968 matches found
MAL-2026-10638 Malicious code in monogrok (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3369fb16804682addfec56904223d0255c2a0ca6d35481e744221e8252f2000d Package publishes as a generic 'M!T' library with an unrelated Apache-license README, but the tarball contains an offensive spam / phishing /...
EUVD-2026-43249
A flaw has been found in Helicone ai-gateway up to 0.2.0-beta.30. This affects the function buildtargeturl of the file ai-gateway/src/dispatcher/service.rs of the component AWS Metadata Service. Executing a manipulation of the argument extractedpathandquery can lead to server-side request forgery...
CVE-2026-53961
Discourse is an open-source discussion platform. Prior to 2026.6.0, 2026.5.1, 2026.4.2, and 2026.1.5, the AWS SES bounce webhook at POST /webhooks/aws verified that SNS messages were signed by Amazon but did not bind them to trusted TopicArn values, allowing any AWS account holder to publish...
CVE-2026-53961 Discourse: Forged AWS SNS bounce notifications can disable a targeted user's email (missing TopicArn binding)
Discourse is an open-source discussion platform. Prior to 2026.6.0, 2026.5.1, 2026.4.2, and 2026.1.5, the AWS SES bounce webhook at POST /webhooks/aws verified that SNS messages were signed by Amazon but did not bind them to trusted TopicArn values, allowing any AWS account holder to publish...
CVE-2026-53961
CVE-2026-53961 concerns Discourse, an open-source discussion platform. Prior to the fixed versions, the AWS SES bounce webhook at POST /webhooks/aws did not bind SNS-signed messages to trusted TopicArn values, enabling any AWS account holder to publish forged Bounce notifications that revoke a ta...
CVE-2026-53961 Discourse: Forged AWS SNS bounce notifications can disable a targeted user's email (missing TopicArn binding)
Discourse is an open-source discussion platform. Prior to 2026.6.0, 2026.5.1, 2026.4.2, and 2026.1.5, the AWS SES bounce webhook at POST /webhooks/aws verified that SNS messages were signed by Amazon but did not bind them to trusted TopicArn values, allowing any AWS account holder to publish...
GHSA-MG7H-Q7HW-M596 vulnerabilities
Vulnerabilities for packages: linux-aws...
CVE-2026-59897
Hono is a Web application framework that provides support for any JavaScript runtime. From 4.3.3 before 4.12.27, the AWS API Gateway v1 adapter can drop a distinct repeated request header value because it de-duplicates values using a substring comparison instead of an exact match, so middleware o...
GHSA-6GQ6-HXJH-9GRQ vulnerabilities
Vulnerabilities for packages: linux-qemu-melange, linux-aws, linux-azure, linux-qemu, linux-vmware, linux-gcp...
GHSA-5Q2P-7748-G6QP vulnerabilities
Vulnerabilities for packages: linux-qemu-melange, linux-aws, linux-azure, linux-qemu, linux-vmware, linux-gcp...
GHSA-7Q5M-QV9W-C8XX vulnerabilities
Vulnerabilities for packages: linux-qemu-melange, linux-aws, linux-azure, linux-qemu, linux-vmware, linux-gcp...
GHSA-4PQW-3H25-QRQ3 vulnerabilities
Vulnerabilities for packages: linux-qemu-melange, linux-aws, linux-azure, linux-qemu, linux-vmware, linux-gcp...
GHSA-62M5-M548-5V5F vulnerabilities
Vulnerabilities for packages: linux-qemu-melange, linux-aws, linux-azure, linux-qemu, linux-vmware, linux-gcp...
GHSA-5R3H-V82J-R7RR vulnerabilities
Vulnerabilities for packages: linux-qemu-melange, linux-aws, linux-azure, linux-qemu, linux-vmware, linux-gcp...
GHSA-8CG3-6H68-W2CJ vulnerabilities
Vulnerabilities for packages: linux-qemu-melange, linux-aws, linux-azure, linux-qemu, linux-vmware, linux-gcp...
GHSA-J962-FX34-5263 vulnerabilities
Vulnerabilities for packages: linux-qemu-melange, linux-aws, linux-azure, linux-qemu, linux-vmware, linux-gcp...
GHSA-HFRJ-R4V7-3997 vulnerabilities
Vulnerabilities for packages: linux-qemu-melange, linux-aws, linux-azure, linux-qemu, linux-vmware, linux-gcp...
CVE-2026-53218 vulnerabilities
Vulnerabilities for packages: linux-qemu-melange, linux-aws, linux-azure, linux-qemu, linux-vmware, linux-gcp...
CVE-2026-53212 vulnerabilities
Vulnerabilities for packages: linux-qemu-melange, linux-aws, linux-azure, linux-qemu, linux-vmware, linux-gcp...
CVE-2026-53205 vulnerabilities
Vulnerabilities for packages: linux-qemu-melange, linux-aws, linux-azure, linux-qemu, linux-vmware, linux-gcp...