MAL-2026-1696 Malicious code in components-design-system (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ca129c441caef97d904867f91617f53799650e2f2deef3f531a3a18dfc917efa The package components-design-system was found to contain malicious code...

Malicious code in components-design-system (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ca129c441caef97d904867f91617f53799650e2f2deef3f531a3a18dfc917efa The package components-design-system was found to contain malicious code...

MAL-2026-1631 Malicious code in @nxt-costco-com/forge-components (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4a0e0f35823f6346841117866bac7213bfac75a55af137f2e63b2ac33dba9a54 The package @nxt-costco-com/forge-components was found to contain malicious code...

Malicious code in @nxt-costco-com/forge-components (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4a0e0f35823f6346841117866bac7213bfac75a55af137f2e63b2ac33dba9a54 The package @nxt-costco-com/forge-components was found to contain malicious code...

Malicious code in @legacy-components/core (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b258e05eab0fc8de2df76077146cfaeb5a98fcaf9f13d1a54d4d24f70c0fe8c7 The package @legacy-components/core was found to contain malicious code...

MAL-2026-1627 Malicious code in @legacy-components/core (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b258e05eab0fc8de2df76077146cfaeb5a98fcaf9f13d1a54d4d24f70c0fe8c7 The package @legacy-components/core was found to contain malicious code...

@armco/armory-react-components (>=0.0.23 <=0.0.43), @armco/svg-canvas (>=0.1.2 <=0.1.3) +9 more potentially affected by CVE-2026-31898 via jspdf (>=4.0.0 <=4.2.0)

jspdf NPM version =4.0.0, =0.0.23, =0.1.2, =1.4.0, =0.111.0-7, =7.11.3, =0.111.0-7, =0.111.0-7, =4.4.0, =4.4.3 - svgedit =7.4.1 Source cves: CVE-2026-31898 Source advisory: SNYK:JS-JSPDF-15677842...

CVE-2025-31966

CVE-2025-31966 : HCL Sametime is vulnerable due to broken server-side validation that fails to enforce client-side input checks. An attacker can bypass restrictions by sending manipulated HTTP requests directly to the server. The documented CVSS 3.1 metrics indicate a LOW base score (2.7), with n...

CVE-2025-31966 Boolean-Based SQL Injection in Multiple Unica Components

HCL Sametime is vulnerable to broken server-side validation. While the application performs client-side input checks, these are not enforced by the web server. An attacker can bypass these restrictions by sending manipulated HTTP requests directly to the server...

CVE-2025-62319

CVE-2025-62319 is described in Connected CVE records as a Boolean-Based SQL Injection affecting Multiple Unica Components. The root cause is blind SQL injection via boolean conditions injected into application input, causing the application to respond differently based on true/false evaluations. ...

CVE-2025-62319 Boolean-Based SQL Injection in Multiple Unica Components

Boolean-Based SQL Injection is a type of blind SQL injection where an attacker manipulates SQL queries by injecting Boolean conditions TRUE or FALSE into application input fields. Instead of returning database errors or visible data, the application responds differently depending on whether the...

CVE-2025-62319 Boolean-Based SQL Injection in Multiple Unica Components

Boolean-Based SQL Injection is a type of blind SQL injection where an attacker manipulates SQL queries by injecting Boolean conditions TRUE or FALSE into application input fields. Instead of returning database errors or visible data, the application responds differently depending on whether the...

EUVD-2026-12297

Improper export of android application components in Secure Folder prior to SMR Mar-2026 Release 1 allows local attackers to launch arbitrary activity with Secure Folder privilege...

EUVD-2026-12303

Improper export of android application components in Samsung Assistant prior to version 9.3.10.7 allows local attacker to access saved information...

EUVD-2025-208697

"Functions" module in Raytha CMS allows privileged users to write custom code to add functionality to application. Due to a lack of sandboxing or access restrictions, JavaScript code executed through Raytha’s “functions” feature can instantiate .NET components and perform arbitrary...

CVE-2026-20993

Improper export of android application components in Samsung Assistant prior to version 9.3.10.7 allows local attacker to access saved information...

CVE-2026-20990

Improper export of android application components in Secure Folder prior to SMR Mar-2026 Release 1 allows local attackers to launch arbitrary activity with Secure Folder privilege...

CVE-2025-15540

"Functions" module in Raytha CMS allows privileged users to write custom code to add functionality to application. Due to a lack of sandboxing or access restrictions, JavaScript code executed through Raytha’s “functions” feature can instantiate .NET components and perform arbitrary...

CVE-2025-15540

"Functions" module in Raytha CMS allows privileged users to write custom code to add functionality to application. Due to a lack of sandboxing or access restrictions, JavaScript code executed through Raytha’s “functions” feature can instantiate .NET components and perform arbitrary...

CVE-2025-15540

Raytha CMS is affected by CVE-2025-15540 in the Functions module. Privileged users can write and execute JavaScript that can instantiate .NET components and perform arbitrary operations within the hosting environment due to insufficient sandboxing/access restrictions. Impact is described as authe...