252210 matches found
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a credential-stealing payload and worm propagation logic. A malicious actor associated with the "TeamPCP" or "Mini Shai-Hulud" campaign compromised a maintainer's access token; this allowed the...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a credential-stealing payload and worm propagation logic. A malicious actor associated with the "TeamPCP" or "Mini Shai-Hulud" campaign compromised a maintainer's access token; this allowed the...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a credential-stealing payload and worm propagation logic. A malicious actor associated with the "TeamPCP" or "Mini Shai-Hulud" campaign compromised a maintainer's access token; this allowed the...
CVE-2026-42157
Flowsint is an open-source OSINT graph exploration tool designed for cybersecurity investigation, transparency, and verification. Prior to 1.2.3, a remote attacker can create a map node with a malicious label that contains arbitrary HTML. When the map tab is selected and a map node marker is...
NPM: multiparty vulnerable to ReDoS via filename parsing
NPM: multiparty vulnerable to ReDoS via filename parsing vulnerability discovered by ? in WordPress Npm multiparty versions = 4.2.3...
CVE-2026-26462
Offline Hospital Management System 5.3.0 allows remote code execution due to an improper Electron renderer configuration. The application enables Node.js integration while disabling context isolation, allowing JavaScript executed in the renderer process to access Node.js APIs and execute arbitrar...
Malicious code in @zentrafinance/contracts (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 867d053632b3bcc143ed8f9f0f75a1dccdc210cede972e8006d698ef796793e5 The package @zentrafinance/contracts was found to contain malicious code. Source: ghsa-malware...
MAL-2026-3831 Malicious code in citrea-utils (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9af3ffcf057e7fa952c80b46cbee31773e340ba668377511d7f3ee3b38c1c810 The package citrea-utils was found to contain malicious code. Source: ghsa-malware 0cbde9fcd3b6b009f9d8b0ff2dc739d877beb20223d14d402fcbc90515470eac A...
Malicious code in citrea-utils (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9af3ffcf057e7fa952c80b46cbee31773e340ba668377511d7f3ee3b38c1c810 The package citrea-utils was found to contain malicious code. Source: ghsa-malware 0cbde9fcd3b6b009f9d8b0ff2dc739d877beb20223d14d402fcbc90515470eac A...
CLEANSTART-2026-TL04302 Security fixes for CVE-2025-61727, CVE-2025-61729, ghsa-cgrx-mc8f-2prm, ghsa-f6x5-jh6r-wrfv, ghsa-j5w8-q4qc-rx2x, ghsa-vvgc-356p-c3xw applied in versions: 1.10.2-r0, 1.10.2-r1, 1.5.0-r0, 1.9.1-r0
Multiple security vulnerabilities affect the prometheus-node-exporter-fips package. These issues are resolved in later releases. See references for individual vulnerability details...
NPM: n8n-MCP: Workflow telemetry sanitizer could retain partial values from URL-shaped node parameters
NPM: n8n-MCP: Workflow telemetry sanitizer could retain partial values from URL-shaped node parameters vulnerability discovered by ? in WordPress Npm n8n-mcp versions 2.51.3...
CLEANSTART-2026-OS08278 Security fixes for CVE-2025-61727, CVE-2025-61729, ghsa-cgrx-mc8f-2prm, ghsa-f6x5-jh6r-wrfv, ghsa-j5w8-q4qc-rx2x, ghsa-vvgc-356p-c3xw applied in versions: 1.10.2-r0, 1.10.2-r1, 1.5.0-r0, 1.9.1-r0
Multiple security vulnerabilities affect the prometheus-node-exporter-fips package. These issues are resolved in later releases. See references for individual vulnerability details...
Malicious code in ctf-flare (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 23293f1bc28e465f7ffaf916fd8a6cc3958b873a2b338b81c0bf71bb146d1d36 package.json declares a postinstall script that runs node src/install.js after building a local binary. src/install.js is a 175 KB single-line payloa...
MAL-2026-3836 Malicious code in ctf-flare (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 23293f1bc28e465f7ffaf916fd8a6cc3958b873a2b338b81c0bf71bb146d1d36 package.json declares a postinstall script that runs node src/install.js after building a local binary. src/install.js is a 175 KB single-line payloa...
MAL-2026-3825 Malicious code in safe-env-reader (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ad60c5cf4596544e0850900c3340d21c5fec76024a063c057b8b935b02366d4d The package safe-env-reader was found to contain malicious code. Source: ghsa-malware 8fc3e1ef0bee11b2c0e5cb99d3c821492232db6c715fd90cde09c74aa86b926...
MAL-2026-3823 Malicious code in parse-escape-regex-string (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 41f2d6da130b64c53517f7be20b6f43e0fde62b07a805a2689d1baa4f8c30c1c The package parse-escape-regex-string was found to contain malicious code. Source: ghsa-malware...
EUVD-2026-30773
Offline Hospital Management System 5.3.0 allows remote code execution due to an improper Electron renderer configuration. The application enables Node.js integration while disabling context isolation, allowing JavaScript executed in the renderer process to access Node.js APIs and execute arbitrar...
CVE-2026-26462
Offline Hospital Management System 5.3.0 allows remote code execution due to an improper Electron renderer configuration. The application enables Node.js integration while disabling context isolation, allowing JavaScript executed in the renderer process to access Node.js APIs and execute arbitrar...
CVE-2026-26462
CVE-2026-26462 affects Offline Hospital Management System 5.3.0. The root cause is an improper Electron renderer configuration that enables Node.js integration while disabling context isolation, allowing JavaScript in the renderer to access Node.js APIs and execute arbitrary operating system comm...
MAL-2026-3812 Malicious code in @easytipsportal/node-helper (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9892fc2e2c3a9d9fe3c09548d1f5f2901a296945e9bde7d9ec7876a12720b6cf The package @easytipsportal/node-helper was found to contain malicious code. Source: ghsa-malware...