MAL-2026-5461 Malicious code in fhirproxy-utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 405cf847121f4bfed32bc5679a40b64c1338b142af75823ef9583944a7ae7b5a On npm install via the prepare lifecycle hook and many other lifecycle aliases and on require, index.js performs broad reconnaissance and exfiltratio...

[SECURITY] Fedora 44 Update: perl-ExtUtils-Builder-0.020-1.fc44

Writing extensions for various build tools can be a daunting task. This module tries to abstract steps of build processes into reusable building blocks for creating platform and build system agnostic executable descriptions of work...

📄 OSK Privilege Escalation

This PowerShell script acts as a wrapper/launcher for a compiled Windows exploit binary targeting the OSK On-Screen Keyboard privilege escalation vulnerability. ================================================================================================================================== | Tit...

GHSA-R35X-V8P8-XVHW pyp2spec is Vulnerable to Code Injection

Impact pyp2spec was writing PyPI package metadata e.g. the summary field into the generated spec file without escaping RPM macro directives. When a packager then runs rpmbuild, those directives get evaluated, so a malicious package can execute arbitrary commands on the build machine. The macro...

OpenClaw 安全漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.4.8 contained security vulnerabilities. These vulnerabilities stemmed from the absence of blacklist entries for environment variables such as HGRCPATH, CARGOBUILDRUSTCWRAPPER,...

com.github.mcollovati:quarkus-hilla-commons-deployment (=25.0.0-beta1), com.github.mcollovati:quarkus-hilla-deployment (=25.0.0-beta1) +22 more potentially affected by CVE-2026-2741 via com.vaadin:flow-build-tools (>=25.0.0-rc1 <=25.0.2)

com.vaadin:flow-build-tools MAVEN version =25.0.0-rc1, =25.0.0, =25.0.0, =4.0.0, =25.0.0, =25.0.0, =25.0.0, =25.0.0, =25.0.0, =25.0.0, =25.0.0, =25.0.0, =25.0.9, =25.0.12 and more Source cves: CVE-2026-2741 Source advisory: SNYK:JAVA-COMVAADIN-15518324...

DEBIAN-CVE-2026-27903

minimatch is a minimal matching utility for converting glob expressions into JavaScript RegExp objects. Prior to version 10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, and 3.1.3, matchOne performs unbounded recursive backtracking when a glob pattern contains multiple non-adjacent GLOBSTAR...

UBUNTU-CVE-2026-27903

minimatch is a minimal matching utility for converting glob expressions into JavaScript RegExp objects. Prior to version 10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, and 3.1.3, matchOne performs unbounded recursive backtracking when a glob pattern contains multiple non-adjacent GLOBSTAR...

CVE-2026-27903 minimatch has a ReDoS: matchOne() combinatorial backtracking via multiple non-adjacent GLOBSTAR segments

minimatch is a minimal matching utility for converting glob expressions into JavaScript RegExp objects. Prior to version 10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, and 3.1.3, matchOne performs unbounded recursive backtracking when a glob pattern contains multiple non-adjacent GLOBSTAR...

PT-2026-22078

Name of the Vulnerable Software and Affected Versions minimatch versions prior to 3.1.3 minimatch versions 3.1.3 through 4.2.5 minimatch versions 4.2.5 through 5.1.8 minimatch versions 5.1.8 through 6.2.2 minimatch versions 6.2.2 through 7.4.8 minimatch versions 7.4.8 through 8.0.6 minimatch...

EUVD-2026-3265

Malicious code in ofjaaah-build-tools npm...

Malicious code in ofjaaah-build-tools (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d0f994ed6a23b4449a3ab09537485788c488a90e26c56c52d309b4704d8d2da9 The package ofjaaah-build-tools was found to contain malicious code. Source: ghsa-malware...

MAL-2026-342 Malicious code in ofjaaah-build-tools (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d0f994ed6a23b4449a3ab09537485788c488a90e26c56c52d309b4704d8d2da9 The package ofjaaah-build-tools was found to contain malicious code. Source: ghsa-malware...

Improper Isolation or Compartmentalization

Overview Affected versions of this package are vulnerable to Improper Isolation or Compartmentalization of Groovy code provided by delegated administrators. A privileged attacker can execute arbitrary code remotely by providing malicious Groovy implementations that are loaded and executed by the...

EUVD-2018-0741

Malware in sbrugna...

Malicious code in jsii-build-tools (npm)

The package jsii-build-tools was found to contain malicious code...

MAL-2025-23948 Malicious code in jsii-build-tools (npm)

The package jsii-build-tools was found to contain malicious code...

BIT-DOTNET-SDK-2025-26646 .NET, Visual Studio, and Build Tools for Visual Studio Spoofing Vulnerability

External control of file name or path in .NET, Visual Studio, and Build Tools for Visual Studio allows an authorized attacker to perform spoofing over a network...

ROS-20250619-03

A vulnerability in the Microsoft Visual Studio software development tool, the Microsoft.NET software platform, and the Build Tools for Visual Studio toolkit is associated with an incorrect external external vulnerability. Microsoft.NET and Build Tools for Visual Studio toolkit is related to...

The vulnerability of Microsoft Visual Studio, the Microsoft.NET platform, and the Build Tools for Visual Studio toolset lies in improper external control of file names or files, allowing attackers to perform spoofing attacks.

The vulnerability of Microsoft Visual Studio, the Microsoft.NET platform, and the Build Tools for Visual Studio toolset is related to improper external name handling or file path manipulation. Exploitation of this vulnerability can allow a malicious actor to perform spear-phishing attacks by...