Malicious code in capacitor-plugin-service-worker (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 36f1958d8bc44724a00d45b291983ad836dc2f28370c27f83c76f7bf1780bd4b The package capacitor-plugin-service-worker was found to contain malicious code. Source: ossf-package-analysis...

📄 UltimatePOS 4.8 Cross Site Scripting

The administrative panel in UltimatePOS version 4.8 suffers from a persistent cross site scripting vulnerability. CVE-2025-60503 — Stored Cross-Site Scripting XSS in UltimatePOS UltimateFosters v4.8 Publication date: 2025-10-30 CVE ID: CVE-2025-60503 RESERVED Researcher: Vivien Lebas Vendor:...

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

Linux Kernel nftables: Vulnerability involving local privilege escalation after free operations; nftchainlookupbyid fails to check whether a chain is active, and CAPNETADMIN is present in any user or network namespace...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: mlxsw: spectrumacltcam: Fixed a possible use-after-free during activity updates. The “rule activity update” process periodically traverses a list of configured rules and queries their activity from the device. As part of this...

MAL-2026-3241 Malicious code in nextjs-chat-with-ai-service (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8ff3e52e4957291f626e1225ab3b81194c80cd8c6037f943298f6170f98dbe9b The package nextjs-chat-with-ai-service was found to contain malicious code. Source: ghsa-malware...

MAL-2026-3215 Malicious code in archetype-style (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8a6fb5b405c9035099932e46f80bb6fe9740d3f727020700cc1e6ad36db2caf8 The package archetype-style was found to contain malicious code. Source: ghsa-malware 1a4167fceb94cc67abfdbf63173e2c469bae6c8a830dfb9c11c3a999d944641...

Malicious code in lightning (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 703ac419d775488be137d7e01517d768da0b5581ab63338fb9523f2289f2b92c Versions 2.6.2, 2.6.3 were compromised. Compromised versions contain injected code that starts automatically during importing the module, downloads legitimate...

MAL-2026-3196 Malicious code in react-dnd-14 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3fa1ee45bae09f53b3ad9f05448438098f0561c4b694a22360be9d4fa4e86b3d The package react-dnd-14 was found to contain malicious code. Source: ossf-package-analysis...

CVE-2026-7133

A vulnerability was determined in code-projects Online Lot Reservation System 1.0. This impacts an unknown function of the file /activity.php. This manipulation of the argument directory causes unrestricted upload. The attack can be initiated remotely. The exploit has been publicly disclosed and...

Malicious code in coinmate-typescript-client (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fbfed1f09c009e285a20b7f2914257795846bf558a735467cb742ab4bc53165b The package coinmate-typescript-client was found to contain malicious code. Source: ossf-package-analysis...

Malicious code in supertag (crates.io)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 8af13a06fb931a42d83e13b19fd998ff62e59ef3d56302bfe9d257e07e2bad46 The OpenSSF Package Analysis project identified 'supertag' @ 99.1.1 crates.io as malicious. It is considered malicious because: - The package...

Malicious code in wm-plugin-teach-me-widget (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a8892d058e7f10e304a86eea230ef7fa8fbf9a76da1d09b60f5498305690d4bc The package wm-plugin-teach-me-widget was found to contain malicious code. Source: ghsa-malware...

Malicious code in amzn_codewhisperer_streaming_client (crates.io)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 7fc27be867bc1ae651b345d2f825d0ac8d796615c022747306e87bd3ff0d1fc8 The OpenSSF Package Analysis project identified 'amzn-codewhisperer-streaming-client' @ 99.0.1 crates.io as malicious. It is considered maliciou...

CVE-2026-7133

A vulnerability was determined in code-projects Online Lot Reservation System 1.0. This impacts an unknown function of the file /activity.php. This manipulation of the argument directory causes unrestricted upload. The attack can be initiated remotely. The exploit has been publicly disclosed and...

CVE-2026-7133 code-projects Online Lot Reservation System activity.php unrestricted upload

A vulnerability was determined in code-projects Online Lot Reservation System 1.0. This impacts an unknown function of the file /activity.php. This manipulation of the argument directory causes unrestricted upload. The attack can be initiated remotely. The exploit has been publicly disclosed and...

CVE-2026-7133

A vulnerability was determined in code-projects Online Lot Reservation System 1.0. This impacts an unknown function of the file /activity.php. This manipulation of the argument directory causes unrestricted upload. The attack can be initiated remotely. The exploit has been publicly disclosed and...

CVE-2026-42315

creationtimestamp| type| source ---|---|--- 2026-04-27 08:09:32+00:00| published-proof-of-concept| https://github.com/pyload/pyload/security/advisories/GHSA-838g-gr43-qqg9 2026-05-11 18:24:32+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mllvhstyvk2c 2026-05-11...

PT-2026-35438

A vulnerability was determined in code-projects Online Lot Reservation System 1.0. This impacts an unknown function of the file /activity.php. This manipulation of the argument directory causes unrestricted upload. The attack can be initiated remotely. The exploit has been publicly disclosed and...

MAL-2026-3049 Malicious code in classlink (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a2915556b569ee5a4e890ea4178a61836ed8799f93a30fb0ac5e30cc37a41ede The package classlink was found to contain malicious code. Source: ossf-package-analysis...

Malicious code in process-app-task (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8e9459ef3208e8a07fbb99a80ce6bc5f0a6b9c6511da51241bac7c034632b7e1 The package process-app-task was found to contain malicious code. Source: ghsa-malware e03db779eee12801bb79b31d14cb5519f499b54a039c4428b125a23c26a652...