-ef6b-44e2-a139-10945e66758c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-1000130", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2026-01-08)", "content": "", "creation_timestamp": "2026-01-08T00:00:00.000000Z"}, {"uuid": "8c702a87-7c37-4ef6-bd4e-70bbfbed51ab", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-1000130", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2026-01-04)", "content": "", "creation_timestamp": "2026-01-04T00:00:00.000000Z"}, {"uuid": "a6f51310-128a-4272-9190-94fc052331e0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-1000130", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2026-01-29)", "content": "", "creation_timestamp": "2026-01-29T00:00:00.000000Z"}, {"uuid": "347524fc-b4a9-4150-a3ef-2a59a21c8c10", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-1000130", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2026-02-13)", "content": "", "creation_timestamp": "2026-02-13T00:00:00.000000Z"}, {"uuid": "59de48bc-04fb-40d0-ab35-6f840a59b62f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-1000130", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2026-01-04)", "content": "", "creation_timestamp": "2026-01-04T00:00:00.000000Z"}, {"uuid": "ddf3cc90-e49b-4e99-b5ce-87b5e5594fec", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-1000130", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2026-01-05)", "content": "", "creation_timestamp": "2026-01-05T00:00:00.000000Z"}, {"uuid": "4eb964b3-b0e6-4023-8ea0-8773e77d94b7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-1000130", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2026-03-22)", "content": "", "creation_timestamp": "2026-03-22T00:00:00.000000Z"}, {"uuid": "180f4517-cd77-457c-9908-98b33394d353", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-1000130", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2026-03-18)", "content": "", "creation_timestamp": "2026-03-18T00:00:00.000000Z"}, {"uuid": "b4030f5a-e8a1-4362-9781-e6e203412be3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-1000130", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2026-03-28)", "content": "", "creation_timestamp": "2026-03-28T00:00:00.000000Z"}, {"uuid": "78fc813f-35db-47ce-8fac-f021643c0978", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-1000130", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2026-03-23)", "content": "", "creation_timestamp": "2026-03-23T00:00:00.000000Z"}, {"uuid": "b34ac9be-e34a-414e-9db5-7ad039bf23cc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-1000130", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2026-01-08)", "content": "", "creation_timestamp": "2026-01-08T00:00:00.000000Z"}, {"uuid": "a2a68342-5fd7-4d35-8ea7-fc3fbbcabdf3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-1000130", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2026-03-28)", "content": "", "creation_timestamp": "2026-03-28T00:00:00.000000Z"}, {"uuid": "ad2d57f8-3878-4acb-ba9b-a29789498230", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-1000130", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2026-03-23)", "content": "", "creation_timestamp": "2026-03-23T00:00:00.000000Z"}, {"uuid": "c7586ebe-aa08-43fc-ae69-0f2ddd540fed", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-1000130", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2026-01-20)", "content": "", "creation_timestamp": "2026-01-20T00:00:00.000000Z"}, {"uuid": "02a464e8-1c32-472f-9e0c-2555fd458b8c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-1000130", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2026-03-29)", "content": "", "creation_timestamp": "2026-03-29T00:00:00.000000Z"}, {"uuid": "47d7d593-606c-4d35-912d-2c51e0876258", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-1000873", "type": "seen", "source": "https://gist.github.com/Butters7/e65bcd1f3d9095d96764c7a4c79b936a", "content": "", "creation_timestamp": "2026-01-14T22:24:35.000000Z"}, {"uuid": "e746ed98-e9f2-4541-b29a-dc6be90dd734", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-1000130", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2026-01-15)", "content": "", "creation_timestamp": "2026-01-15T00:00:00.000000Z"}, {"uuid": "0caef520-2077-4ac8-b816-e45a98f692ec", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-1000130", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2026-03-25)", "content": "", "creation_timestamp": "2026-03-25T00:00:00.000000Z"}, {"uuid": "18864c36-2a0c-4227-862d-ada45b8227e5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "c933734a-9be8-4142-889e-26e95c752803", "vulnerability": "CVE-2018-1000632", "type": "seen", "source": "https://vulnerability.circl.lu/bundle/bbcbc485-b88d-4831-b8e9-6e37e7bd9875", "content": "", "creation_timestamp": "2026-01-21T21:18:16.771453Z"}, {"uuid": "7de3dcb3-f003-4ddb-89bb-6d3783244eb7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-1000130", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2026-03-30)", "content": "", "creation_timestamp": "2026-03-30T00:00:00.000000Z"}, {"uuid": "942d741b-f80d-4af2-b741-90af0e6a6bc0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "af0120d0-3dac-4a6a-974b-a9f33d2a9846", "vulnerability": "CVE-2018-1000861", "type": "exploited", "source": "https://vulnerability.circl.lu/known-exploited-vulnerabilities-catalog/812e1ff5-1449-4378-bbc3-65ad133150d5", "content": "", "creation_timestamp": "2026-02-02T12:28:24.075639Z"}, {"uuid": "1fb6f818-2715-4305-9e7f-7d9ccf9748d4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-1000130", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2026-03-19)", "content": "", "creation_timestamp": "2026-03-19T00:00:00.000000Z"}, {"uuid": "a398ff74-2f55-4e93-b022-25bfbb3006ba", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-1000130", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2026-04-01)", "content": "", "creation_timestamp": "2026-04-01T00:00:00.000000Z"}, {"uuid": "8d3b66b7-3266-4f0e-8a8f-e45bbdae4d6b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-1000130", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2026-04-04)", "content": "", "creation_timestamp": "2026-04-04T00:00:00.000000Z"}, {"uuid": "c7fefb12-e40e-40da-ba8d-0d5b9cc13dad", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-1000130", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2026-04-07)", "content": "", "creation_timestamp": "2026-04-07T00:00:00.000000Z"}, {"uuid": "5297eaf2-7f26-4b76-b9dc-a4d008db227f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-1000130", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2026-04-06)", "content": "", "creation_timestamp": "2026-04-06T00:00:00.000000Z"}, {"uuid": "8c6bdaef-9022-48eb-a133-0100f47cd341", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-1000861", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2026-04-07)", "content": "", "creation_timestamp": "2026-04-07T00:00:00.000000Z"}, {"uuid": "c2e82e5d-506a-4f4c-a412-74bf0d4cfeb1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-1000130", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2026-04-12)", "content": "", "creation_timestamp": "2026-04-12T00:00:00.000000Z"}, {"uuid": "f3fd5f6f-80ea-4709-9f59-2a42b707fd79", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-1000130", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2026-04-08)", "content": "", "creation_timestamp": "2026-04-08T00:00:00.000000Z"}, {"uuid": "6003c0df-ac79-482e-984f-1b8311b3b010", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-1000130", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2026-04-15)", "content": "", "creation_timestamp": "2026-04-15T00:00:00.000000Z"}, {"uuid": "d78df4f0-80e8-4891-a705-dfd2fab3589f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-1000130", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2026-04-17)", "content": "", "creation_timestamp": "2026-04-17T00:00:00.000000Z"}, {"uuid": "438b8c58-59eb-42cb-a1ea-eac604dd3536", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-1000861", "type": "published-proof-of-concept", "source": "https://t.me/poxek/2140", "content": "awesome jenkins rce 2019\nThere is no pre-auth RCE in Jenkins since May 2017, but this is the one!\nIt chains CVE-2018-1000861, CVE-2019-1003005 and CVE-2019-1003029 to a more reliable and elegant pre-auth remote code execution!\nhttps://github.com/orangetw/awesome-jenkins-rce-2019\n\n\u0414\u043d\u0435\u0432\u043d\u0438\u043a \u0411\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u0438\u043a\u0430 \ud83d\udee1\ufe0f", "creation_timestamp": "2022-07-31T07:01:12.000000Z"}, {"uuid": "3c09d01f-4d45-4b43-b91c-c49b7d904f20", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-1000130", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2026-04-20)", "content": "", "creation_timestamp": "2026-04-20T00:00:00.000000Z"}, {"uuid": "21e6665a-0c42-471b-a4d7-cef7d31ad9f7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-1000130", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2026-04-19)", "content": "", "creation_timestamp": "2026-04-19T00:00:00.000000Z"}, {"uuid": "09c7892d-af6a-4362-a62d-3e078e4fe884", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-1000115", "type": "seen", "source": "https://t.me/eXCe_Fixxed/109130", "content": "# DD0S CVE List by Layer 3/4/7\n\n##  Layer 3 (Network) - ICMP, IP, NDP\n\n# 2020\n- CVE-2020-16898  > Windows TCP/IP \"Bad Neighbor\" - ICMPv6 ping of death (DoS via BSOD)\n\n##  Layer 4 (Transport) - TCP, UDP\n\n# 2013\n- CVE-2013-5211  > NTP Amplification Attack via 'monlist' (UDP-based)\n\n# 2016\n- CVE-2016-9244  > Cisco VPN IKEv1 flood (UDP port 500 DoS)\n\n# 2018\n- CVE-2018-1000115  > Memcached UDP Amplification (reflection attack)\n\n# 2018\n- CVE-2018-0171  > Cisco Smart Install DoS (TCP port 4786)\n\n##  Layer 7 (Application) - HTTP, NTP, Memcached, API\n\n# 2021\n- CVE-2021-22986  > F5 BIG-IP iControl REST unauth DoS/RCE (API abuse)\n\n# 2023\n- CVE-2023-44487  > HTTP/2 Rapid Reset Attack - stream reset flooding\n\n# 2024\n- CVE-2024-29269  > Telesquare LTE Router Cmd Injection (dapat digunakan untuk DoS chaining) {New Cve Bug}", "creation_timestamp": "2025-08-03T06:11:01.000000Z"}, {"uuid": "dd3f9a70-ef16-43ec-9174-0ff0f1d41d90", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-1000136", "type": "published-proof-of-concept", "source": "https://t.me/piratepartyru/188", "content": "https://xakep.ru/2018/05/14/electron-flaw/\n\u0418\u0437-\u0437\u0430 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0432 Electron \u043f\u043e\u0434 \u0443\u0433\u0440\u043e\u0437\u043e\u0439 \u043e\u043a\u0430\u0437\u0430\u043b\u0438\u0441\u044c Skype, Slack, WhatsApp, Discord \u0438 \u0434\u0440\u0443\u0433\u0438\u0435.\n\u0421\u043f\u0435\u0446\u0438\u0430\u043b\u0438\u0441\u0442 \u043a\u043e\u043c\u043f\u0430\u043d\u0438\u0438 Trustwave \u0411\u0440\u0435\u043d\u0434\u0430\u043d \u0421\u043a\u0430\u0440\u0432\u0435\u043b\u043b (Brendan Scarvell) \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0438\u043b \u043e\u043f\u0430\u0441\u043d\u0443\u044e \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c (CVE-2018-1000136) \u0432 \u0441\u043e\u0441\u0442\u0430\u0432\u0435 \u043e\u043f\u0435\u043d\u0441\u043e\u0440\u0441\u043d\u043e\u0433\u043e \u0444\u0440\u0435\u0439\u043c\u0432\u043e\u0440\u043a\u0430 Electron. \u0411\u0430\u0433 \u0434\u043e\u043f\u0443\u0441\u043a\u0430\u0435\u0442 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e\u0435 \u0438\u0441\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u043e\u0433\u043e \u043a\u043e\u0434\u0430. \u0418\u0437-\u0437\u0430 \u044d\u0442\u043e\u0433\u043e \u0434\u0435\u0441\u044f\u0442\u043a\u0438 \u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u0439, \u0432 \u0441\u043e\u0441\u0442\u0430\u0432 \u043a\u043e\u0442\u043e\u0440\u044b\u0445 \u0432\u0445\u043e\u0434\u0438\u0442 Electron, \u043e\u043a\u0430\u0437\u0430\u043b\u0438\u0441\u044c \u043f\u043e\u0434 \u0443\u0433\u0440\u043e\u0437\u043e\u0439. \u0421\u0440\u0435\u0434\u0438 \u043d\u0438\u0445: Skype, GitHub Desktop, Slack, WhatsApp, Signal, Discord, Twitch, \u0431\u0440\u0430\u0443\u0437\u0435\u0440 Brave \u0438 WordPress.com, \u0430 \u0442\u0430\u043a\u0436\u0435 \u043c\u043d\u043e\u0433\u0438\u0435 \u0434\u0440\u0443\u0433\u0438\u0435. \n\n\u00ab\u041f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u044f Electron, \u0432 \u043e\u0441\u043d\u043e\u0432\u043d\u043e\u043c, \u043f\u0440\u0435\u0434\u0441\u0442\u0430\u0432\u043b\u044f\u044e\u0442 \u0441\u043e\u0431\u043e\u0439 \u0432\u0435\u0431-\u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u044f, \u0430 \u0437\u043d\u0430\u0447\u0438\u0442, \u043e\u043d\u0438 \u0447\u0443\u0432\u0441\u0442\u0432\u0438\u0442\u0435\u043b\u044c\u043d\u044b \u043a XSS (cross-site scripting) \u0430\u0442\u0430\u043a\u0430\u043c \u0438\u0437-\u0437\u0430 \u043d\u0435\u043a\u043e\u0440\u0440\u0435\u043a\u0442\u043d\u043e\u0439 \u043e\u0447\u0438\u0441\u0442\u043a\u0438 \u043f\u043e\u043b\u0443\u0447\u0435\u043d\u043d\u044b\u0445 \u043e\u0442 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f \u0434\u0430\u043d\u043d\u044b\u0445. \u041f\u043e \u0443\u043c\u043e\u043b\u0447\u0430\u043d\u0438\u044e Electron-\u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u044f \u043f\u0440\u0435\u0434\u0441\u0442\u0430\u0432\u043b\u044f\u044e\u0442 \u0434\u043e\u0441\u0442\u0443\u043f \u043d\u0435 \u0442\u043e\u043b\u044c\u043a\u043e \u043a \u0441\u0432\u043e\u0438\u043c \u0441\u043e\u0431\u0441\u0442\u0432\u0435\u043d\u043d\u044b\u043c API, \u043d\u043e \u0442\u0430\u043a\u0436\u0435 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0442 \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u0434\u043e\u0441\u0442\u0443\u043f \u043a\u043e \u0432\u0441\u0435\u043c \u0432\u0441\u0442\u0440\u043e\u0435\u043d\u043d\u044b\u043c \u043c\u043e\u0434\u0443\u043b\u044f\u043c Node.js. \u0418\u0437-\u0437\u0430 \u044d\u0442\u043e\u0433\u043e XSS-\u0430\u0442\u0430\u043a\u0430 \u0441\u0442\u0430\u043d\u043e\u0432\u0438\u0442\u0441\u044f \u043e\u0441\u043e\u0431\u0435\u043d\u043d\u043e \u043e\u043f\u0430\u0441\u043d\u043e\u0439, \u0432\u0435\u0434\u044c \u043f\u043e\u043b\u0435\u0437\u043d\u0430\u044f \u043d\u0430\u0433\u0440\u0443\u0437\u043a\u0430 \u0430\u0442\u0430\u043a\u0443\u044e\u0449\u0435\u0433\u043e \u043c\u043e\u0436\u0435\u0442 \u0438\u0441\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u0441\u043e\u0432\u0441\u0435\u043c \u043d\u0435\u043f\u0440\u0438\u044f\u0442\u043d\u044b\u0435 \u0432\u0435\u0449\u0438, \u043d\u0430\u043f\u0440\u0438\u043c\u0435\u0440, \u0437\u0430\u043f\u0440\u043e\u0441\u0438\u0442\u044c \u043c\u043e\u0434\u0443\u043b\u044c child_process \u0438 \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u0441\u0438\u0441\u0442\u0435\u043c\u043d\u044b\u0435 \u043a\u043e\u043c\u0430\u043d\u0434\u044b \u043d\u0430 \u043a\u043b\u0438\u0435\u043d\u0442\u0441\u043a\u043e\u0439 \u0441\u0442\u043e\u0440\u043e\u043d\u0435, \u2014 \u0440\u0430\u0441\u0441\u043a\u0430\u0437\u044b\u0432\u0430\u0435\u0442 \u0421\u043a\u0430\u0440\u0432\u0435\u043b\u043b \u0432 \u0431\u043b\u043e\u0433\u0435 \u043a\u043e\u043c\u043f\u0430\u043d\u0438\u0438. \u2014 \u0412\u044b \u043c\u043e\u0436\u0435\u0442\u0435 \u043e\u0442\u043e\u0437\u0432\u0430\u0442\u044c \u0434\u043e\u0441\u0442\u0443\u043f \u0434\u043b\u044f Node.js, \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u0438\u0432 nodeIntegration \u043d\u0430 \u0437\u043d\u0430\u0447\u0435\u043d\u0438\u0435 false \u0432 webPreferences \u0441\u0432\u043e\u0435\u0433\u043e \u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u044f\u00bb.", "creation_timestamp": "2018-05-14T18:56:03.000000Z"}, {"uuid": "5c0d8c67-0c61-4d49-9a15-151c24606223", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-1000861", "type": "seen", "source": "https://t.me/arpsyndicate/1759", "content": "#ExploitObserverAlert\n\nCVE-2018-1000861\n\nDESCRIPTION: Exploit Observer has 66 entries related to CVE-2018-1000861. A code execution vulnerability exists in the Stapler web framework used by Jenkins 2.153 and earlier, LTS 2.138.3 and earlier in stapler/core/src/main/java/org/kohsuke/stapler/MetaClass.java that allows attackers to invoke some methods on Java objects by accessing crafted URLs that were not intended to be invoked this way.\n\nFIRST-EPSS: 0.971120000\nNVD-IS: 5.9\nNVD-ES: 3.9", "creation_timestamp": "2023-12-11T14:50:54.000000Z"}, {"uuid": "61d6ad1b-9403-4977-b34c-81fbae839cad", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-1000115", "type": "seen", "source": "https://t.me/eXCe_Fixxed/502", "content": "# DD0S CVE List by Layer 3/4/7\n\n##  Layer 3 (Network) - ICMP, IP, NDP\n\n# 2020\n- CVE-2020-16898  > Windows TCP/IP \"Bad Neighbor\" - ICMPv6 ping of death (DoS via BSOD)\n\n##  Layer 4 (Transport) - TCP, UDP\n\n# 2013\n- CVE-2013-5211  > NTP Amplification Attack via 'monlist' (UDP-based)\n\n# 2016\n- CVE-2016-9244  > Cisco VPN IKEv1 flood (UDP port 500 DoS)\n\n# 2018\n- CVE-2018-1000115  > Memcached UDP Amplification (reflection attack)\n\n# 2018\n- CVE-2018-0171  > Cisco Smart Install DoS (TCP port 4786)\n\n##  Layer 7 (Application) - HTTP, NTP, Memcached, API\n\n# 2021\n- CVE-2021-22986  > F5 BIG-IP iControl REST unauth DoS/RCE (API abuse)\n\n# 2023\n- CVE-2023-44487  > HTTP/2 Rapid Reset Attack - stream reset flooding\n\n# 2024\n- CVE-2024-29269  > Telesquare LTE Router Cmd Injection (dapat digunakan untuk DoS chaining) {New Cve Bug}", "creation_timestamp": "2025-08-03T06:11:01.000000Z"}, {"uuid": "5653b14b-6c46-43a3-8db2-eae10a0c6b32", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-1000204", "type": "seen", "source": "https://t.me/cvedetector/964", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2022-48853 - Virtio SCSI swiotlb DMA_INFO LEAK\", \n  \"Content\": \"CVE ID : CVE-2022-48853 \nPublished : July 16, 2024, 1:15 p.m. | 37\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved:  \n  \nswiotlb: fix info leak with DMA_FROM_DEVICE  \n  \nThe problem I'm addressing was discovered by the LTP test covering  \ncve-2018-1000204.  \n  \nA short description of what happens follows:  \n1) The test case issues a command code 00 (TEST UNIT READY) via the SG_IO  \n   interface with: dxfer_len == 524288, dxdfer_dir == SG_DXFER_FROM_DEV  \n   and a corresponding dxferp. The peculiar thing about this is that TUR  \n   is not reading from the device.  \n2) In sg_start_req() the invocation of blk_rq_map_user() effectively  \n   bounces the user-space buffer. As if the device was to transfer into  \n   it. Since commit a45b599ad808 (\"scsi: sg: allocate with __GFP_ZERO in  \n   sg_build_indirect()\") we make sure this first bounce buffer is  \n   allocated with GFP_ZERO.  \n3) For the rest of the story we keep ignoring that we have a TUR, so the  \n   device won't touch the buffer we prepare as if the we had a  \n   DMA_FROM_DEVICE type of situation. My setup uses a virtio-scsi device  \n   and the  buffer allocated by SG is mapped by the function  \n   virtqueue_add_split() which uses DMA_FROM_DEVICE for the \"in\" sgs (here  \n   scatter-gather and not scsi generics). This mapping involves bouncing  \n   via the swiotlb (we need swiotlb to do virtio in protected guest like  \n   s390 Secure Execution, or AMD SEV).  \n4) When the SCSI TUR is done, we first copy back the content of the second  \n   (that is swiotlb) bounce buffer (which most likely contains some  \n   previous IO data), to the first bounce buffer, which contains all  \n   zeros.  Then we copy back the content of the first bounce buffer to  \n   the user-space buffer.  \n5) The test case detects that the buffer, which it zero-initialized,  \n  ain't all zeros and fails.  \n  \nOne can argue that this is an swiotlb problem, because without swiotlb  \nwe leak all zeros, and the swiotlb should be transparent in a sense that  \nit does not affect the outcome (if all other participants are well  \nbehaved).  \n  \nCopying the content of the original buffer into the swiotlb buffer is  \nthe only way I can think of to make swiotlb transparent in such  \nscenarios. So let's do just that if in doubt, but allow the driver  \nto tell us that the whole mapped buffer is going to be overwritten,  \nin which case we can preserve the old behavior and avoid the performance  \nimpact of the extra bounce. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"16 Jul 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-07-16T16:17:06.000000Z"}, {"uuid": "76fad509-f6bb-4eb0-8b37-92fcc9434e00", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-1000600", "type": "published-proof-of-concept", "source": "https://t.me/pwnwiki_zhchannel/9", "content": "CVE-2018-1000600 Jenkins GitHub \u4fe1\u606f\u6cc4\u6f0f\nhttps://www.pwnwiki.org/index.php?title=CVE-2018-1000600_Jenkins_GitHub_%E4%BF%A1%E6%81%AF%E6%B3%84%E6%BC%8F", "creation_timestamp": "2021-09-21T06:42:55.000000Z"}, {"uuid": "55697ed1-00d1-4689-a98f-9a40558e52a6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-1000861", "type": "published-proof-of-concept", "source": "https://t.me/netrunnerz/438", "content": "Jenkins RCE 2019\nCVE-2018-1000861\nCVE-2019-1003005\nCVE-2019-1003029\n\n\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435:\n$ curl -s -I http://jenkins/| grep X-Jenkins\nX-Jenkins: 2.137\nX-Jenkins-Session: 20f72c2e\nX-Jenkins-CLI-Port: 50000\nX-Jenkins-CLI2-Port: 50000\n\n$ python exp.py http://jenkins/ 'curl orange.tw'\n[*] ANONYMOUS_READ disable!\n[*] Bypass with CVE-2018-1000861!\n[*] Exploit success!(it should be :P)\n\n\u0423\u044f\u0437\u0432\u0438\u043c\u044b\u0435 \u0432\u0435\u0440\u0441\u0438\u0438:\nJenkins 2.53\nJenkins 2.122\nJenkins 2.137\nJenkins 2.138 with ANONYMOUS_READ enable\nJenkins 2.152 with ANONYMOUS_READ enable\nJenkins 2.153 with ANONYMOUS_READ enable\nScript Security Plugin 1.43\nScript Security Plugin 1.48", "creation_timestamp": "2023-04-06T10:40:22.000000Z"}, {"uuid": "0a59a86f-ebf1-44c3-9606-b3ccf6b58ace", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-1000007", "type": "seen", "source": "https://t.me/ctinow/168337", "content": "https://ift.tt/iy9qex3\nCVE-2018-1000007 | Oracle Fujitsu M10-1 cURL information disclosure (ID 1040274)", "creation_timestamp": "2024-01-15T13:36:46.000000Z"}, {"uuid": "2c216a73-f9e2-4554-a0ef-fcea57b19ae1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-1000892", "type": "seen", "source": "https://t.me/cibsecurity/21249", "content": "\u203c CVE-2018-1000892 \u203c\n\nBitcoin SV before 0.1.1 allows uncontrolled resource consumption when receiving sendheaders messages.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-12-23T21:13:10.000000Z"}, {"uuid": "0a8c5c19-5603-4260-9caa-05c82c63a0ac", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-1000007", "type": "seen", "source": "https://t.me/cibsecurity/32625", "content": "\u203c CVE-2021-27023 \u203c\n\nA flaw was discovered in Puppet Agent and Puppet Server that may result in a leak of HTTP credentials when following HTTP redirects to a different host. This is similar to CVE-2018-1000007\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-11-18T18:16:03.000000Z"}, {"uuid": "d1b4a026-e46c-41b9-97a2-618634325815", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-1000893", "type": "seen", "source": "https://t.me/cibsecurity/21246", "content": "\u203c CVE-2018-1000893 \u203c\n\nBitcoin SV before 0.1.1 allows uncontrolled resource consumption when deserializing transactions.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-12-23T21:13:06.000000Z"}, {"uuid": "f71f4bc0-a94f-4f09-92b1-cfb554e73b91", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-1000891", "type": "seen", "source": "https://t.me/cibsecurity/21244", "content": "\u203c CVE-2018-1000891 \u203c\n\nBitcoin SV before 0.1.1 allows uncontrolled resource consumption when receiving messages with invalid checksums.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-12-23T21:13:03.000000Z"}, {"uuid": "6e915dbc-e95b-4226-bae4-4acae0a040e3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-1000006", "type": "seen", "source": "https://t.me/itsecalert/86", "content": "\u26a0\ufe0f Signal, Skype, Slack, Rot, Keeper and all other  Electron apps contain a remote code execution vulnerability. Electron released a fix.\n\n* Affected Desktop apps: Signal, Skype, Slack, Rot, Keeper (and many others - see https://yt.gl/electronapps)\n* Electron Apps with default prtocol handler (like myapp:// ) are vulnerable \n* The devlopers should generate an update asap\n\nAdvice: Do not click on any untrusted links. Do not allow webpages to open electron desktop apps.\n\nIf you develop (!) Electron Apps, please update to the newest versions: 1.8.2-beta.4, 1.7.11 and 1.6.16 and send an update to your customers. \nSkype (newest version) and slack (3.0.3) are already fixed.\n\"Full\" list of all Electron Apps: https://yt.gl/electronapps\n\nmacOS and Linux are not vulnerable to this issue.\nCVE-2018-1000006 \n(Severity: \ud83d\udd38 high ) More Info: https://yt.gl/p0xta\n#alert #severityhigh #electron #windows\n\nThanks to @JonasMuc and @CyborgRel from the @itsectalk admin team for reporting and gathering information on this vulernability. Please forward the info to the team responsible for updating desktop apps!", "creation_timestamp": "2018-01-24T21:13:37.000000Z"}, {"uuid": "602ed201-c871-425c-b6b4-77680734002b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-1000007", "type": "seen", "source": "https://t.me/SecLabNews/1380", "content": "\u0412 \u0431\u0438\u0431\u043b\u0438\u043e\u0442\u0435\u043a\u0435 libcurl \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u0430 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c (CVE-2018-1000007), \u043f\u0440\u0438\u0432\u043e\u0434\u044f\u0449\u0430\u044f \u043a \u0440\u0430\u0441\u043a\u0440\u044b\u0442\u0438\u044e \u0434\u0430\u043d\u043d\u044b\u0445 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438. \u041f\u0440\u043e\u0431\u043b\u0435\u043c\u0430 \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043e\u0431\u0440\u0430\u0431\u043e\u0442\u043a\u043e\u0439 libcurl \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u044c\u043d\u044b\u0445 \u0437\u0430\u0433\u043e\u043b\u043e\u0432\u043a\u043e\u0432 \u0432 HTTP-\u0437\u0430\u043f\u0440\u043e\u0441\u0430\u0445.\n\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0432 libcurl \u043f\u0440\u0438\u0432\u043e\u0434\u0438\u0442 \u043a \u0440\u0430\u0441\u043a\u0440\u044b\u0442\u0438\u044e \u0434\u0430\u043d\u043d\u044b\u0445 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438", "creation_timestamp": "2018-01-26T08:15:37.000000Z"}, {"uuid": "92b0c0f1-728d-4585-ba1c-b18b76835150", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-1000006", "type": "published-proof-of-concept", "source": "https://t.me/canyoupwnme/3841", "content": "Electron Windows Protocol Handler MITM/RCE (bypass for CVE-2018-1000006 fix)\nhttps://blog.doyensec.com/2018/05/24/electron-win-protocol-handler-bug-bypass.html", "creation_timestamp": "2018-05-24T18:29:30.000000Z"}, {"uuid": "6714d491-a376-4608-b3b5-35163a76c46d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-1000136", "type": "seen", "source": "https://t.me/canyoupwnme/3752", "content": "CVE-2018-1000136 - Electron nodeIntegration Bypass\nhttps://www.trustwave.com/Resources/SpiderLabs-Blog/CVE-2018-1000136---Electron-nodeIntegration-Bypass/", "creation_timestamp": "2018-05-12T16:05:19.000000Z"}, {"uuid": "46d1252e-ff39-4af4-a9ec-c737734a535d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-1000006", "type": "seen", "source": "https://t.me/SecLabNews/2281", "content": "\u0420\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u0447\u0438\u043a\u0438 \u0444\u0440\u0435\u0439\u043c\u0432\u043e\u0440\u043a\u0430 \u0441 \u043e\u0442\u043a\u0440\u044b\u0442\u044b\u043c \u0438\u0441\u0445\u043e\u0434\u043d\u044b\u043c \u043a\u043e\u0434\u043e\u043c Electron \u043e\u0442 GitHub \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u043b\u0438 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u0435 \u0434\u043b\u044f \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u043e\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 CVE-2018-1000006, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0435\u0439 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 \u043a\u043e\u0434. \u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043c\u043e\u0436\u0435\u0442 \u0431\u044b\u0442\u044c \u043f\u0440\u043e\u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0438\u0440\u043e\u0432\u0430\u043d\u0430 \u0434\u043b\u044f \u0437\u0430\u043f\u0443\u0441\u043a\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0445 \u043a\u043e\u043c\u0430\u043d\u0434 \u043d\u0430 \u043a\u043e\u043c\u043f\u044c\u044e\u0442\u0435\u0440\u0435 \u043f\u043e\u0434 \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u0435\u043c \u041e\u0421 Windows. \u0414\u043b\u044f \u044d\u0442\u043e\u0433\u043e \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0443 \u0434\u043e\u0441\u0442\u0430\u0442\u043e\u0447\u043d\u043e \u0437\u0430\u0441\u0442\u0430\u0432\u0438\u0442\u044c \u0436\u0435\u0440\u0442\u0432\u0443 \u043f\u0435\u0440\u0435\u0439\u0442\u0438 \u043f\u043e \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u044c\u043d\u043e \u0441\u0444\u043e\u0440\u043c\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u043e\u043c\u0443 URL-\u0430\u0434\u0440\u0435\u0441\u0443.    \n\u0420\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u0447\u0438\u043a\u0438 Electron \u0438\u0441\u043f\u0440\u0430\u0432\u0438\u043b\u0438 \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0443\u044e \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0432\u043e \u0444\u0440\u0435\u0439\u043c\u0432\u043e\u0440\u043a\u0435", "creation_timestamp": "2018-05-25T16:27:51.000000Z"}, {"uuid": "051ec3da-bd75-4caf-945c-739ff30420b6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-1000001", "type": "published-proof-of-concept", "source": "https://t.me/canyoupwnme/3018", "content": "Libc Realpath Buffer Underflow CVE-2018-1000001\nhttps://www.halfdog.net/Security/2017/LibcRealpathBufferUnderflow/", "creation_timestamp": "2018-01-12T22:00:21.000000Z"}, {"uuid": "6e2bc056-9754-4692-8d94-157720f0f3a8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-1000861", "type": "exploited", "source": "https://t.me/SecLabNews/5845", "content": "\u041a\u0440\u0438\u043f\u0442\u043e\u043c\u0430\u0439\u043d\u0438\u043d\u0433\u043e\u0432\u044b\u0439 \u0431\u043e\u0442\u043d\u0435\u0442 WatchBog \u0437\u0430\u0434\u0435\u0439\u0441\u0442\u0432\u0443\u0435\u0442 web-\u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u0435 Pastebin \u0434\u043b\u044f C&C-\u043e\u043f\u0435\u0440\u0430\u0446\u0438\u0439. \u0414\u0430\u043d\u043d\u044b\u0439 \u0431\u043e\u0442\u043d\u0435\u0442 \u0435\u0449\u0435 \u0441 2018 \u0433\u043e\u0434\u0430 \u0441\u043e\u0441\u0440\u0435\u0434\u043e\u0442\u043e\u0447\u0435\u043d \u043d\u0430 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0438 Linux-\u0441\u0438\u0441\u0442\u0435\u043c \u0434\u043b\u044f \u043c\u0430\u0439\u043d\u0438\u043d\u0433\u0430 \u043a\u0440\u0438\u043f\u0442\u043e\u0432\u0430\u043b\u044e\u0442\u044b Monero, \u043e\u0434\u043d\u0430\u043a\u043e \u0432 \u0438\u044e\u043b\u0435 \u043d\u044b\u043d\u0435\u0448\u043d\u0435\u0433\u043e \u0433\u043e\u0434\u0430 \u0432\u043e \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u043e\u0435 \u041f\u041e \u0431\u044b\u043b \u0434\u043e\u0431\u0430\u0432\u043b\u0435\u043d \u043a\u043e\u0434 \u0434\u043b\u044f \u0441\u043a\u0430\u043d\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044f \u043d\u0430 \u043f\u0440\u0435\u0434\u043c\u0435\u0442 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 BlueKeep \u0432 Windows. \u0411\u043e\u0442\u043d\u0435\u0442 \u0432 \u043e\u0441\u043d\u043e\u0432\u043d\u043e\u043c \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0438\u0440\u0443\u0435\u0442 \u0442\u0430\u043a\u0438\u0435 \u0438\u0437\u0432\u0435\u0441\u0442\u043d\u044b\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438, \u043a\u0430\u043a CVE-2018-1000861 (\u0432 Jenkins), CVE-2019-11581 (Jira), CVE-2019-10149 (Exim) \u0438 CVE-2019-0192 (Sol).    \n\u041a\u0440\u0438\u043f\u0442\u043e\u043c\u0430\u0439\u043d\u0438\u043d\u0433\u043e\u0432\u044b\u0439 \u0431\u043e\u0442\u043d\u0435\u0442 WatchBog \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u0442 Pastebin \u043a\u0430\u043a C&C-\u0441\u0435\u0440\u0432\u0435\u0440", "creation_timestamp": "2019-09-13T14:05:15.000000Z"}, {"uuid": "18a61c3e-027a-41cb-b31f-c09d0563a9f0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-1000136", "type": "exploited", "source": "https://t.me/SecLabNews/2179", "content": "\u0412\u043e \u0444\u0440\u0435\u0439\u043c\u0432\u043e\u0440\u043a\u0435 \u0441 \u043e\u0442\u043a\u0440\u044b\u0442\u044b\u043c \u0438\u0441\u0445\u043e\u0434\u043d\u044b\u043c \u043a\u043e\u0434\u043e\u043c Electron \u043e\u0442 GitHub \u043d\u0430\u0439\u0434\u0435\u043d\u0430 \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u0430\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c CVE-2018-1000136, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u043c\u043e\u0436\u0435\u0442 \u043f\u0440\u0438\u0432\u0435\u0441\u0442\u0438 \u043a \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e\u043c\u0443 \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044e \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u043e\u0433\u043e \u043a\u043e\u0434\u0430. \u0422\u0435\u0445\u043d\u0438\u0447\u0435\u0441\u043a\u0438\u0435 \u0434\u0435\u0442\u0430\u043b\u0438 \u0438 PoC-\u043a\u043e\u0434 \u0431\u044b\u043b\u0438 \u043e\u0431\u043d\u0430\u0440\u043e\u0434\u043e\u0432\u0430\u043d\u044b \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u043c \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0411\u0440\u0435\u043d\u0434\u0430\u043d\u043e\u043c \u0421\u043a\u0430\u0440\u0432\u0435\u043b\u043b\u043e\u043c (Brendan Scarvell), \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0438\u043b \u0434\u0430\u043d\u043d\u0443\u044e \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u0443.    \n\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0432\u043e \u0444\u0440\u0435\u0439\u043c\u0432\u043e\u0440\u043a\u0435 Electron \u0437\u0430\u0442\u0440\u0430\u0433\u0438\u0432\u0430\u0435\u0442 \u043d\u0435\u0441\u043a\u043e\u043b\u044c\u043a\u043e \u0441\u043e\u0442\u0435\u043d \u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u0439", "creation_timestamp": "2018-05-14T09:50:15.000000Z"}, {"uuid": "83ed9114-143f-48f7-81d8-82361f88014c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-1000890", "type": "seen", "source": "https://t.me/cibsecurity/1799", "content": "ATENTION\u203c New - CVE-2018-1000890\n\nFrontAccounting 2.4.5 contains a Time Based Blind SQL Injection vulnerability in the parameter \"filterType\" in /attachments.php that can allow the attacker to grab the entire database of the application.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2018-12-28T18:22:06.000000Z"}, {"uuid": "7272a26f-63d4-41db-91e4-d505be575d26", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-1000625", "type": "seen", "source": "https://t.me/cibsecurity/1809", "content": "ATENTION\u203c New - CVE-2018-1000625\n\nBattelle V2I Hub 2.5.1 contains hard-coded credentials for the administrative account. An attacker could exploit this vulnerability to log in as an admin on any installation and gain unauthorized access to the system.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2018-12-28T18:22:18.000000Z"}, {"uuid": "90f75bf4-5645-40d3-83ee-3b9ad56547af", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-1000624", "type": "seen", "source": "https://t.me/cibsecurity/1810", "content": "ATENTION\u203c New - CVE-2018-1000624\n\nBattelle V2I Hub 2.5.1 is vulnerable to a denial of service, caused by the failure to restrict access to a sensitive functionality. By visiting http://V2I_HUB/UI/powerdown.php, a remote attacker could exploit this vulnerability to shut down the system.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2018-12-28T18:22:19.000000Z"}, {"uuid": "35c5082c-06bb-43c6-82e5-ac64d447fe9d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-1000889", "type": "seen", "source": "https://t.me/cibsecurity/1800", "content": "ATENTION\u203c New - CVE-2018-1000889\n\nLogisim Evolution version 2.14.3 and earlier contains an XML External Entity (XXE) vulnerability in Circuit file loading functionality (loadXmlFrom in src/com/cburch/logisim/file/XmlReader.java) that can result in information leak, possible RCE depending on system configuration. This attack appears to be exploitable via the victim opening a specially crafted circuit file. This vulnerability appears to have been fixed in 2.14.4.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2018-12-28T18:22:07.000000Z"}, {"uuid": "1ea55a26-a57b-4748-b4a4-15319b1bdd10", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-1000626", "type": "seen", "source": "https://t.me/cibsecurity/1808", "content": "ATENTION\u203c New - CVE-2018-1000626\n\nBattelle V2I Hub 2.5.1 could allow a remote attacker to bypass security restrictions, caused by the lack of requirement to change the default API key. An attacker could exploit this vulnerability using all available API functions containing an unchanged API key to gain unauthorized access to the system.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2018-12-28T18:22:14.000000Z"}, {"uuid": "22941c01-e6b2-4996-a159-c497dff854b4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-1000888", "type": "seen", "source": "https://t.me/cibsecurity/1801", "content": "ATENTION\u203c New - CVE-2018-1000888\n\nPEAR Archive_Tar version 1.4.3 and earlier contains a CWE-502, CWE-915 vulnerability in the Archive_Tar class. There are several file operations with `$v_header['filename']` as parameter (such as file_exists, is_file, is_dir, etc). When extract is called without a specific prefix path, we can trigger unserialization by crafting a tar file with `phar://[path_to_malicious_phar_file]` as path. Object injection can be used to trigger destruct in the loaded PHP classes, e.g. the Archive_Tar class itself. With Archive_Tar object injection, arbitrary file deletion can occur because `@unlink($this->_temp_tarname)` is called. If another class with useful gadget is loaded, it may possible to cause remote code execution that can result in files being deleted or possibly modified. This vulnerability appears to have been fixed in 1.4.4.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2018-12-28T18:22:08.000000Z"}, {"uuid": "e8c86708-f357-4862-81f7-c586a57fdd69", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-1000887", "type": "seen", "source": "https://t.me/cibsecurity/1802", "content": "ATENTION\u203c New - CVE-2018-1000887\n\nPeel shopping peel-shopping_9_1_0 version contains a Cross Site Scripting (XSS) vulnerability that can result in an authenticated user injecting java script code in the \"Site Name EN\" parameter. This attack appears to be exploitable if the malicious user has access to the administration account.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2018-12-28T18:22:09.000000Z"}, {"uuid": "d3bc7f42-0f2e-4a7b-9d82-b08e5f3662c7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-1000631", "type": "seen", "source": "https://t.me/cibsecurity/1803", "content": "ATENTION\u203c New - CVE-2018-1000631\n\nBattelle V2I Hub 3.0 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements to the tmx/TmxCtl/src/lib/PluginStatus.cpp and TmxControl::user_info() function, which could allow the attacker to view, add, modify or delete information in the back-end database.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2018-12-28T18:22:10.000000Z"}, {"uuid": "a06f394e-1003-4272-92a3-71716c8523cf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-1000630", "type": "seen", "source": "https://t.me/cibsecurity/1804", "content": "ATENTION\u203c New - CVE-2018-1000630\n\nBattelle V2I Hub 2.5.1 is vulnerable to SQL injection. A remote authenticated attacker could send specially-crafted SQL statements to /api/PluginStatusActions.php and /status/pluginStatus.php using the jtSorting or id parameter, which could allow the attacker to view, add, modify or delete information in the back-end database.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2018-12-28T18:22:11.000000Z"}, {"uuid": "5ab8ad4f-ef46-427d-ae47-5ff5e76b7d05", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-1000629", "type": "seen", "source": "https://t.me/cibsecurity/1805", "content": "ATENTION\u203c New - CVE-2018-1000629\n\nBattelle V2I Hub 2.5.1 is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by api/SystemConfigActions.php?action=add and the index.php script. A remote attacker could exploit this vulnerability using the parameterName or _login_username parameter in a specially-crafted URL to execute script in a victim's Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2018-12-28T18:22:12.000000Z"}, {"uuid": "8dda6585-8f17-432d-9e4b-eb355c7ce68c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-1000628", "type": "seen", "source": "https://t.me/cibsecurity/1806", "content": "ATENTION\u203c New - CVE-2018-1000628\n\nBattelle V2I Hub 2.5.1 could allow a remote attacker to bypass security restrictions, caused by the direct checking of the API key against a user-supplied value in PHP's GET global variable array using PHP's strcmp() function. By adding \"[]\" to the end of \"key\" in the URL when accessing API functions, an attacker could exploit this vulnerability to execute API functions.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2018-12-28T18:22:13.000000Z"}, {"uuid": "1a6bcde7-4e77-4c9a-ab20-a8ceba08b09e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-1000627", "type": "seen", "source": "https://t.me/cibsecurity/1807", "content": "ATENTION\u203c New - CVE-2018-1000627\n\nBattelle V2I Hub 2.5.1 could allow a remote attacker to obtain sensitive information, caused by the failure to restrict access to the API key file. An attacker could exploit this vulnerability to obtain the current API key to gain unauthorized access to the system.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2018-12-28T18:22:13.000000Z"}, {"uuid": "a07b89cf-6799-4a74-9e40-c21b8a4ff5c4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-1000861", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2026-05-05)", "content": "", "creation_timestamp": "2026-05-05T00:00:00.000000Z"}, {"uuid": "d3a6d453-d1f7-48a5-87af-707701d98c67", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-1000130", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2026-05-08)", "content": "", "creation_timestamp": "2026-05-08T00:00:00.000000Z"}, {"uuid": "5cc9078c-8f79-4c0e-bbd3-f60b316e4cc8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-1000130", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2026-05-01)", "content": "", "creation_timestamp": "2026-05-01T00:00:00.000000Z"}, {"uuid": "0f4c5915-4513-4733-b5fb-15117ac53eca", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-1000130", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2026-05-07)", "content": "", "creation_timestamp": "2026-05-07T00:00:00.000000Z"}, {"uuid": "1bec090b-e34e-41f6-a6ff-ac569cbe148a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-1000861", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2026-05-01)", "content": "", "creation_timestamp": "2026-05-01T00:00:00.000000Z"}, {"uuid": "8ef9b4ee-3b28-4549-8e54-686457e426f7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-1000130", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2026-05-03)", "content": "", "creation_timestamp": "2026-05-03T00:00:00.000000Z"}, {"uuid": "e7fdec80-8388-47a6-9b73-92690649bde9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-1000861", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2026-05-03)", "content": "", "creation_timestamp": "2026-05-03T00:00:00.000000Z"}, {"uuid": "c10da176-0bc8-4c48-a3f5-15f413f35818", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-1000620", "type": "seen", "source": "https://gist.github.com/steig/ddd6193b319e8b70af8f2659034a7922", "content": "#!/usr/bin/env bash\nset -euo pipefail\n\n# supply-chain-audit.sh \u2014 Developer supply chain security audit\n#\n# Merged edition: Joe Petrini's broad ecosystem coverage + additions for\n# MCP servers, curated known-bad-packages, gh CLI scopes, shell history secrets,\n# registry-hijack lockfile scans, and CI-friendly JSON/filter output.\n#\n# Usage:\n#   curl -fsSL  | bash\n#   bash supply-chain-audit.sh ~/code            # scan specific dirs\n#   bash supply-chain-audit.sh --fix             # generate remediation script\n#   bash supply-chain-audit.sh --json            # one finding per line as JSON\n#   bash supply-chain-audit.sh --only npm,mcp    # run only these groups\n#   bash supply-chain-audit.sh --skip homebrew   # skip groups\n#   bash supply-chain-audit.sh --no-prompt       # never ask, never scan\n#   bash supply-chain-audit.sh --list-groups     # show all group IDs\n#\n# Verify before piping to bash:\n#   curl -fsSL  -o /tmp/a.sh\n#   shasum -a 256 /tmp/a.sh  # compare to published sha256\n#   bash /tmp/a.sh\n\nVERSION=\"2.0.0\"\n\n# \u2500\u2500 Configuration \u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\n# Directories to scan for dependency manifests, lockfiles, and workflow files.\n# Override with: SCAN_DIRS=\"/path/one /path/two\" ./supply-chain-audit.sh\n# Or pass as arguments: ./supply-chain-audit.sh ~/code ~/work/projects\n\nSCAN_DIRS=\"${SCAN_DIRS:-}\"\n\n# Max depth for file searches within scan directories (default: 5)\nSCAN_DEPTH=\"${SCAN_DEPTH:-5}\"\n\nDEFAULT_SCAN_DIRS=(\"$HOME/code\" \"$HOME/projects\" \"$HOME/src\" \"$HOME/dev\")\n\n# \u2500\u2500 Colors & Output \u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\n\nRED=$'\\033[0;31m'\nYELLOW=$'\\033[0;33m'\nGREEN=$'\\033[0;32m'\nBLUE=$'\\033[0;34m'\nCYAN=$'\\033[0;36m'\nBOLD=$'\\033[1m'\nDIM=$'\\033[2m'\nNC=$'\\033[0m'\n\nCRIT_COUNT=0\nWARN_COUNT=0\nPASS_COUNT=0\nINFO_COUNT=0\n\nFINDINGS=()\n\n# CLI-controlled output modes (set in main())\nJSON_MODE=${JSON_MODE:-0}\nQUIET=${QUIET:-0}\nONLY_GROUPS=\"\"\nSKIP_GROUPS=\"\"\nCURRENT_GROUP=\"\"\n\n# Check if a group should be processed (called by section())\ngroup_enabled() {\n  local g=\"$1\"\n  if [[ -n \"$ONLY_GROUPS\" ]]; then\n    [[ \",$ONLY_GROUPS,\" == *\",$g,\"* ]] || return 1\n  fi\n  if [[ -n \"$SKIP_GROUPS\" ]]; then\n    [[ \",$SKIP_GROUPS,\" == *\",$g,\"* ]] && return 1\n  fi\n  return 0\n}\n\n# JSON helper \u2014 escape strings without jq dep\n_j_esc() { printf '%s' \"$1\" | sed 's/\\\\/\\\\\\\\/g; s/\"/\\\\\"/g; s/\t/\\\\t/g'; }\n\n_emit_json() {\n  # args: severity tool message fix\n  printf '{\"severity\":\"%s\",\"group\":\"%s\",\"message\":\"%s\",\"fix\":\"%s\"}\\n' \\\n    \"$1\" \"$(_j_esc \"$2\")\" \"$(_j_esc \"$3\")\" \"$(_j_esc \"$4\")\"\n}\n\ncrit()  {\n  ((++CRIT_COUNT)); FINDINGS+=(\"CRIT|$1|$2|${3:-}\")\n  if [[ $JSON_MODE -eq 1 ]]; then _emit_json critical \"$1\" \"$2\" \"${3:-}\"; return; fi\n  [[ $QUIET -eq 1 ]] && { printf \"  ${RED}\u2717 CRITICAL${NC}  %s\\n\" \"$2\"; [[ -n \"${3:-}\" ]] && printf \"      ${DIM}fix:${NC} %s\\n\" \"$3\"; return; }\n  printf \"  ${RED}\u2717 CRITICAL${NC}  %s\\n\" \"$2\"\n  [[ -n \"${3:-}\" ]] && printf \"      ${DIM}fix:${NC} %s\\n\" \"$3\"\n}\nwarn()  {\n  ((++WARN_COUNT)); FINDINGS+=(\"WARN|$1|$2|${3:-}\")\n  if [[ $JSON_MODE -eq 1 ]]; then _emit_json warning \"$1\" \"$2\" \"${3:-}\"; return; fi\n  [[ $QUIET -eq 1 ]] && { printf \"  ${YELLOW}\u26a0 WARNING${NC}   %s\\n\" \"$2\"; [[ -n \"${3:-}\" ]] && printf \"      ${DIM}fix:${NC} %s\\n\" \"$3\"; return; }\n  printf \"  ${YELLOW}\u26a0 WARNING${NC}   %s\\n\" \"$2\"\n  [[ -n \"${3:-}\" ]] && printf \"      ${DIM}fix:${NC} %s\\n\" \"$3\"\n}\npass()  {\n  ((++PASS_COUNT)); FINDINGS+=(\"PASS|$1|$2|\")\n  if [[ $JSON_MODE -eq 1 ]]; then _emit_json pass \"$1\" \"$2\" \"\"; return; fi\n  [[ $QUIET -eq 1 ]] && return\n  printf \"  ${GREEN}\u2713 OK${NC}        %s\\n\" \"$2\"\n}\ninfo()  {\n  ((++INFO_COUNT)); FINDINGS+=(\"INFO|$1|$2|${3:-}\")\n  if [[ $JSON_MODE -eq 1 ]]; then _emit_json info \"$1\" \"$2\" \"${3:-}\"; return; fi\n  [[ $QUIET -eq 1 ]] && return\n  printf \"  ${BLUE}\u2139 INFO${NC}      %s\\n\" \"$2\"\n}\n\nsection() {\n  # If second arg provided, use as machine-readable group; else derive from\n  # first word lowercased so existing call sites work unchanged.\n  if [[ $# -ge 2 && -n \"$2\" ]]; then\n    CURRENT_GROUP=\"$2\"\n  else\n    CURRENT_GROUP=\"$(printf '%s' \"$1\" | awk '{print tolower($1)}')\"\n  fi\n  [[ $JSON_MODE -eq 1 ]] && return\n  [[ $QUIET -eq 1 ]] && return\n  printf \"\\n${BOLD}${CYAN}\u2501\u2501\u2501 %s${NC}\\n\" \"$1\"\n}\n\n# group-gated wrapper: skip an audit function entirely if its group is filtered\ngroup_run() {\n  local group=\"$1\"; shift\n  group_enabled \"$group\" || return 0\n  \"$@\"\n}\n\ninstalled() {\n  command -v \"$1\" &>/dev/null\n}\n\nresolve_scan_dirs() {\n  local provided_dirs=()\n  local invalid_dirs=()\n  local arg\n\n  for arg in \"$@\"; do\n    if [[ -d \"$arg\" ]]; then\n      provided_dirs+=(\"$arg\")\n    else\n      invalid_dirs+=(\"$arg\")\n    fi\n  done\n\n  if [[ ${#invalid_dirs[@]} -gt 0 ]]; then\n    printf \"  %sIgnoring non-directory path(s): %s%s\\n\" \"$YELLOW\" \"${invalid_dirs[*]}\" \"$NC\" >&2\n  fi\n\n  if [[ ${#provided_dirs[@]} -gt 0 ]]; then\n    CODE_DIRS=(\"${provided_dirs[@]}\")\n    return 0\n  fi\n\n  if [[ -n \"$SCAN_DIRS\" ]]; then\n    read -ra CODE_DIRS <<< \"$SCAN_DIRS\"\n    return 0\n  fi\n\n  # --no-prompt or --json bypass interaction entirely\n  if [[ \"${AUDIT_NO_PROMPT:-0}\" -eq 1 || \"$JSON_MODE\" -eq 1 ]]; then\n    CODE_DIRS=(\"${DEFAULT_SCAN_DIRS[@]}\")\n  # Try /dev/tty so curl|bash works (stdin is the script, but tty still exists)\n  elif [[ -r /dev/tty && -w /dev/tty ]]; then\n    local defaults_display=\"${DEFAULT_SCAN_DIRS[*]}\"\n    local response\n    local response_lc\n\n    printf \"\\nNo scan directories were provided.\\n\"\n    printf \"Default scan directories: %s\\n\" \"$defaults_display\"\n    printf \"Press Enter to use defaults, type custom paths, or q to quit: \"\n    read -r response < /dev/tty\n    response_lc=$(printf \"%s\" \"$response\" | tr '[:upper:]' '[:lower:]')\n\n    case \"$response_lc\" in\n      \"\"|\"y\"|\"yes\")\n        CODE_DIRS=(\"${DEFAULT_SCAN_DIRS[@]}\")\n        ;;\n      \"q\"|\"quit\"|\"exit\")\n        printf \"Audit cancelled. Pass paths explicitly or set SCAN_DIRS to run non-interactively.\\n\" >&2\n        return 2\n        ;;\n      *)\n        read -ra CODE_DIRS <<< \"$response\"\n        ;;\n    esac\n  else\n    printf \"  %sNo scan directories provided and no tty available; using defaults. Pass DIRS or set SCAN_DIRS to override.%s\\n\" \"$YELLOW\" \"$NC\" >&2\n    CODE_DIRS=(\"${DEFAULT_SCAN_DIRS[@]}\")\n  fi\n\n  local missing=()\n  local existing=()\n  local dir\n  for dir in \"${CODE_DIRS[@]}\"; do\n    if [[ -d \"$dir\" ]]; then\n      existing+=(\"$dir\")\n    else\n      missing+=(\"$dir\")\n    fi\n  done\n\n  if [[ ${#missing[@]} -gt 0 ]]; then\n    printf \"  %sSkipping missing scan path(s): %s%s\\n\" \"$YELLOW\" \"${missing[*]}\" \"$NC\" >&2\n  fi\n\n  CODE_DIRS=(\"${existing[@]}\")\n\n  if [[ ${#CODE_DIRS[@]} -eq 0 ]]; then\n    printf \"No valid scan directories selected. Pass existing directories or set SCAN_DIRS.\\n\" >&2\n    return 2\n  fi\n}\n\n# \u2500\u2500 npm \u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\n\naudit_npm() {\n  section \"npm ($(npm --version 2>/dev/null || echo 'unknown'))\"\n\n  local ignore_scripts\n  ignore_scripts=$(npm config get ignore-scripts 2>/dev/null || echo \"undefined\")\n  if [[ \"$ignore_scripts\" == \"true\" ]]; then\n    pass \"npm\" \"ignore-scripts is enabled globally\"\n  else\n    crit \"npm\" \"Lifecycle scripts run on install (preinstall/postinstall)\" \\\n      \"npm config set ignore-scripts true\"\n  fi\n\n  local audit_setting\n  audit_setting=$(npm config get audit 2>/dev/null || echo \"true\")\n  if [[ \"$audit_setting\" == \"true\" ]]; then\n    pass \"npm\" \"npm audit is enabled\"\n  else\n    warn \"npm\" \"npm audit is disabled\" \\\n      \"npm config set audit true\"\n  fi\n\n  local package_lock\n  package_lock=$(npm config get package-lock 2>/dev/null || echo \"true\")\n  if [[ \"$package_lock\" == \"true\" ]]; then\n    pass \"npm\" \"package-lock is enabled\"\n  else\n    warn \"npm\" \"package-lock is disabled \u2014 installs are non-deterministic\" \\\n      \"npm config set package-lock true\"\n  fi\n\n  # Check for custom registries (potential dependency confusion)\n  local registry\n  registry=$(npm config get registry 2>/dev/null || echo \"\")\n  if [[ \"$registry\" == \"https://registry.npmjs.org/\" ]]; then\n    pass \"npm\" \"Using official npm registry\"\n  else\n    info \"npm\" \"Custom registry: $registry \u2014 verify this is trusted\" \"\"\n  fi\n\n\t  # Check for .npmrc files with custom registries in common locations\n\t  if [[ -f \"$HOME/.npmrc\" ]]; then\n\t    local custom_registries\n\t    custom_registries=$(grep -E \"^registry=|^@.*:registry=\" \"$HOME/.npmrc\" 2>/dev/null | grep -v \"registry.npmjs.org\" || true)\n\t    if [[ -n \"$custom_registries\" ]]; then\n\t      info \"npm\" \"Custom registries in ~/.npmrc \u2014 verify these are trusted\" \"\"\n\t    fi\n\n\t    if grep -qiE '^\\s*strict-ssl\\s*=\\s*false' \"$HOME/.npmrc\" 2>/dev/null; then\n\t      crit \"npm\" \"strict-ssl=false in ~/.npmrc \u2014 TLS certificate validation is disabled\" \\\n\t        \"npm config set strict-ssl true\"\n\t    fi\n\n\t    if grep -qiE '(_authToken|_auth|username|password)\\s*=' \"$HOME/.npmrc\" 2>/dev/null; then\n\t      warn \"npm\" \"Credentials or tokens appear in ~/.npmrc \u2014 prefer environment variables or scoped automation tokens\" \\\n\t        \"Review ~/.npmrc and move tokens out of persistent dotfiles where possible\"\n\t    fi\n\n\t    if grep -qiE '^\\s*always-auth\\s*=\\s*true' \"$HOME/.npmrc\" 2>/dev/null; then\n\t      info \"npm\" \"always-auth=true in ~/.npmrc \u2014 tokens may be sent to every matching registry request\" \\\n\t        \"Scope tokens to the smallest possible registry and package namespace\"\n\t    fi\n\t  fi\n\t}\n\n# \u2500\u2500 pnpm \u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\n\naudit_pnpm() {\n  section \"pnpm ($(pnpm --version 2>/dev/null || echo 'unknown'))\"\n\n  local ignore_scripts\n  ignore_scripts=$(pnpm config get ignore-scripts 2>/dev/null || echo \"undefined\")\n  if [[ \"$ignore_scripts\" == \"true\" ]]; then\n    pass \"pnpm\" \"ignore-scripts is enabled\"\n  else\n    crit \"pnpm\" \"Lifecycle scripts run on install\" \\\n      \"pnpm config set ignore-scripts true\"\n  fi\n\n  info \"pnpm\" \"Consider using pnpm.onlyBuiltDependencies in package.json to allowlist specific packages\" \\\n    \"Add to package.json: { \\\"pnpm\\\": { \\\"onlyBuiltDependencies\\\": [\\\"esbuild\\\"] } }\"\n}\n\n# \u2500\u2500 yarn \u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\n\naudit_yarn() {\n  local yarn_ver\n  yarn_ver=$(yarn --version 2>/dev/null || echo \"unknown\")\n  section \"Yarn ($yarn_ver)\"\n\n  if [[ \"$yarn_ver\" == 1.* ]]; then\n    warn \"yarn\" \"Yarn Classic (v1) \u2014 consider upgrading to Yarn Berry (v3+) for better security\" \"\"\n  fi\n  info \"yarn\" \"Check .yarnrc.yml for enableScripts: false in project roots\" \\\n    \"Add to .yarnrc.yml: enableScripts: false\"\n}\n\n# \u2500\u2500 bun \u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\n\naudit_bun() {\n  section \"Bun ($(bun --version 2>/dev/null || echo 'unknown'))\"\n  pass \"bun\" \"Bun disables lifecycle scripts by default \u2014 secure by design\"\n  info \"bun\" \"Use --trust to allowlist specific packages that need scripts\" \"\"\n}\n\n# \u2500\u2500 pip \u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\n\naudit_pip() {\n  local pip_cmd=\"${1:-pip3}\"\n  section \"$pip_cmd ($(${pip_cmd} --version 2>/dev/null | awk '{print $2}' || echo 'unknown'))\"\n\n  # Check for require-hashes in pip config\n  local pip_conf=\"$HOME/.config/pip/pip.conf\"\n  local pip_conf_alt=\"$HOME/Library/Application Support/pip/pip.conf\"\n  local has_require_hashes=false\n\n  for conf in \"$pip_conf\" \"$pip_conf_alt\"; do\n    if [[ -f \"$conf\" ]] && grep -qi \"require-hashes\" \"$conf\" 2>/dev/null; then\n      has_require_hashes=true\n    fi\n  done\n\n  if $has_require_hashes; then\n    pass \"$pip_cmd\" \"require-hashes is configured\"\n  else\n    warn \"$pip_cmd\" \"require-hashes not set \u2014 packages installed without hash verification\" \\\n      \"Add to ~/.config/pip/pip.conf under [global]: require-hashes = true\"\n  fi\n\n\t  # Check for trusted-host (this DISABLES TLS verification)\n\t  for conf in \"$pip_conf\" \"$pip_conf_alt\"; do\n\t    if [[ -f \"$conf\" ]] && grep -qi \"trusted-host\" \"$conf\" 2>/dev/null; then\n\t      crit \"$pip_cmd\" \"trusted-host found in pip config \u2014 this DISABLES TLS verification for that host\" \\\n\t        \"Remove trusted-host from $conf unless it's an internal HTTP-only mirror\"\n\t    fi\n\t    if [[ -f \"$conf\" ]] && grep -qiE \"^\\s*extra-index-url\\s*=\" \"$conf\" 2>/dev/null; then\n\t      warn \"$pip_cmd\" \"extra-index-url found in pip config \u2014 vulnerable to dependency confusion if package names overlap\" \\\n\t        \"Prefer a single index-url proxy that mirrors public packages and hosts private packages\"\n\t    fi\n\t    if [[ -f \"$conf\" ]] && grep -qiE \"^\\s*index-url\\s*=\\s*http://\" \"$conf\" 2>/dev/null; then\n\t      crit \"$pip_cmd\" \"pip index-url uses HTTP \u2014 package metadata and downloads can be intercepted\" \\\n\t        \"Use an HTTPS package index or trusted internal TLS endpoint\"\n\t    fi\n\t  done\n\n  # Check if pip-audit is available\n  if installed pip-audit; then\n    pass \"$pip_cmd\" \"pip-audit is installed\"\n  else\n    info \"$pip_cmd\" \"pip-audit not installed \u2014 recommended for vulnerability scanning\" \\\n      \"${pip_cmd} install pip-audit\"\n  fi\n}\n\n# \u2500\u2500 uv \u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\n\naudit_uv() {\n  section \"uv ($(uv --version 2>/dev/null | awk '{print $2}' || echo 'unknown'))\"\n  pass \"uv\" \"uv generates lockfiles with hashes by default \u2014 more secure than pip\"\n  pass \"uv\" \"uv does not run setup.py by default \u2014 uses wheel metadata\"\n  info \"uv\" \"Set require-hashes = true in uv.toml for extra safety\" \\\n    \"Add to uv.toml: require-hashes = true\"\n}\n\n# \u2500\u2500 conda \u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\n\naudit_conda() {\n  section \"conda ($(conda --version 2>/dev/null | awk '{print $2}' || echo 'unknown'))\"\n\n  local condarc=\"$HOME/.condarc\"\n\n  if [[ -f \"$condarc\" ]]; then\n    if grep -q \"channel_priority: strict\" \"$condarc\" 2>/dev/null; then\n      pass \"conda\" \"channel_priority is strict\"\n    else\n      warn \"conda\" \"channel_priority not set to strict \u2014 risk of channel hijacking\" \\\n        \"Add to ~/.condarc: channel_priority: strict\"\n    fi\n\n    if grep -q \"ssl_verify: false\" \"$condarc\" 2>/dev/null; then\n      crit \"conda\" \"SSL verification is disabled\" \\\n        \"Set ssl_verify: true in ~/.condarc\"\n    else\n      pass \"conda\" \"SSL verification is enabled\"\n    fi\n\n    if grep -q \"auto_update_conda: false\" \"$condarc\" 2>/dev/null; then\n      pass \"conda\" \"Auto-update of conda is disabled\"\n    else\n      warn \"conda\" \"conda auto-updates itself \u2014 could pull compromised binary\" \\\n        \"Add to ~/.condarc: auto_update_conda: false\"\n    fi\n  else\n    warn \"conda\" \"No ~/.condarc found \u2014 using defaults (flexible channel priority)\" \\\n      \"Create ~/.condarc with: channel_priority: strict\"\n  fi\n}\n\n# \u2500\u2500 cargo \u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\n\naudit_cargo() {\n  section \"Cargo ($(cargo --version 2>/dev/null | awk '{print $2}' || echo 'unknown'))\"\n\n  if installed cargo-audit; then\n    pass \"cargo\" \"cargo-audit is installed\"\n  else\n    warn \"cargo\" \"cargo-audit not installed \u2014 no vulnerability scanning\" \\\n      \"cargo install cargo-audit\"\n  fi\n\n  if installed cargo-vet; then\n    pass \"cargo\" \"cargo-vet is installed (supply chain audit)\"\n  else\n    info \"cargo\" \"cargo-vet not installed \u2014 Mozilla's supply chain review tool\" \\\n      \"cargo install cargo-vet\"\n  fi\n\n  warn \"cargo\" \"build.rs scripts run with full system access \u2014 no stable sandboxing exists\" \\\n    \"Review build.rs in dependencies: find ~/.cargo/registry -name build.rs | head -20\"\n}\n\n# \u2500\u2500 go \u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\n\naudit_go() {\n  section \"Go ($(go version 2>/dev/null | awk '{print $3}' || echo 'unknown'))\"\n\n  local gosumdb\n  gosumdb=$(go env GOSUMDB 2>/dev/null || echo \"\")\n  if [[ \"$gosumdb\" == \"off\" ]]; then\n    crit \"go\" \"GOSUMDB=off \u2014 public module checksum verification is disabled\" \\\n      \"go env -w GOSUMDB=sum.golang.org\"\n  else\n    pass \"go\" \"GOSUMDB is enabled (${gosumdb:-default})\"\n  fi\n\n  local gonosumdb\n  gonosumdb=$(go env GONOSUMDB 2>/dev/null || echo \"\")\n  if [[ -z \"$gonosumdb\" ]]; then\n    pass \"go\" \"GONOSUMDB is empty \u2014 modules use checksum database unless private\"\n  elif [[ \"$gonosumdb\" == \"*\" ]]; then\n    crit \"go\" \"GONOSUMDB=* \u2014 ALL checksum verification is disabled\" \\\n      \"go env -w GONOSUMDB=''\"\n  else\n    info \"go\" \"GONOSUMDB=$gonosumdb \u2014 matching modules skip public checksum verification\" \"\"\n  fi\n\n  local goproxy\n  goproxy=$(go env GOPROXY 2>/dev/null || echo \"\")\n  if [[ \"$goproxy\" == \"direct\" ]]; then\n    warn \"go\" \"GOPROXY=direct \u2014 bypasses module proxy caching and checksum mirror workflow\" \\\n      \"go env -w GOPROXY=https://proxy.golang.org,direct\"\n  else\n    pass \"go\" \"GOPROXY is set to ${goproxy:-default}\"\n  fi\n\n  local goflags\n  goflags=$(go env GOFLAGS 2>/dev/null || echo \"\")\n  if [[ \"$goflags\" == *\"-mod=readonly\"* || \"$goflags\" == *\"-mod=vendor\"* ]]; then\n    pass \"go\" \"GOFLAGS includes -mod=readonly or -mod=vendor\"\n  else\n    warn \"go\" \"GOFLAGS does not enforce read-only module graph\" \\\n      \"go env -w GOFLAGS='-mod=readonly'\"\n  fi\n\n  if installed govulncheck; then\n    pass \"go\" \"govulncheck is installed\"\n  else\n    info \"go\" \"govulncheck not installed \u2014 official Go vulnerability checker\" \\\n      \"go install golang.org/x/vuln/cmd/govulncheck@latest\"\n  fi\n}\n\n# \u2500\u2500 homebrew \u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\n\naudit_homebrew() {\n  section \"Homebrew ($(brew --version 2>/dev/null | head -1 | awk '{print $2}' || echo 'unknown'))\"\n\n  # Check for third-party taps\n  local taps\n  taps=$(brew tap 2>/dev/null || echo \"\")\n  local third_party\n  third_party=$(echo \"$taps\" | grep -v \"^homebrew/\" || true)\n  if [[ -n \"$third_party\" ]]; then\n    local tap_count\n    tap_count=$(echo \"$third_party\" | wc -l | tr -d ' ')\n    warn \"homebrew\" \"$tap_count third-party tap(s) installed \u2014 verify these are trusted\" \\\n      \"Review: brew tap | grep -v homebrew/\"\n    while IFS= read -r tap; do\n      [[ -n \"$tap\" ]] && info \"homebrew\" \"  Third-party tap: $tap\" \"\"\n    done <<< \"$third_party\"\n  else\n    pass \"homebrew\" \"No third-party taps installed\"\n  fi\n\n  if [[ \"${HOMEBREW_NO_AUTO_UPDATE:-0}\" == \"1\" ]]; then\n    pass \"homebrew\" \"HOMEBREW_NO_AUTO_UPDATE=1 \u2014 manual update control\"\n  else\n    info \"homebrew\" \"Auto-update is enabled (default) \u2014 consider manual control\" \\\n      \"export HOMEBREW_NO_AUTO_UPDATE=1  # add to ~/.zshrc\"\n  fi\n\n  if [[ \"${HOMEBREW_NO_ANALYTICS:-0}\" == \"1\" ]]; then\n    pass \"homebrew\" \"Analytics are disabled\"\n  else\n    warn \"homebrew\" \"Analytics are enabled \u2014 sends telemetry to Homebrew\" \\\n      \"export HOMEBREW_NO_ANALYTICS=1  # add to ~/.zshrc\"\n  fi\n\n  local cask_opts=\"${HOMEBREW_CASK_OPTS:-}\"\n  if [[ \"$cask_opts\" == *\"--no-quarantine\"* ]]; then\n    crit \"homebrew\" \"HOMEBREW_CASK_OPTS contains --no-quarantine \u2014 bypasses macOS Gatekeeper\" \\\n      \"Remove --no-quarantine from HOMEBREW_CASK_OPTS in ~/.zshrc\"\n  else\n    pass \"homebrew\" \"Cask quarantine is enabled (Gatekeeper active)\"\n  fi\n}\n\n# \u2500\u2500 VS Code \u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\n\naudit_vscode() {\n  local code_cmd=\"\"\n  if installed code; then\n    code_cmd=\"code\"\n  elif installed code-insiders; then\n    code_cmd=\"code-insiders\"\n  fi\n\n  section \"VS Code ($code_cmd)\"\n\n  local settings_file=\"$HOME/Library/Application Support/Code/User/settings.json\"\n  if [[ \"$code_cmd\" == \"code-insiders\" ]]; then\n    settings_file=\"$HOME/Library/Application Support/Code - Insiders/User/settings.json\"\n  fi\n\n  if [[ ! -f \"$settings_file\" ]]; then\n    info \"vscode\" \"No settings.json found at expected path\" \"\"\n    return\n  fi\n\n  # Helper to read a VS Code setting from JSONC\n  _vscode_setting() {\n    python3 -c \"\nimport json, re\nwith open('$settings_file') as f:\n    content = f.read()\n    content = re.sub(r'//.*$', '', content, flags=re.MULTILINE)\n    content = re.sub(r'/\\*.*?\\*/', '', content, flags=re.DOTALL)\n    content = re.sub(r',\\s*([}\\]])', r'\\1', content)\n    try:\n        d = json.loads(content)\n        print(d.get('$1', 'NOT_SET'))\n    except: print('PARSE_ERROR')\n\" 2>/dev/null || echo \"PARSE_ERROR\"\n  }\n\n  # Check autoUpdate\n  local auto_update\n  auto_update=$(_vscode_setting \"extensions.autoUpdate\")\n\n  if [[ \"$auto_update\" == \"false\" || \"$auto_update\" == \"False\" ]]; then\n    pass \"vscode\" \"Extension auto-update is disabled\"\n  elif [[ \"$auto_update\" == \"PARSE_ERROR\" ]]; then\n    info \"vscode\" \"Could not parse settings.json \u2014 check manually\" \"\"\n  else\n    crit \"vscode\" \"Extension auto-update is enabled \u2014 compromised updates install silently\" \\\n      \"Add to VS Code settings.json: \\\"extensions.autoUpdate\\\": false\"\n  fi\n\n  # Check autoCheckUpdates\n  local auto_check\n  auto_check=$(_vscode_setting \"extensions.autoCheckUpdates\")\n\n  if [[ \"$auto_check\" == \"false\" || \"$auto_check\" == \"False\" ]]; then\n    pass \"vscode\" \"Extension auto-check for updates is disabled\"\n  elif [[ \"$auto_check\" != \"PARSE_ERROR\" ]]; then\n    warn \"vscode\" \"Extension auto-check for updates is enabled\" \\\n      \"Add to VS Code settings.json: \\\"extensions.autoCheckUpdates\\\": false\"\n  fi\n\n  # Check task.allowAutomaticTasks\n  local auto_tasks\n  auto_tasks=$(_vscode_setting \"task.allowAutomaticTasks\")\n\n  if [[ \"$auto_tasks\" == \"off\" ]]; then\n    pass \"vscode\" \"Automatic task execution is disabled\"\n  elif [[ \"$auto_tasks\" != \"PARSE_ERROR\" ]]; then\n    crit \"vscode\" \"Automatic tasks enabled \u2014 .vscode/tasks.json can execute code on folder open\" \\\n      \"Add to VS Code settings.json: \\\"task.allowAutomaticTasks\\\": \\\"off\\\"\"\n  fi\n\n  # Check workspace trust\n  local workspace_trust\n  workspace_trust=$(_vscode_setting \"security.workspace.trust.enabled\")\n\n  if [[ \"$workspace_trust\" == \"false\" || \"$workspace_trust\" == \"False\" ]]; then\n    crit \"vscode\" \"Workspace Trust is disabled \u2014 all folders are trusted\" \\\n      \"Set in VS Code settings.json: \\\"security.workspace.trust.enabled\\\": true\"\n  else\n    pass \"vscode\" \"Workspace Trust is enabled (or default)\"\n  fi\n\n  # Count installed extensions\n  if [[ -n \"$code_cmd\" ]]; then\n    local ext_count\n    ext_count=$($code_cmd --list-extensions 2>/dev/null | wc -l | tr -d ' ')\n    info \"vscode\" \"$ext_count extensions installed \u2014 review periodically\" \\\n      \"$code_cmd --list-extensions\"\n  fi\n}\n\n# \u2500\u2500 Docker \u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\n\naudit_docker() {\n  section \"Docker ($(docker --version 2>/dev/null | awk '{print $3}' | tr -d ',' || echo 'unknown'))\"\n\n  if [[ \"${DOCKER_CONTENT_TRUST:-0}\" == \"1\" ]]; then\n    info \"docker\" \"DOCKER_CONTENT_TRUST=1 is set, but Docker Content Trust is legacy and has limited modern coverage\" \\\n      \"Prefer digest-pinned images plus cosign/notation verification for critical images\"\n  else\n    info \"docker\" \"Docker Content Trust is not enabled; use digest pinning and modern signature verification instead\" \\\n      \"Pin Dockerfiles with @sha256 and verify important images with cosign or notation\"\n  fi\n\n  # Check credential storage\n  local docker_config=\"$HOME/.docker/config.json\"\n  if [[ -f \"$docker_config\" ]]; then\n    local creds_store\n    creds_store=$(python3 -c \"\nimport json\nwith open('$docker_config') as f:\n    d = json.load(f)\n    print(d.get('credsStore', 'NONE'))\n\" 2>/dev/null || echo \"UNKNOWN\")\n\n    if [[ \"$creds_store\" == \"osxkeychain\" || \"$creds_store\" == \"desktop\" ]]; then\n      pass \"docker\" \"Credentials stored in macOS Keychain ($creds_store)\"\n    elif [[ \"$creds_store\" == \"NONE\" ]]; then\n      warn \"docker\" \"No credential store configured \u2014 credentials may be in plaintext\" \\\n        \"Add to ~/.docker/config.json: \\\"credsStore\\\": \\\"osxkeychain\\\"\"\n    else\n      info \"docker\" \"Credential store: $creds_store\" \"\"\n    fi\n\n    # Check for stored auth tokens in plaintext\n    local has_auths\n    has_auths=$(python3 -c \"\nimport json\nwith open('$docker_config') as f:\n    d = json.load(f)\n    auths = d.get('auths', {})\n    has_auth = any('auth' in v for v in auths.values() if isinstance(v, dict))\n    print('yes' if has_auth else 'no')\n\" 2>/dev/null || echo \"unknown\")\n\n    if [[ \"$has_auths\" == \"yes\" ]]; then\n      crit \"docker\" \"Plaintext credentials found in ~/.docker/config.json\" \\\n        \"Use a credential store: docker-credential-osxkeychain\"\n    fi\n  fi\n}\n\n# \u2500\u2500 Git Hooks \u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\n\naudit_git() {\n  section \"Git ($(git --version 2>/dev/null | awk '{print $3}' || echo 'unknown'))\"\n\n  # Check global hooks path\n  local hooks_path\n  hooks_path=$(git config --global core.hooksPath 2>/dev/null || echo \"NOT_SET\")\n  if [[ \"$hooks_path\" == \"NOT_SET\" || -z \"$hooks_path\" ]]; then\n    info \"git\" \"No global core.hooksPath set \u2014 repos use their own .git/hooks/\" \\\n      \"git config --global core.hooksPath ~/.git-hooks  # to control hook execution\"\n  else\n    pass \"git\" \"Global hooks path: $hooks_path\"\n  fi\n\n  # Check for filter drivers (clean/smudge can execute arbitrary code)\n  local filters\n  filters=$(git config --global --get-regexp 'filter\\..*\\.(clean|smudge)' 2>/dev/null || true)\n  if [[ -n \"$filters\" ]]; then\n    warn \"git\" \"Git filter drivers configured \u2014 these execute on checkout/staging\" \\\n      \"Review: git config --global --get-regexp filter\"\n  fi\n\n  # Check safe.directory\n  local safe_dirs\n  safe_dirs=$(git config --global --get-all safe.directory 2>/dev/null || true)\n  if [[ \"$safe_dirs\" == \"*\" ]]; then\n    crit \"git\" \"safe.directory is set to * \u2014 trusts ALL directories\" \\\n      \"git config --global --unset-all safe.directory && add specific paths\"\n  elif [[ -n \"$safe_dirs\" ]]; then\n    info \"git\" \"safe.directory has explicit entries \u2014 review periodically\" \"\"\n  fi\n}\n\n# \u2500\u2500 GitHub Actions \u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\n\naudit_github_actions() {\n  section \"GitHub Actions (local workflow files)\"\n\n  local code_dirs=(\"${CODE_DIRS[@]}\" \".\")\n  local unpinned_count=0\n  local scanned_files=0\n\n  for base in \"${code_dirs[@]}\"; do\n    [[ -d \"$base\" ]] || continue\n    while IFS= read -r workflow; do\n      ((++scanned_files))\n      local unpinned\n      unpinned=$(python3 - \"$workflow\" <<'PY' 2>/dev/null || true\nimport re\nimport sys\n\nworkflow = sys.argv[1]\nbad = []\nuses_re = re.compile(r\"^\\s*uses:\\s*['\\\"]?([^'\\\"\\s#]+)\")\nsha_re = re.compile(r\"^[a-fA-F0-9]{40}$\")\n\nwith open(workflow, encoding=\"utf-8\", errors=\"ignore\") as fh:\n    for lineno, line in enumerate(fh, 1):\n        match = uses_re.search(line)\n        if not match:\n            continue\n\n        spec = match.group(1)\n        if spec.startswith((\"./\", \"../\")):\n            continue\n\n        if spec.startswith(\"docker://\"):\n            if \"@sha256:\" not in spec:\n                bad.append(f\"{lineno}:{line.rstrip()}\")\n            continue\n\n        if \"@\" not in spec:\n            bad.append(f\"{lineno}:{line.rstrip()}\")\n            continue\n\n        ref = spec.rsplit(\"@\", 1)[1]\n        if not sha_re.fullmatch(ref):\n            bad.append(f\"{lineno}:{line.rstrip()}\")\n\n        if len(bad) >= 5:\n            break\n\nprint(\"\\n\".join(bad))\nPY\n)\n      if [[ -n \"$unpinned\" ]]; then\n        ((++unpinned_count))\n        if [[ $unpinned_count -le 3 ]]; then\n          local rel_path=\"${workflow#\"$HOME\"/}\"\n          warn \"github-actions\" \"Unpinned action refs in ~/$rel_path (tags, branches, or docker tags)\" \\\n            \"Pin to SHA: npm install -g pin-github-action && pin-github-action $workflow\"\n        fi\n      fi\n    done < <(find \"$base\" -maxdepth \"$SCAN_DEPTH\" \\( -path '*/.github/workflows/*.yml' -o -path '*/.github/workflows/*.yaml' \\) 2>/dev/null || true)\n  done\n\n  if [[ $scanned_files -eq 0 ]]; then\n    info \"github-actions\" \"No workflow files found in common code directories\" \"\"\n  elif [[ $unpinned_count -eq 0 ]]; then\n    pass \"github-actions\" \"All $scanned_files workflow files use pinned references\"\n  else\n    [[ $unpinned_count -gt 3 ]] && warn \"github-actions\" \"...and $((unpinned_count - 3)) more files with unpinned actions\" \"\"\n    info \"github-actions\" \"Use pin-github-action to auto-pin: npx pin-github-action \" \"\"\n  fi\n}\n\n# \u2500\u2500 Chrome Extensions \u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\n\naudit_chrome() {\n  section \"Chrome Extensions\"\n\n  local chrome_ext_dir=\"$HOME/Library/Application Support/Google/Chrome/Default/Extensions\"\n  if [[ ! -d \"$chrome_ext_dir\" ]]; then\n    info \"chrome\" \"Chrome extensions directory not found\" \"\"\n    return\n  fi\n\n  local ext_count=0\n  local high_perm_count=0\n\n  for dir in \"$chrome_ext_dir\"/*/; do\n    [[ -d \"$dir\" ]] || continue\n    ((++ext_count))\n    local manifest\n    manifest=$(find \"$dir\" -name \"manifest.json\" -maxdepth 2 2>/dev/null | head -1)\n    if [[ -f \"$manifest\" ]]; then\n      local has_all_urls\n      has_all_urls=$(python3 -c \"\nimport json\ntry:\n    m = json.load(open('$manifest'))\n    perms = m.get('permissions', []) + m.get('host_permissions', [])\n    perms_str = ' '.join(str(p) for p in perms)\n    if '' in perms_str or '*://*/*' in perms_str or 'cookies' in perms_str:\n        print('yes')\n    else:\n        print('no')\nexcept: print('error')\n\" 2>/dev/null || echo \"error\")\n      [[ \"$has_all_urls\" == \"yes\" ]] && ((++high_perm_count))\n    fi\n  done\n\n  info \"chrome\" \"$ext_count extensions installed\" \"\"\n  if [[ $high_perm_count -gt 0 ]]; then\n    warn \"chrome\" \"$high_perm_count extension(s) have broad permissions (, cookies, or *://*/*)\" \\\n      \"Audit at chrome://extensions \u2014 review permissions for each extension\"\n  else\n    pass \"chrome\" \"No extensions with broad permissions detected\"\n  fi\n}\n\n# \u2500\u2500 Ruby/Bundler \u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\n\naudit_ruby() {\n  section \"Ruby/Bundler ($(ruby --version 2>/dev/null | awk '{print $2}' || echo 'unknown'))\"\n\n  if installed bundle; then\n    if installed bundler-audit || gem list -i bundler-audit &>/dev/null; then\n      pass \"ruby\" \"bundler-audit is installed\"\n    else\n      info \"ruby\" \"bundler-audit not installed \u2014 vulnerability scanning for gems\" \\\n        \"gem install bundler-audit\"\n    fi\n\n    local frozen\n    frozen=$(bundle config get frozen 2>/dev/null | grep -o 'true\\|false' | head -1 || echo \"unknown\")\n    if [[ \"$frozen\" == \"true\" ]]; then\n      pass \"ruby\" \"Bundler frozen mode is enabled\"\n    else\n      warn \"ruby\" \"Bundler frozen mode is not set \u2014 Gemfile.lock can mutate\" \\\n        \"bundle config set --global frozen true\"\n    fi\n  fi\n}\n\n# \u2500\u2500 Dependency Pinning Audit \u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\n\naudit_dependency_pinning() {\n  section \"Dependency Pinning (project files)\"\n\n  local code_dirs=(\"${CODE_DIRS[@]}\")\n  # \u2500\u2500 Python: requirements.txt \u2500\u2500\n  local py_unpinned_files=0\n  local py_unpinned_total=0\n  local py_no_hash_files=0\n  local py_files_checked=0\n\n  for base in \"${code_dirs[@]}\"; do\n    [[ -d \"$base\" ]] || continue\n    while IFS= read -r reqfile; do\n      ((++py_files_checked))\n      local rel=\"${reqfile#\"$HOME\"/}\"\n\n      # Check for unpinned deps (lines without == that aren't comments/flags/blanks)\n      local unpinned\n      unpinned=$(grep -cE '^[a-zA-Z][a-zA-Z0-9_.-]*\\s*($|[>/dev/null || true)\n      unpinned=\"${unpinned//[^0-9]/}\"\n      unpinned=\"${unpinned:-0}\"\n      if [[ $unpinned -gt 0 ]]; then\n        ((++py_unpinned_files))\n        py_unpinned_total=$((py_unpinned_total + unpinned))\n        if [[ $py_unpinned_files -le 3 ]]; then\n          warn \"deps-python\" \"$unpinned unpinned dep(s) in ~/$rel\" \\\n            \"Pin with ==: pip-compile --generate-hashes $reqfile\"\n        fi\n      fi\n\n      # Check for missing hashes\n      if ! grep -q -- '--hash=' \"$reqfile\" 2>/dev/null; then\n        ((++py_no_hash_files))\n      fi\n    done < <(find \"$base\" -maxdepth \"$SCAN_DEPTH\" -name \"requirements*.txt\" -not -path \"*/node_modules/*\" -not -path \"*/.venv/*\" -not -path \"*/venv/*\" -not -path \"*/.tox/*\" 2>/dev/null || true)\n  done\n\n  if [[ $py_files_checked -gt 0 ]]; then\n    if [[ $py_unpinned_files -gt 0 ]]; then\n      [[ $py_unpinned_files -gt 3 ]] && warn \"deps-python\" \"...and $((py_unpinned_files - 3)) more requirements files with unpinned deps\" \"\"\n      crit \"deps-python\" \"$py_unpinned_total unpinned Python dep(s) across $py_unpinned_files file(s) \u2014 builds can pull compromised versions\" \\\n        \"Use pip-compile --generate-hashes or pin all deps with ==\"\n    else\n      pass \"deps-python\" \"All $py_files_checked requirements file(s) have pinned versions\"\n    fi\n    if [[ $py_no_hash_files -gt 0 ]]; then\n      warn \"deps-python\" \"$py_no_hash_files requirements file(s) without --hash verification\" \\\n        \"pip-compile --generate-hashes requirements.in\"\n    fi\n  fi\n\n  # \u2500\u2500 Python: pyproject.toml loose constraints \u2500\u2500\n  local pyproj_loose=0\n  local pyproj_checked=0\n  for base in \"${code_dirs[@]}\"; do\n    [[ -d \"$base\" ]] || continue\n    while IFS= read -r pyproj; do\n      ((++pyproj_checked))\n      local rel=\"${pyproj#\"$HOME\"/}\"\n      # Look for dependencies with >= or ~= or > or * (loose constraints)\n      local loose\n\t      loose=$(python3 - \"$pyproj\" <<'PY' 2>/dev/null || echo \"0\"\nimport re\nimport sys\n\npath = sys.argv[1]\ntry:\n    try:\n        import tomllib\n    except ModuleNotFoundError:\n        import tomli as tomllib\n\n    with open(path, \"rb\") as fh:\n        data = tomllib.load(fh)\n\n    specs = []\n\n    def add_spec(value):\n        if isinstance(value, str):\n            specs.append(value)\n        elif isinstance(value, list):\n            for item in value:\n                add_spec(item)\n        elif isinstance(value, dict):\n            version = value.get(\"version\")\n            if version is not None:\n                add_spec(str(version))\n            for nested in value.values():\n                if isinstance(nested, (list, dict)):\n                    add_spec(nested)\n\n    project = data.get(\"project\", {})\n    add_spec(project.get(\"dependencies\", []))\n    add_spec(project.get(\"optional-dependencies\", {}))\n    add_spec(data.get(\"dependency-groups\", {}))\n\n    poetry = data.get(\"tool\", {}).get(\"poetry\", {})\n    add_spec(poetry.get(\"dependencies\", {}))\n    add_spec(poetry.get(\"group\", {}))\n    add_spec(poetry.get(\"dev-dependencies\", {}))\n\n    loose = 0\n    for spec in specs:\n        s = str(spec).strip()\n        if not s or s.lower().startswith(\"python\"):\n            continue\n        if re.search(r\"(^|[<>=!,\\s])([>~^*]|>=|>|!=)|\\*\", s):\n            loose += 1\n        elif re.match(r\"^[A-Za-z0-9_.-]+$\", s):\n            loose += 1\n\n    print(loose)\nexcept Exception:\n    print(0)\nPY\n)\n      loose=\"${loose//[^0-9]/}\"\n      loose=\"${loose:-0}\"\n      if [[ $loose -gt 0 ]]; then\n        ((++pyproj_loose))\n        if [[ $pyproj_loose -le 2 ]]; then\n          warn \"deps-python\" \"$loose loosely pinned dep(s) in ~/$rel\" \\\n            \"Consider pinning to exact versions in production dependencies\"\n        fi\n      fi\n    done < <(find \"$base\" -maxdepth \"$SCAN_DEPTH\" -name \"pyproject.toml\" -not -path \"*/node_modules/*\" -not -path \"*/.venv/*\" 2>/dev/null || true)\n  done\n\n  # \u2500\u2500 JavaScript: missing lockfiles \u2500\u2500\n  local js_no_lock=0\n  local js_checked=0\n  local js_unpinned_files=0\n\n  for base in \"${code_dirs[@]}\"; do\n    [[ -d \"$base\" ]] || continue\n    while IFS= read -r pkgjson; do\n      local dir\n      dir=$(dirname \"$pkgjson\")\n      local rel=\"${dir#\"$HOME\"/}\"\n      ((++js_checked))\n\n      # Check for ANY lockfile\n      if [[ ! -f \"$dir/package-lock.json\" && ! -f \"$dir/yarn.lock\" && ! -f \"$dir/pnpm-lock.yaml\" && ! -f \"$dir/bun.lockb\" && ! -f \"$dir/bun.lock\" ]]; then\n        ((++js_no_lock))\n        if [[ $js_no_lock -le 3 ]]; then\n          crit \"deps-js\" \"No lockfile in ~/$rel \u2014 builds are non-deterministic\" \\\n            \"cd ~/$rel && npm install  # generates package-lock.json\"\n        fi\n      fi\n\n      # Check for dangerous version ranges: *, latest, >=, or no range at all\n      local dangerous\n      dangerous=$(python3 -c \"\nimport json\ntry:\n    pkg = json.load(open('$pkgjson'))\n    count = 0\n    for section in ['dependencies', 'devDependencies']:\n        deps = pkg.get(section, {})\n        for name, ver in deps.items():\n            v = str(ver).strip()\n            if v in ('*', 'latest', '') or v.startswith('>=') or v.startswith('>'):\n                count += 1\n    print(count)\nexcept: print(0)\n\" 2>/dev/null || echo \"0\")\n      dangerous=\"${dangerous//[^0-9]/}\"\n      dangerous=\"${dangerous:-0}\"\n      if [[ $dangerous -gt 0 ]]; then\n        ((++js_unpinned_files))\n        if [[ $js_unpinned_files -le 3 ]]; then\n          warn \"deps-js\" \"$dangerous wildcard/unpinned dep(s) in ~/$rel/package.json (*, latest, >=)\" \\\n            \"Pin to specific semver ranges: npm pkg fix\"\n        fi\n      fi\n    done < <(find \"$base\" -maxdepth \"$SCAN_DEPTH\" -name \"package.json\" -not -path \"*/node_modules/*\" -not -path \"*/.next/*\" -not -path \"*/dist/*\" -not -path \"*/.turbo/*\" 2>/dev/null || true)\n  done\n\n  if [[ $js_checked -gt 0 ]]; then\n    if [[ $js_no_lock -gt 0 ]]; then\n      [[ $js_no_lock -gt 3 ]] && crit \"deps-js\" \"...and $((js_no_lock - 3)) more JS projects without lockfiles\" \"\"\n    else\n      pass \"deps-js\" \"All $js_checked JS project(s) have lockfiles\"\n    fi\n    if [[ $js_unpinned_files -gt 3 ]]; then\n      warn \"deps-js\" \"...and $((js_unpinned_files - 3)) more package.json files with wildcard deps\" \"\"\n    fi\n  fi\n\n  # \u2500\u2500 Rust: Cargo.toml without Cargo.lock \u2500\u2500\n  local cargo_no_lock=0\n  local cargo_checked=0\n  for base in \"${code_dirs[@]}\"; do\n    [[ -d \"$base\" ]] || continue\n    while IFS= read -r cargotoml; do\n      local dir\n      dir=$(dirname \"$cargotoml\")\n      # Only check if it looks like a binary project (has [[bin]] or default main.rs)\n      if [[ -f \"$dir/src/main.rs\" ]] || grep -q '\\[\\[bin\\]\\]' \"$cargotoml\" 2>/dev/null; then\n        ((++cargo_checked))\n        if [[ ! -f \"$dir/Cargo.lock\" ]]; then\n          ((++cargo_no_lock))\n          local rel=\"${dir#\"$HOME\"/}\"\n          if [[ $cargo_no_lock -le 2 ]]; then\n            warn \"deps-rust\" \"No Cargo.lock in ~/$rel \u2014 binary builds are non-deterministic\" \\\n              \"cd ~/$rel && cargo generate-lockfile && git add Cargo.lock\"\n          fi\n        fi\n      fi\n    done < <(find \"$base\" -maxdepth \"$SCAN_DEPTH\" -name \"Cargo.toml\" -not -path \"*/target/*\" 2>/dev/null || true)\n  done\n\n  if [[ $cargo_checked -gt 0 && $cargo_no_lock -eq 0 ]]; then\n    pass \"deps-rust\" \"All $cargo_checked Rust binary project(s) have Cargo.lock\"\n  fi\n\n  # \u2500\u2500 Go: go.mod without go.sum \u2500\u2500\n  local go_no_sum=0\n  local go_checked=0\n  for base in \"${code_dirs[@]}\"; do\n    [[ -d \"$base\" ]] || continue\n    while IFS= read -r gomod; do\n      local dir\n      dir=$(dirname \"$gomod\")\n      ((++go_checked))\n      if [[ ! -f \"$dir/go.sum\" ]]; then\n        ((++go_no_sum))\n        local rel=\"${dir#\"$HOME\"/}\"\n        if [[ $go_no_sum -le 2 ]]; then\n          warn \"deps-go\" \"No go.sum in ~/$rel \u2014 module checksums not tracked\" \\\n            \"cd ~/$rel && go mod tidy\"\n        fi\n      fi\n    done < <(find \"$base\" -maxdepth \"$SCAN_DEPTH\" -name \"go.mod\" -not -path \"*/vendor/*\" 2>/dev/null || true)\n  done\n\n  if [[ $go_checked -gt 0 && $go_no_sum -eq 0 ]]; then\n    pass \"deps-go\" \"All $go_checked Go project(s) have go.sum\"\n  fi\n\n  # \u2500\u2500 Docker: Dockerfiles with unpinned base images \u2500\u2500\n  local docker_unpinned=0\n  local docker_checked=0\n  for base in \"${code_dirs[@]}\"; do\n    [[ -d \"$base\" ]] || continue\n    while IFS= read -r dockerfile; do\n      ((++docker_checked))\n\t      # Check external FROM images without @sha256 digest pinning.\n\t      # Multi-stage aliases are allowed, but external base images with \"AS\" still need a digest.\n\t      local real_unpinned\n\t      real_unpinned=$(python3 - \"$dockerfile\" <<'PY' 2>/dev/null || echo \"0\"\nimport re\nimport sys\n\npath = sys.argv[1]\nstages = set()\nunpinned = 0\nfrom_re = re.compile(r\"^\\s*FROM\\s+(.+)$\", re.IGNORECASE)\n\nwith open(path, encoding=\"utf-8\", errors=\"ignore\") as fh:\n    for raw in fh:\n        line = raw.split(\"#\", 1)[0].strip()\n        match = from_re.match(line)\n        if not match:\n            continue\n\n        tokens = match.group(1).split()\n        while tokens and tokens[0].startswith(\"--\"):\n            tokens.pop(0)\n        if not tokens:\n            continue\n\n        image = tokens[0]\n        lower_tokens = [token.lower() for token in tokens]\n        if \"as\" in lower_tokens:\n            idx = lower_tokens.index(\"as\")\n            if idx + 1 < len(tokens):\n                stages.add(tokens[idx + 1])\n\n        if image == \"scratch\" or image in stages:\n            continue\n        if \"@sha256:\" not in image:\n            unpinned += 1\n\nprint(unpinned)\nPY\n)\n      real_unpinned=\"${real_unpinned//[^0-9]/}\"\n      real_unpinned=\"${real_unpinned:-0}\"\n      if [[ $real_unpinned -gt 0 ]]; then\n        ((++docker_unpinned))\n        local rel=\"${dockerfile#\"$HOME\"/}\"\n        if [[ $docker_unpinned -le 3 ]]; then\n          warn \"deps-docker\" \"Unpinned base image(s) in ~/$rel \u2014 tags are mutable\" \\\n            \"Pin by digest: FROM image@sha256:abc123...\"\n        fi\n      fi\n    done < <(find \"$base\" -maxdepth \"$SCAN_DEPTH\" \\( -name \"Dockerfile\" -o -name \"Dockerfile.*\" -o -name \"*.dockerfile\" \\) -not -path \"*/node_modules/*\" 2>/dev/null || true)\n  done\n\n  if [[ $docker_checked -gt 0 ]]; then\n    if [[ $docker_unpinned -eq 0 ]]; then\n      pass \"deps-docker\" \"All $docker_checked Dockerfile(s) use digest-pinned base images\"\n    else\n      [[ $docker_unpinned -gt 3 ]] && warn \"deps-docker\" \"...and $((docker_unpinned - 3)) more Dockerfiles with unpinned images\" \"\"\n    fi\n  fi\n\n  # Summary line\n  local total_scanned=$((py_files_checked + js_checked + cargo_checked + go_checked + docker_checked + pyproj_checked))\n  if [[ $total_scanned -eq 0 ]]; then\n    info \"deps\" \"No dependency files found in common code directories ($HOME/code, etc.)\" \"\"\n  else\n    info \"deps\" \"Scanned $total_scanned dependency manifest(s) across ${#code_dirs[@]} directories\" \"\"\n\t  fi\n\t}\n\n# \u2500\u2500 Secrets & Local Credentials \u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\n\naudit_local_credentials() {\n  section \"Local Credentials & Token Surfaces\"\n\n  local credential_files=(\n    \"$HOME/.npmrc\"\n    \"$HOME/.pypirc\"\n    \"$HOME/.netrc\"\n    \"$HOME/.gem/credentials\"\n    \"$HOME/.cargo/credentials\"\n    \"$HOME/.cargo/credentials.toml\"\n    \"$HOME/.docker/config.json\"\n    \"$HOME/.config/gh/hosts.yml\"\n    \"$HOME/.aws/credentials\"\n    \"$HOME/.config/gcloud/application_default_credentials.json\"\n  )\n\n  local found=0\n  for file in \"${credential_files[@]}\"; do\n    [[ -f \"$file\" ]] || continue\n    ((++found))\n\n    case \"$file\" in\n      \"$HOME/.docker/config.json\")\n        if grep -q '\"auth\"' \"$file\" 2>/dev/null; then\n          crit \"credentials\" \"Docker config stores registry auth material in plaintext/base64 form\" \\\n            \"Configure Docker credential helpers and remove auth entries from ~/.docker/config.json\"\n        else\n          info \"credentials\" \"Docker config exists; no inline auth field detected\" \"\"\n        fi\n        ;;\n      *)\n        if grep -qiE '(token|password|secret|_auth|machine|aws_access_key_id|private_key)' \"$file\" 2>/dev/null; then\n          warn \"credentials\" \"Credential-like material found in ${file#\"$HOME\"/}\" \\\n            \"Review permissions and move long-lived secrets to a keychain, password manager, or short-lived auth flow\"\n        else\n          info \"credentials\" \"Credential file exists: ${file#\"$HOME\"/}\" \"\"\n        fi\n        ;;\n    esac\n\n    local mode\n    mode=$(stat -f \"%Lp\" \"$file\" 2>/dev/null || echo \"\")\n    if [[ -n \"$mode\" && \"$mode\" != \"600\" && \"$mode\" != \"400\" ]]; then\n      warn \"credentials\" \"${file#\"$HOME\"/} permissions are $mode, not owner-only\" \\\n        \"chmod 600 \\\"$file\\\"\"\n    fi\n  done\n\n  local ssh_unencrypted=0\n  if [[ -d \"$HOME/.ssh\" ]]; then\n    local key\n    for key in \"$HOME\"/.ssh/id_*; do\n      [[ -f \"$key\" ]] || continue\n      [[ \"$key\" == *.pub || \"$key\" == *known_hosts* || \"$key\" == *config ]] && continue\n      if ssh-keygen -y -P \"\" -f \"$key\" >/dev/null 2>&1; then\n        ((++ssh_unencrypted))\n      fi\n    done\n  fi\n\n  if [[ $ssh_unencrypted -gt 0 ]]; then\n    warn \"credentials\" \"$ssh_unencrypted SSH private key(s) appear to have no passphrase\" \\\n      \"Rotate or add passphrases with: ssh-keygen -p -f ~/.ssh/id_ed25519\"\n  fi\n\n  if [[ $found -eq 0 && $ssh_unencrypted -eq 0 ]]; then\n    pass \"credentials\" \"No common plaintext credential files found\"\n  fi\n}\n\n# \u2500\u2500 Project Attack Patterns \u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\n\naudit_project_attack_patterns() {\n  section \"Project Attack Patterns\"\n\n  local code_dirs=(\"${CODE_DIRS[@]}\")\n  local remote_install_files=0\n  local env_secret_files=0\n  local devcontainer_unpinned=0\n  local compose_unpinned=0\n  local broad_actions_permissions=0\n  local git_submodule_files=0\n  local git_filter_files=0\n\n  for base in \"${code_dirs[@]}\"; do\n    [[ -d \"$base\" ]] || continue\n\n    while IFS= read -r file; do\n      if grep -qiE '(curl|wget)[^|;&]*(\\||>|bash|sh)|bash\\s+<\\(|sh\\s+<\\(' \"$file\" 2>/dev/null; then\n        ((++remote_install_files))\n        if [[ $remote_install_files -le 3 ]]; then\n          warn \"patterns\" \"Remote install script pattern in ${file#\"$HOME\"/}\" \\\n            \"Download, pin, verify checksum/signature, then execute reviewed scripts\"\n        fi\n      fi\n    done < <(find \"$base\" -maxdepth \"$SCAN_DEPTH\" \\( -name \"Makefile\" -o -name \"*.sh\" -o -name \"*.bash\" -o -name \"*.zsh\" -o -name \"Dockerfile*\" -o -name \"*.md\" \\) -not -path \"*/node_modules/*\" -not -path \"*/.git/*\" 2>/dev/null || true)\n\n    while IFS= read -r envfile; do\n      if grep -qiE '(API_KEY|TOKEN|SECRET|PASSWORD|PRIVATE_KEY|ACCESS_KEY)\\s*=' \"$envfile\" 2>/dev/null; then\n        ((++env_secret_files))\n        if [[ $env_secret_files -le 3 ]]; then\n          warn \"patterns\" \"Secret-like values in ${envfile#\"$HOME\"/}\" \\\n            \"Keep real secrets out of repo files; use .env.example placeholders and secret managers\"\n        fi\n      fi\n    done < <(find \"$base\" -maxdepth \"$SCAN_DEPTH\" \\( -name \".env\" -o -name \".env.*\" \\) -not -name \".env.example\" -not -path \"*/node_modules/*\" -not -path \"*/.git/*\" 2>/dev/null || true)\n\n    while IFS= read -r devcontainer; do\n      if grep -qiE '\"image\"\\s*:\\s*\"[^\"]+:(latest|main|master|edge|dev)\"|\"image\"\\s*:\\s*\"[^\"]+\"(,|$)' \"$devcontainer\" 2>/dev/null && ! grep -q '@sha256:' \"$devcontainer\" 2>/dev/null; then\n        ((++devcontainer_unpinned))\n        if [[ $devcontainer_unpinned -le 3 ]]; then\n          warn \"patterns\" \"Devcontainer image is not digest-pinned in ${devcontainer#\"$HOME\"/}\" \\\n            \"Pin devcontainer images with @sha256 and review devcontainer features\"\n        fi\n      fi\n    done < <(find \"$base\" -maxdepth \"$SCAN_DEPTH\" \\( -name \"devcontainer.json\" -o -path \"*/.devcontainer/devcontainer.json\" \\) 2>/dev/null || true)\n\n    while IFS= read -r compose; do\n      if grep -qiE 'image:\\s*[^@[:space:]]+:(latest|main|master|edge|dev)\\b|image:\\s*[^@[:space:]]+\\s*$' \"$compose\" 2>/dev/null; then\n        ((++compose_unpinned))\n        if [[ $compose_unpinned -le 3 ]]; then\n          warn \"patterns\" \"Docker Compose image may be tag-pinned or implicit latest in ${compose#\"$HOME\"/}\" \\\n            \"Pin Compose images by digest for reproducible local services\"\n        fi\n      fi\n    done < <(find \"$base\" -maxdepth \"$SCAN_DEPTH\" \\( -name \"docker-compose.yml\" -o -name \"docker-compose.yaml\" -o -name \"compose.yml\" -o -name \"compose.yaml\" \\) -not -path \"*/node_modules/*\" 2>/dev/null || true)\n\n    while IFS= read -r workflow; do\n      if grep -qiE '^\\s*permissions:\\s*(write-all|read-all)|^\\s*contents:\\s*write|^\\s*id-token:\\s*write' \"$workflow\" 2>/dev/null; then\n        ((++broad_actions_permissions))\n        if [[ $broad_actions_permissions -le 3 ]]; then\n          warn \"patterns\" \"Broad GitHub Actions permissions in ${workflow#\"$HOME\"/}\" \\\n            \"Set least-privilege permissions per workflow/job and require OIDC only where needed\"\n        fi\n      fi\n    done < <(find \"$base\" -maxdepth \"$SCAN_DEPTH\" \\( -path '*/.github/workflows/*.yml' -o -path '*/.github/workflows/*.yaml' \\) 2>/dev/null || true)\n\n    while IFS= read -r submodule; do\n      ((++git_submodule_files))\n      warn \"patterns\" \"Git submodules found in ${submodule#\"$HOME\"/} \u2014 submodule refs and URLs need review\" \\\n        \"Review .gitmodules URLs, pin submodule commits, and prefer HTTPS/SSH over git://\"\n    done < <(find \"$base\" -maxdepth \"$SCAN_DEPTH\" -name \".gitmodules\" 2>/dev/null || true)\n\n    while IFS= read -r attrs; do\n      if grep -qiE 'filter=|textconv|diff=.*command' \"$attrs\" 2>/dev/null; then\n        ((++git_filter_files))\n        warn \"patterns\" \"Git attributes can invoke filters/diff drivers in ${attrs#\"$HOME\"/}\" \\\n          \"Review filter, textconv, and diff driver config before opening untrusted repos\"\n      fi\n    done < <(find \"$base\" -maxdepth \"$SCAN_DEPTH\" -name \".gitattributes\" -not -path \"*/.git/*\" 2>/dev/null || true)\n  done\n\n  [[ $remote_install_files -gt 3 ]] && warn \"patterns\" \"...and $((remote_install_files - 3)) more files with remote install patterns\" \"\"\n  [[ $env_secret_files -gt 3 ]] && warn \"patterns\" \"...and $((env_secret_files - 3)) more env files with secret-like values\" \"\"\n  [[ $devcontainer_unpinned -gt 3 ]] && warn \"patterns\" \"...and $((devcontainer_unpinned - 3)) more unpinned devcontainer files\" \"\"\n  [[ $compose_unpinned -gt 3 ]] && warn \"patterns\" \"...and $((compose_unpinned - 3)) more Compose files with unpinned images\" \"\"\n\n  local total_patterns=$((remote_install_files + env_secret_files + devcontainer_unpinned + compose_unpinned + broad_actions_permissions + git_submodule_files + git_filter_files))\n  if [[ $total_patterns -eq 0 ]]; then\n    pass \"patterns\" \"No high-risk project attack patterns found in scanned directories\"\n  fi\n}\n\n# \u2500\u2500 Additional Ecosystems \u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\n\naudit_additional_ecosystems() {\n  section \"Additional Ecosystems\"\n\n  local code_dirs=(\"${CODE_DIRS[@]}\")\n  local composer_projects=0\n  local composer_no_lock=0\n  local gradle_projects=0\n  local gradle_no_lock=0\n  local nuget_projects=0\n  local terraform_files=0\n  local terraform_loose=0\n  local swift_projects=0\n  local swift_no_resolved=0\n  local dart_projects=0\n  local dart_no_lock=0\n\n  for base in \"${code_dirs[@]}\"; do\n    [[ -d \"$base\" ]] || continue\n\n    while IFS= read -r composer; do\n      ((++composer_projects))\n      local dir\n      dir=$(dirname \"$composer\")\n      if [[ ! -f \"$dir/composer.lock\" ]]; then\n        ((++composer_no_lock))\n        warn \"deps-php\" \"composer.json without composer.lock in ${dir#\"$HOME\"/}\" \\\n          \"Run composer update intentionally, commit composer.lock, and deploy with composer install\"\n      fi\n    done < <(find \"$base\" -maxdepth \"$SCAN_DEPTH\" -name \"composer.json\" -not -path \"*/vendor/*\" 2>/dev/null || true)\n\n    while IFS= read -r gradle; do\n      ((++gradle_projects))\n      local dir\n      dir=$(dirname \"$gradle\")\n      if [[ ! -f \"$dir/gradle.lockfile\" && ! -d \"$dir/gradle/dependency-locks\" ]]; then\n        ((++gradle_no_lock))\n        info \"deps-jvm\" \"Gradle project without dependency locking in ${dir#\"$HOME\"/}\" \\\n          \"Enable dependencyLocking and commit generated lockfiles\"\n      fi\n    done < <(find \"$base\" -maxdepth \"$SCAN_DEPTH\" \\( -name \"build.gradle\" -o -name \"build.gradle.kts\" \\) -not -path \"*/.gradle/*\" 2>/dev/null || true)\n\n    while IFS= read -r nuget; do\n      ((++nuget_projects))\n      info \"deps-dotnet\" \"NuGet project detected in ${nuget#\"$HOME\"/}\" \\\n        \"Use packages.lock.json with RestoreLockedMode=true and trusted package sources\"\n    done < <(find \"$base\" -maxdepth \"$SCAN_DEPTH\" \\( -name \"*.csproj\" -o -name \"packages.config\" -o -name \"Directory.Packages.props\" \\) -not -path \"*/bin/*\" -not -path \"*/obj/*\" 2>/dev/null || true)\n\n    while IFS= read -r tf; do\n      ((++terraform_files))\n      if grep -qE 'version\\s*=\\s*\"(>=|>|~>|.*\\*)' \"$tf\" 2>/dev/null; then\n        ((++terraform_loose))\n        warn \"deps-iac\" \"Loose Terraform/OpenTofu provider constraint in ${tf#\"$HOME\"/}\" \\\n          \"Pin providers tightly and commit .terraform.lock.hcl\"\n      fi\n    done < <(find \"$base\" -maxdepth \"$SCAN_DEPTH\" -name \"*.tf\" -not -path \"*/.terraform/*\" 2>/dev/null || true)\n\n    while IFS= read -r swift; do\n      ((++swift_projects))\n      local dir\n      dir=$(dirname \"$swift\")\n      if [[ ! -f \"$dir/Package.resolved\" ]]; then\n        ((++swift_no_resolved))\n        warn \"deps-swift\" \"Swift Package.swift without Package.resolved in ${dir#\"$HOME\"/}\" \\\n          \"Run swift package resolve and commit Package.resolved for apps/tools\"\n      fi\n    done < <(find \"$base\" -maxdepth \"$SCAN_DEPTH\" -name \"Package.swift\" -not -path \"*/.build/*\" 2>/dev/null || true)\n\n    while IFS= read -r pubspec; do\n      ((++dart_projects))\n      local dir\n      dir=$(dirname \"$pubspec\")\n      if [[ ! -f \"$dir/pubspec.lock\" ]]; then\n        ((++dart_no_lock))\n        warn \"deps-dart\" \"pubspec.yaml without pubspec.lock in ${dir#\"$HOME\"/}\" \\\n          \"Commit pubspec.lock for apps; use locked installs in CI\"\n      fi\n    done < <(find \"$base\" -maxdepth \"$SCAN_DEPTH\" -name \"pubspec.yaml\" -not -path \"*/.dart_tool/*\" 2>/dev/null || true)\n  done\n\n  [[ $composer_projects -gt 0 && $composer_no_lock -eq 0 ]] && pass \"deps-php\" \"All $composer_projects Composer project(s) have composer.lock\"\n  [[ $gradle_projects -gt 0 && $gradle_no_lock -eq 0 ]] && pass \"deps-jvm\" \"All $gradle_projects Gradle project(s) appear to use dependency locking\"\n  [[ $terraform_files -gt 0 && $terraform_loose -eq 0 ]] && pass \"deps-iac\" \"No loose Terraform provider constraints detected\"\n  [[ $swift_projects -gt 0 && $swift_no_resolved -eq 0 ]] && pass \"deps-swift\" \"All $swift_projects Swift package(s) have Package.resolved\"\n  [[ $dart_projects -gt 0 && $dart_no_lock -eq 0 ]] && pass \"deps-dart\" \"All $dart_projects Dart/Flutter project(s) have pubspec.lock\"\n\n  if [[ $composer_projects -eq 0 && $gradle_projects -eq 0 && $nuget_projects -eq 0 && $terraform_files -eq 0 && $swift_projects -eq 0 && $dart_projects -eq 0 ]]; then\n    info \"ecosystems\" \"No PHP, JVM, .NET, Terraform, Swift, or Dart manifests found in scanned directories\" \"\"\n  fi\n}\n\n# \u2500\u2500 macOS Security Baseline \u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\n\naudit_macos() {\n  section \"macOS Security Baseline\"\n\n  # System Integrity Protection\n  local sip_status\n  sip_status=$(csrutil status 2>/dev/null || echo \"unknown\")\n  if [[ \"$sip_status\" == *\"enabled\"* ]]; then\n    pass \"macos\" \"System Integrity Protection (SIP) is enabled\"\n  else\n    crit \"macos\" \"SIP is disabled \u2014 system files are unprotected\" \\\n      \"Reboot to Recovery Mode \u2192 csrutil enable\"\n  fi\n\n  # Gatekeeper\n  local gk_status\n  gk_status=$(spctl --status 2>/dev/null || echo \"unknown\")\n  if [[ \"$gk_status\" == *\"assessments enabled\"* ]]; then\n    pass \"macos\" \"Gatekeeper is enabled\"\n  else\n    crit \"macos\" \"Gatekeeper is disabled \u2014 unsigned apps can run freely\" \\\n      \"sudo spctl --master-enable\"\n  fi\n\n  # FileVault\n  local fv_status\n  fv_status=$(fdesetup status 2>/dev/null || echo \"unknown\")\n  if [[ \"$fv_status\" == *\"On\"* ]]; then\n    pass \"macos\" \"FileVault disk encryption is enabled\"\n  else\n    warn \"macos\" \"FileVault is not enabled \u2014 disk is not encrypted\" \\\n      \"System Settings \u2192 Privacy & Security \u2192 FileVault \u2192 Turn On\"\n  fi\n\n  # Firewall\n  local fw_status\n  fw_status=$(/usr/libexec/ApplicationFirewall/socketfilterfw --getglobalstate 2>/dev/null || echo \"unknown\")\n  if [[ \"$fw_status\" == *\"enabled\"* ]]; then\n    pass \"macos\" \"Application firewall is enabled\"\n  else\n    warn \"macos\" \"Application firewall is disabled\" \\\n      \"sudo /usr/libexec/ApplicationFirewall/socketfilterfw --setglobalstate on\"\n  fi\n}\n\n# \u2500\u2500 Vulnerability Scanners \u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\n\naudit_scanners() {\n  section \"Vulnerability Scanners (meta-tools)\"\n\n  local has_scanner=false\n\n  if installed osv-scanner; then\n    pass \"scanners\" \"osv-scanner is installed \u2014 multi-ecosystem CVE scanner\"\n    has_scanner=true\n  else\n    info \"scanners\" \"osv-scanner not installed (Google, free, widest coverage)\" \\\n      \"brew install osv-scanner  # or: go install github.com/google/osv-scanner/v2/cmd/osv-scanner@latest\"\n  fi\n\n  if installed trivy; then\n    pass \"scanners\" \"trivy is installed \u2014 vulns + secrets + IaC scanning\"\n    has_scanner=true\n  else\n    info \"scanners\" \"trivy not installed (Aqua, free, vuln + secrets + misconfig)\" \\\n      \"brew install trivy\"\n  fi\n\n  if installed grype; then\n    pass \"scanners\" \"grype is installed \u2014 vulnerability scanner\"\n    has_scanner=true\n  else\n    info \"scanners\" \"grype not installed (Anchore, free, image + filesystem)\" \"\"\n  fi\n\n\t  if installed syft; then\n\t    pass \"scanners\" \"syft is installed \u2014 SBOM generation\"\n\t  else\n\t    info \"scanners\" \"syft not installed \u2014 generates SBOMs for compliance/auditing\" \\\n\t      \"brew install syft\"\n\t  fi\n\n  if installed cosign; then\n    pass \"scanners\" \"cosign is installed \u2014 container/artifact signature verification\"\n  else\n    info \"scanners\" \"cosign not installed \u2014 recommended for verifying signed containers and artifacts\" \\\n      \"brew install cosign\"\n  fi\n\n  if installed gitleaks; then\n    pass \"scanners\" \"gitleaks is installed \u2014 repository secret scanning\"\n  else\n    info \"scanners\" \"gitleaks not installed \u2014 catches committed secrets before push\" \\\n      \"brew install gitleaks\"\n  fi\n\n  if installed pre-commit; then\n    pass \"scanners\" \"pre-commit is installed \u2014 useful for local policy gates\"\n  else\n    info \"scanners\" \"pre-commit not installed \u2014 useful for secret and lint hooks before commit\" \\\n      \"brew install pre-commit\"\n  fi\n\n  if ! $has_scanner; then\n    warn \"scanners\" \"No multi-ecosystem vulnerability scanner installed\" \\\n      \"brew install osv-scanner trivy\"\n  fi\n}\n\n# \u2500\u2500 MCP Servers (Claude/Cursor) \u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\n# AI coding tools accept MCP server definitions that can run arbitrary code or\n# call arbitrary HTTP endpoints. A single rogue MCP added to ~/.claude.json gives\n# the attacker tool-call access to your sessions.\n\naudit_mcp_servers() {\n  section \"MCP Servers (~/.claude.json)\" \"mcp_servers\"\n\n  local claude_json=\"$HOME/.claude.json\"\n  if [[ ! -f \"$claude_json\" ]]; then\n    info \"mcp\" \"No ~/.claude.json \u2014 Claude Code not configured here\"\n    return\n  fi\n\n  local servers=\"\"\n  if installed jq; then\n    servers=\"$(jq -r '\n      .mcpServers // {} | to_entries[]\n      | \"\\(.key)\\t\\(.value.type // \"stdio\")\\t\\(.value.url // .value.command // \"?\")\"\n    ' \"$claude_json\" 2>/dev/null || true)\"\n  fi\n\n  if [[ -z \"$servers\" ]]; then\n    pass \"mcp\" \"No MCP servers configured\"\n    return\n  fi\n\n  # Known-safe URLs/commands. Anything else gets flagged for manual review.\n  local safe_pattern='^(https://(api\\.anthropic\\.com|dash\\.brain-ai\\.dev|.*\\.githubusercontent\\.com|mcp\\.openai\\.com)|/nix/store/|/usr/local/|/opt/homebrew/|npx |node |uvx |python )'\n\n  while IFS=$'\\t' read -r name typ target; do\n    [[ -z \"$name\" ]] && continue\n    if printf '%s' \"$target\" | grep -qE \"$safe_pattern\"; then\n      pass \"mcp\" \"MCP $name [$typ] \u2192 $target\"\n    else\n      crit \"mcp\" \"Unrecognized MCP server: $name [$typ] \u2192 $target\" \\\n        \"Inspect ~/.claude.json; remove with: jq 'del(.mcpServers.\\\"$name\\\")' ~/.claude.json | sponge ~/.claude.json\"\n    fi\n  done <<< \"$servers\"\n}\n\n# \u2500\u2500 Known-bad packages (offline lockfile match) \u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\n# Curated list of compromised packages from 2024\u20132026. Matches against\n# package-lock.json / pnpm-lock.yaml / uv.lock without hitting the network.\n# Update the lists below as new supply-chain incidents are disclosed.\n\naudit_known_bad_pkgs() {\n  section \"Known-bad package signatures\" \"known_bad_pkgs\"\n\n  local KNOWN_BAD_NPM\n  KNOWN_BAD_NPM=$(cat <<'NPMBAD'\n@ctrl/tinycolor|*|GHSA-7vfx-9hwp-c2x4|critical\n@nx/devkit|17.3.0|GHSA-cxm3-wv7p-998c|critical\n@nx/devkit|20.5.0|GHSA-cxm3-wv7p-998c|critical\n@nx/devkit|21.5.0|GHSA-cxm3-wv7p-998c|critical\nnx|17.3.0|GHSA-cxm3-wv7p-998c|critical\nnx|20.5.0|GHSA-cxm3-wv7p-998c|critical\nnx|21.5.0|GHSA-cxm3-wv7p-998c|critical\nngx-bootstrap|18.1.4|shai-hulud-2025|critical\nngx-toastr|19.0.2|shai-hulud-2025|critical\n@crowdstrike/falcon-shoelace|0.4.2|shai-hulud-2025|critical\nevent-stream|3.3.6|CVE-2018-1000620|critical\nua-parser-js|0.7.29|CVE-2021-44906|critical\nua-parser-js|0.8.0|CVE-2021-44906|critical\nua-parser-js|1.0.0|CVE-2021-44906|critical\nrc|1.2.9|GHSA-g2q5-5433-rhrf|critical\nrc|1.3.9|GHSA-g2q5-5433-rhrf|critical\nrc|2.3.9|GHSA-g2q5-5433-rhrf|critical\ncoa|2.0.3|GHSA-73qr-pfmq-6rp6|critical\ncoa|2.0.4|GHSA-73qr-pfmq-6rp6|critical\ncoa|2.1.1|GHSA-73qr-pfmq-6rp6|critical\nnode-ipc|10.1.1|CVE-2022-23812|critical\nnode-ipc|10.1.2|CVE-2022-23812|critical\nnode-ipc|11.0.0|CVE-2022-23812|critical\nnode-ipc|11.1.0|CVE-2022-23812|critical\nflatmap-stream|*|CVE-2018-16487|critical\neslint-scope|3.7.2|CVE-2018-7408|critical\nNPMBAD\n  )\n\n  local KNOWN_BAD_PY\n  KNOWN_BAD_PY=$(cat <<'PYBAD'\nctx|*|CVE-2022-29217|critical\nphpass|*|typosquat|critical\nPYBAD\n  )\n\n  # Match helper: glob \"*\" wildcards, else exact-equal\n  _kbp_match() {\n    local glob=\"$1\" v=\"$2\"\n    [[ \"$glob\" == \"*\" ]] && return 0\n    # shellcheck disable=SC2053\n    [[ \"$v\" == $glob ]]\n  }\n\n  # Extract pkg+version pairs from a lockfile\n  _kbp_extract_npm() {\n    local lf=\"$1\"\n    if installed jq; then\n      jq -r '(.packages // {}) | to_entries[]\n        | select(.key != \"\")\n        | \"\\(.key | sub(\"^node_modules/\"; \"\") | sub(\".*/node_modules/\"; \"\"))\\t\\(.value.version // \"\")\"' \"$lf\" 2>/dev/null\n    fi\n  }\n  _kbp_extract_pnpm() {\n    local lf=\"$1\"\n    grep -oE \"/[@a-zA-Z0-9_./-]+@[0-9][a-zA-Z0-9.+_-]*\" \"$lf\" 2>/dev/null \\\n      | sed 's|^/||' \\\n      | awk -F'@' '{ if (NF==2) print $1 \"\\t\" $2; else if (NF==3) print \"@\" $2 \"\\t\" $3 }'\n  }\n  _kbp_extract_uv() {\n    local lf=\"$1\"\n    awk '\n      /^\\[\\[package\\]\\]/ { in_pkg=1; name=\"\"; ver=\"\"; next }\n      /^\\[/ && !/^\\[\\[package\\]\\]/ { in_pkg=0 }\n      in_pkg && /^name *=/ { gsub(/^name *= *|[\"[:space:]]+/, \"\", $0); name=$0 }\n      in_pkg && /^version *=/ { gsub(/^version *= *|[\"[:space:]]+/, \"\", $0); ver=$0; if(name && ver) print name \"\\t\" ver; name=\"\"; ver=\"\" }\n    ' \"$lf\" 2>/dev/null\n  }\n\n  local hits=0\n  declare -A reported=()\n\n  _kbp_scan() {\n    local lf=\"$1\" extractor=\"$2\" bad_list=\"$3\"\n    local project; project=\"$(dirname \"$lf\")\"\n    while IFS=$'\\t' read -r name ver; do\n      [[ -z \"$name\" || -z \"$ver\" ]] && continue\n      while IFS='|' read -r bn bv cve sev; do\n        [[ -z \"$bn\" ]] && continue\n        if [[ \"$name\" == \"$bn\" ]] && _kbp_match \"$bv\" \"$ver\"; then\n          local key=\"$project|$name@$ver\"\n          [[ -n \"${reported[$key]:-}\" ]] && continue\n          reported[$key]=1\n          crit \"known_bad\" \"$name@$ver ($cve) in $project\" \\\n            \"cd $project && (pnpm up $name@latest || npm i $name@latest)\"\n          hits=$((hits+1))\n        fi\n      done <<< \"$bad_list\"\n    done < <(\"$extractor\" \"$lf\")\n  }\n\n  local dir\n  for dir in \"${CODE_DIRS[@]}\"; do\n    [[ -d \"$dir\" ]] || continue\n    while IFS= read -r -d '' lf; do _kbp_scan \"$lf\" _kbp_extract_npm  \"$KNOWN_BAD_NPM\"; done \\\n      < <(find \"$dir\" -maxdepth \"$SCAN_DEPTH\" -name package-lock.json -not -path '*/node_modules/*' -not -path '*/.git/*' -print0 2>/dev/null)\n    while IFS= read -r -d '' lf; do _kbp_scan \"$lf\" _kbp_extract_pnpm \"$KNOWN_BAD_NPM\"; done \\\n      < <(find \"$dir\" -maxdepth \"$SCAN_DEPTH\" -name pnpm-lock.yaml  -not -path '*/node_modules/*' -not -path '*/.git/*' -print0 2>/dev/null)\n    while IFS= read -r -d '' lf; do _kbp_scan \"$lf\" _kbp_extract_uv   \"$KNOWN_BAD_PY\";  done \\\n      < <(find \"$dir\" -maxdepth \"$SCAN_DEPTH\" -name uv.lock          -not -path '*/.venv/*'        -not -path '*/.git/*' -print0 2>/dev/null)\n  done\n\n  if [[ $hits -eq 0 ]]; then\n    pass \"known_bad\" \"No known-bad packages matched in any scanned lockfile\"\n  fi\n}\n\n# \u2500\u2500 Lockfile registry-hijack check \u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\n# Catches tarball substitution: lockfile claims the official name+version but\n# 'resolved' points to a hostile mirror or arbitrary URL.\n\naudit_registry_hijack() {\n  section \"Lockfile registry-hijack\" \"registry_hijack\"\n  local hits=0\n  local dir\n  for dir in \"${CODE_DIRS[@]}\"; do\n    [[ -d \"$dir\" ]] || continue\n    while IFS= read -r -d '' lf; do\n      while IFS= read -r url; do\n        url=\"${url#*\\\"}\"; url=\"${url%\\\"*}\"\n        [[ -z \"$url\" ]] && continue\n        if ! printf '%s' \"$url\" | grep -qE '^(https://registry\\.npmjs\\.org/|https://registry\\.yarnpkg\\.com/|git\\+ssh://|git\\+https://|github:|file:)'; then\n          crit \"registry\" \"Non-official tarball in ${lf#$dir/}: $url\" \\\n            \"Verify intent; if not, rm lockfile and regenerate from a clean install\"\n          hits=$((hits+1))\n          [[ $hits -ge 15 ]] && return\n        fi\n      done < <(grep -E '\"resolved\":' \"$lf\" 2>/dev/null | grep -oE '\"https?://[^\"]+\"')\n    done < <(find \"$dir\" -maxdepth \"$SCAN_DEPTH\" -name package-lock.json -not -path '*/node_modules/*' -not -path '*/.git/*' -print0 2>/dev/null)\n  done\n  [[ $hits -eq 0 ]] && pass \"registry\" \"All package-lock.json resolutions point to official registries\"\n}\n\n# \u2500\u2500 gh CLI scope audit \u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\n\naudit_gh_scopes() {\n  section \"GitHub CLI auth\" \"gh_scopes\"\n  if ! installed gh; then\n    info \"gh\" \"gh CLI not installed\"\n    return\n  fi\n  local stat\n  if ! stat=\"$(gh auth status 2>&1)\"; then\n    info \"gh\" \"gh not logged in\"\n    return\n  fi\n  local scopes\n  scopes=\"$(printf '%s' \"$stat\" | grep -i 'scopes:' | head -1 | sed 's/.*scopes://; s/ //g')\"\n  if [[ -z \"$scopes\" ]]; then\n    info \"gh\" \"Could not parse gh auth scopes\"\n    return\n  fi\n  if printf '%s' \"$scopes\" | grep -qE \"delete_repo|admin:org|admin:enterprise\"; then\n    crit \"gh\" \"gh token has dangerous scopes: $scopes\" \\\n      \"gh auth refresh --scopes repo,read:org   # downgrade\"\n  elif printf '%s' \"$scopes\" | grep -qE \"workflow\"; then\n    warn \"gh\" \"gh token has 'workflow' scope: $scopes\" \\\n      \"If you don't push workflows from CLI: gh auth refresh --scopes repo,read:org\"\n  else\n    pass \"gh\" \"gh token scopes look minimal: $scopes\"\n  fi\n}\n\n# \u2500\u2500 Shell history secret-pattern scan \u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\n\naudit_shell_history() {\n  section \"Shell history secrets\" \"shell_history\"\n  local files=(\"$HOME/.zsh_history\" \"$HOME/.bash_history\" \"$HOME/.local/share/fish/fish_history\")\n  local patterns='AKIA[0-9A-Z]{16}|ghp_[A-Za-z0-9]{30,}|gho_[A-Za-z0-9]{30,}|ghs_[A-Za-z0-9]{30,}|sk-[A-Za-z0-9]{32,}|xoxb-[0-9]+-[0-9]+-[A-Za-z0-9]+|eyJ[A-Za-z0-9_-]{10,}\\.[A-Za-z0-9_-]{10,}\\.[A-Za-z0-9_-]{10,}'\n  local total=0\n  local f\n  for f in \"${files[@]}\"; do\n    [[ -f \"$f\" ]] || continue\n    local n\n    # grep -c always prints a count to stdout (0 when no match) but exits 1\n    # on zero matches. Don't add `|| echo 0` \u2014 it produces \"0\\n0\" \u2192 arithmetic error.\n    n=\"$(grep -cE \"$patterns\" \"$f\" 2>/dev/null)\" || n=0\n    if [[ \"${n:-0}\" -gt 0 ]]; then\n      warn \"history\" \"$n probable-secret hit(s) in ${f/#$HOME/~}\" \\\n        \"Rotate any matching credentials; trim history: grep -vE '' $f > $f.clean && mv $f.clean $f\"\n      total=$((total+n))\n    fi\n  done\n  [[ $total -eq 0 ]] && pass \"history\" \"No obvious secret patterns in shell history\"\n}\n\n# \u2500\u2500 Report Generation \u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\n\ngenerate_html_report() {\n  local output_file=\"${1:-/tmp/supply-chain-audit-report.html}\"\n  local timestamp\n  timestamp=$(date \"+%Y-%m-%d %H:%M\")\n\n  cat > \"$output_file\" << 'HTMLHEAD'\n\n\n\n\n\nSupply Chain Security Audit\n\n  * { box-sizing: border-box; }\n  body { margin: 0; background: #0f172a; color: #e2e8f0; font-family: ui-sans-serif, system-ui, -apple-system, BlinkMacSystemFont, \"Segoe UI\", sans-serif; }\n  .min-h-screen { min-height: 100vh; }\n  .p-4 { padding: 1rem; }\n  .max-w-4xl { max-width: 56rem; }\n  .mx-auto { margin-left: auto; margin-right: auto; }\n  .mb-8 { margin-bottom: 2rem; }\n  .mb-4 { margin-bottom: 1rem; }\n  .mb-3 { margin-bottom: 0.75rem; }\n  .mb-2 { margin-bottom: 0.5rem; }\n  .mt-4 { margin-top: 1rem; }\n  .mt-1 { margin-top: 0.25rem; }\n  .flex { display: flex; }\n  .gap-4 { gap: 1rem; }\n  .p-5 { padding: 1.25rem; }\n  .pl-4 { padding-left: 1rem; }\n  .py-2 { padding-top: 0.5rem; padding-bottom: 0.5rem; }\n  .py-6 { padding-top: 1.5rem; padding-bottom: 1.5rem; }\n  .px-3 { padding-left: 0.75rem; padding-right: 0.75rem; }\n  .py-1 { padding-top: 0.25rem; padding-bottom: 0.25rem; }\n  .rounded { border-radius: 0.25rem; }\n  .rounded-full { border-radius: 9999px; }\n  .text-center { text-align: center; }\n  .text-3xl { font-size: 1.875rem; line-height: 2.25rem; }\n  .text-lg { font-size: 1.125rem; line-height: 1.75rem; }\n  .text-sm { font-size: 0.875rem; line-height: 1.25rem; }\n  .text-xs { font-size: 0.75rem; line-height: 1rem; }\n  .font-bold { font-weight: 700; }\n  .font-semibold { font-weight: 600; }\n  .text-white { color: #fff; }\n  .text-slate-400 { color: #94a3b8; }\n  .text-slate-600 { color: #475569; }\n  .card { background: #1e293b; border: 1px solid #334155; border-radius: 0.75rem; }\n  .crit { border-left: 3px solid #ef4444; background: #7f1d1d20; }\n  .warn { border-left: 3px solid #f59e0b; background: #78350f20; }\n  .pass { border-left: 3px solid #22c55e; }\n  .info { border-left: 3px solid #3b82f6; }\n  code { background: #0f172a; padding: 2px 6px; border-radius: 4px; font-size: 0.85em; }\n  .badge-red { background: #991b1b; color: #fca5a5; }\n  .badge-yellow { background: #854d0e; color: #fde68a; }\n  .badge-green { background: #166534; color: #86efac; }\n  .badge-blue { background: #1e3a5f; color: #93c5fd; }\n  @media (min-width: 768px) { .md\\:p-8 { padding: 2rem; } }\n\n\n\n\n\nHTMLHEAD\n\n  # Header with stats\n  cat >> \"$output_file\" << EOF\n\n\n  \nSupply Chain Security Audit\n  \n$(hostname) · $timestamp · v$VERSION\n  \n\n    $CRIT_COUNT Critical\n    $WARN_COUNT Warnings\n    $PASS_COUNT Passed\n    $INFO_COUNT Info\n  \n\nEOF\n\n  # Findings\n  local current_tool=\"\"\n  for finding in \"${FINDINGS[@]}\"; do\n    IFS='|' read -r severity tool message fix <<< \"$finding\"\n    if [[ \"$tool\" != \"$current_tool\" ]]; then\n      [[ -n \"$current_tool\" ]] && echo \"\" >> \"$output_file\"\n      echo \"\n\" >> \"$output_file\"\n      echo \"\n$tool\" >> \"$output_file\"\n      current_tool=\"$tool\"\n    fi\n\n    local css_class=\"info\"\n    local label=\"INFO\"\n    case \"$severity\" in\n      CRIT) css_class=\"crit\"; label=\"CRITICAL\" ;;\n      WARN) css_class=\"warn\"; label=\"WARNING\" ;;\n      PASS) css_class=\"pass\"; label=\"OK\" ;;\n      INFO) css_class=\"info\"; label=\"INFO\" ;;\n    esac\n\n    # Escape HTML\n    message=$(echo \"$message\" | sed 's/&/\\&/g; s/</\\</g; s/>/\\>/g')\n    fix=$(echo \"$fix\" | sed 's/&/\\&/g; s/</\\</g; s/>/\\>/g')\n\n    echo \"\n\" >> \"$output_file\"\n    echo \"\n$label: $message\" >> \"$output_file\"\n    [[ -n \"$fix\" ]] && echo \"\n$fix\" >> \"$output_file\"\n    echo \"\" >> \"$output_file\"\n  done\n  [[ -n \"$current_tool\" ]] && echo \"\" >> \"$output_file\"\n\n  # Footer\n  cat >> \"$output_file\" << 'HTMLFOOT'\n\n\n  supply-chain-audit.sh\n\n\nHTMLFOOT\n\n  echo \"$output_file\"\n}\n\n# \u2500\u2500 Main \u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\n\nmain() {\n  local do_fix=false\n  local no_prompt=0\n  local list_groups=0\n\n  # Parse arguments: paths go to SCAN_DIRS, plus flags for new features\n  local extra_dirs=()\n  local i=0\n  local args=(\"$@\")\n  while [[ $i -lt $# ]]; do\n    arg=\"${args[$i]}\"\n    case \"$arg\" in\n      --fix)           do_fix=true ;;\n      --json)          JSON_MODE=1 ;;\n      --quiet|-q)      QUIET=1 ;;\n      --no-prompt)     no_prompt=1 ;;\n      --list-groups)   list_groups=1 ;;\n      --only)          i=$((i+1)); ONLY_GROUPS=\"${args[$i]}\" ;;\n      --skip)          i=$((i+1)); SKIP_GROUPS=\"${args[$i]}\" ;;\n      --version)       echo \"supply-chain-audit.sh $VERSION\"; return 0 ;;\n      --help|-h)\n        echo \"Usage: supply-chain-audit.sh [OPTIONS] [DIRS...]\"\n        echo \"\"\n        echo \"Scans developer tools and dependency files for supply chain risks.\"\n        echo \"If no DIRS or SCAN_DIRS are provided in an interactive shell, the script\"\n        echo \"prompts before using the default scan directories.\"\n        echo \"\"\n        echo \"Arguments:\"\n        echo \"  DIRS        Directories to scan for dependency files (default: ~/code ~/projects ~/src ~/dev)\"\n        echo \"\"\n        echo \"Options:\"\n        echo \"  --fix       Generate a remediation script\"\n        echo \"  --help      Show this help\"\n        echo \"\"\n        echo \"Environment:\"\n        echo \"  SCAN_DIRS   Space-separated directories to scan (overrides defaults)\"\n        echo \"  SCAN_DEPTH  Max search depth within directories (default: 5)\"\n        echo \"\"\n        echo \"Examples:\"\n        echo \"  ./supply-chain-audit.sh                    # prompt before scanning defaults\"\n        echo \"  ./supply-chain-audit.sh ~/work ~/repos     # scan specific dirs\"\n        echo \"  SCAN_DEPTH=3 ./supply-chain-audit.sh       # shallow scan\"\n        return 0\n        ;;\n      *) extra_dirs+=(\"$arg\") ;;\n    esac\n    i=$((i+1))\n  done\n\n  if [[ $list_groups -eq 1 ]]; then\n    cat < \"$fix_file\" << 'FIXHEADER'\n#!/usr/bin/env bash\n# Auto-generated remediation script \u2014 review before running!\nset -euo pipefail\necho \"Supply Chain Security Remediation\"\necho \"Review each command before uncommenting and running.\"\necho \"\"\nFIXHEADER\n\n  for finding in \"${FINDINGS[@]}\"; do\n    IFS='|' read -r severity tool message fix <<< \"$finding\"\n    [[ -z \"$fix\" ]] && continue\n    [[ \"$severity\" != \"CRIT\" && \"$severity\" != \"WARN\" ]] && continue\n    {\n      echo \"# [$severity] $tool: $message\"\n      echo \"# $fix\"\n      echo \"\"\n    } >> \"$fix_file\"\n  done\n\n  chmod +x \"$fix_file\"\n  printf \"\\n  %sFix script: %s%s\\n\" \"$YELLOW\" \"$fix_file\" \"$NC\"\n  printf \"  %sReview and uncomment commands before running.%s\\n\" \"$DIM\" \"$NC\"\n}\n\nmain \"$@\"\n", "creation_timestamp": "2026-05-20T15:46:13.000000Z"}, {"uuid": "24637de0-c7a4-4ba2-869a-f32470c26373", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-1000130", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2026-05-10)", "content": "", "creation_timestamp": "2026-05-10T00:00:00.000000Z"}, {"uuid": "9d3e913d-927d-4bdf-989f-a45bedd522fc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-1000130", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2026-05-14)", "content": "", "creation_timestamp": "2026-05-14T00:00:00.000000Z"}, {"uuid": "dbaf53e7-a1b4-43d0-b9f0-165680cc86e0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-1000130", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2026-05-18)", "content": "", "creation_timestamp": "2026-05-18T00:00:00.000000Z"}, {"uuid": "4f40986d-6ad5-4b47-8080-9054aaf0d16a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-1000130", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2026-05-19)", "content": "", "creation_timestamp": "2026-05-19T00:00:00.000000Z"}, {"uuid": "f24fe759-1beb-4422-9bf6-8880adc87ee0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-1000130", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2026-05-08)", "content": "", "creation_timestamp": "2026-05-08T00:00:00.000000Z"}, {"uuid": "fea7ae62-df6f-43f1-93d9-a27a09f0e954", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-1000130", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2026-05-11)", "content": "", "creation_timestamp": "2026-05-11T00:00:00.000000Z"}, {"uuid": "bb949eec-b1e0-4c25-940b-712c56eff508", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-1000130", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2026-05-20)", "content": "", "creation_timestamp": "2026-05-20T00:00:00.000000Z"}, {"uuid": "5f746ba7-09da-4b81-8182-dae67cf43722", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-1000130", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2026-05-24)", "content": "", "creation_timestamp": "2026-05-24T00:00:00.000000Z"}, {"uuid": "7e953188-cea6-4349-8677-e61d843e75da", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-1000130", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2026-05-25)", "content": "", "creation_timestamp": "2026-05-25T00:00:00.000000Z"}, {"uuid": "a8218a22-6d3e-4baa-bd94-7c2eacc5366f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-1000130", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2026-05-23)", "content": "", "creation_timestamp": "2026-05-23T00:00:00.000000Z"}, {"uuid": "5ba6afc1-036d-496c-9d35-f534c5185aa5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-1000130", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2026-05-24)", "content": "", "creation_timestamp": "2026-05-24T00:00:00.000000Z"}, {"uuid": "4b9cfefa-567a-43b6-990f-f49df9aaee16", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-1000130", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2026-05-29)", "content": "", "creation_timestamp": "2026-05-29T00:00:00.000000Z"}]}