252118 matches found
MAL-2026-5262 Malicious code in node-env-resolver (npm)
--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security a6c7977dbc054cdb7fe56da0d2fbd26e2a6fed695deb4263ccbf4adfedd86acb The Miasma malware is a self-propagating worm that spreads across the npm registry by abusing weaponized binding.gyp files to achieve...
Malicious code in eslint-plugin-executable-stories-vitest (npm)
--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security a6c7977dbc054cdb7fe56da0d2fbd26e2a6fed695deb4263ccbf4adfedd86acb The Miasma malware is a self-propagating worm that spreads across the npm registry by abusing weaponized binding.gyp files to achieve...
Malicious code in node-env-resolver-dotenvx (npm)
--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security a6c7977dbc054cdb7fe56da0d2fbd26e2a6fed695deb4263ccbf4adfedd86acb The Miasma malware is a self-propagating worm that spreads across the npm registry by abusing weaponized binding.gyp files to achieve...
MAL-2026-5214 Malicious code in autotel-aws (npm)
--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security a6c7977dbc054cdb7fe56da0d2fbd26e2a6fed695deb4263ccbf4adfedd86acb The Miasma malware is a self-propagating worm that spreads across the npm registry by abusing weaponized binding.gyp files to achieve...
MAL-2026-5234 Malicious code in awaitly (npm)
--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security a6c7977dbc054cdb7fe56da0d2fbd26e2a6fed695deb4263ccbf4adfedd86acb The Miasma malware is a self-propagating worm that spreads across the npm registry by abusing weaponized binding.gyp files to achieve...
MAL-2026-5231 Malicious code in autotel-tanstack (npm)
--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security a6c7977dbc054cdb7fe56da0d2fbd26e2a6fed695deb4263ccbf4adfedd86acb The Miasma malware is a self-propagating worm that spreads across the npm registry by abusing weaponized binding.gyp files to achieve...
MAL-2026-5242 Malicious code in creditcard.js (npm)
--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security a6c7977dbc054cdb7fe56da0d2fbd26e2a6fed695deb4263ccbf4adfedd86acb The Miasma malware is a self-propagating worm that spreads across the npm registry by abusing weaponized binding.gyp files to achieve...
MAL-2026-5259 Malicious code in github-archiver (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 9d36f95b6a426c5832df260fb417a52efac5da2bef351a5fff36d136ce229157 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2026-5210 Malicious code in ai-sdk-ollama (npm)
--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security a6c7977dbc054cdb7fe56da0d2fbd26e2a6fed695deb4263ccbf4adfedd86acb The Miasma malware is a self-propagating worm that spreads across the npm registry by abusing weaponized binding.gyp files to achieve...
Xen: Xenstored DoS by unprivileged domain (XSA-481)
Any guest issuing a Xenstore command accessing a node using the illegal node path '/local/domain/', will crash xenstored due to a clobbered error indicator in xenstored when verifying the node path. Note that the crash is forced via a failing assert statement in xenstored. In case xenstored is...
PT-2026-47042
Name of the Vulnerable Software and Affected Versions HAX CMS versions prior to 26.0.1 Description The software uses the uniqid function for generating salts, which is unsuitable for security purposes as it does not provide sufficient randomness. Recommendations Update to version 26.0.1...
RockyLinux 10 : php8.4 (RLSA-2026:22649)
The remote RockyLinux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:22649 advisory. PHP: PHP: Denial of Service via improper handling of signed characters in ctype functions CVE-2026-7258 PHP: PHP-FPM: PHP-FPM: Cross-Site Scripting...
Node.js Module node-tar < 7.5.10 Arbitrary File Overwrite
The version of node-tar installed on the remote host is prior to 7.5.10. It is, therefore, affected by a vulnerability: - node-tar is a full-featured Tar for Node.js. Prior to version 7.5.10, tar can be tricked into creating a hardlink that points outside the extraction directory by using a...
Node.js Module node-tar < 7.5.11 Arbitrary File Overwrite
The version of node-tar installed on the remote host is prior to 7.5.11. It is, therefore, affected by a vulnerability: - node-tar is a full-featured Tar for Node.js. Prior to version 7.5.11, tar npm can be tricked into creating a symlink that points outside the extraction directory by using a...
MAL-2026-5191 Malicious code in wdb-core (npm)
--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security 146faaf0d97c6a533a969bc3f3f117811f9317dc865ed4ab37f1679842ddeaae This package was compromised as part of the IronWorm campaign. This campaign executes a malicious binary payload during installation via a...
Malicious code in hbsig (npm)
--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security 146faaf0d97c6a533a969bc3f3f117811f9317dc865ed4ab37f1679842ddeaae This package was compromised as part of the IronWorm campaign. This campaign executes a malicious binary payload during installation via a...
ROOT-APP-NPM-CVE-2026-43998 CVE-2026-43998 in @rootio/vm2 - Patched by Root
Root has patched CVE-2026-43998 in the @rootio/vm2 package for Root:npm. Multiple fixed versions available...
ROOT-APP-NPM-CVE-2026-44005 CVE-2026-44005 in @rootio/vm2 - Patched by Root
Root has patched CVE-2026-44005 in the @rootio/vm2 package for Root:npm. Multiple fixed versions available...
ROOT-APP-NPM-CVE-2026-24118 CVE-2026-24118 in @rootio/vm2 - Patched by Root
Root has patched CVE-2026-24118 in the @rootio/vm2 package for Root:npm. Multiple fixed versions available...
ROOT-APP-NPM-CVE-2026-44003 CVE-2026-44003 in @rootio/vm2 - Patched by Root
Root has patched CVE-2026-44003 in the @rootio/vm2 package for Root:npm. Multiple fixed versions available...