MiracleLinux 9 : container-tools, python-podman-4.2.0-1.el9, toolbox-0.0.99.3-5.el9 (AXSA:2023-5056:01)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2023-5056:01 advisory. golang.org/x/text: Panic in language.ParseAcceptLanguage while parsing -u- extension CVE-2020-28851 golang.org/x/text: Panic in...

ESPHome Input Validation Vulnerability

ESPHome is an open-source system for configuring and managing smart hardware. It is used to control Esp8266/Esp32 hardware, enabling home automation control. The version 2025.9.0 to 2025.12.6 of ESPHome contains a vulnerability related to input validation errors. This vulnerability stems from...

Synology DiskStation Manager Out-of-bounds Write (CVE-2024-45539)

Out-of-bounds write vulnerability in cgi components in Synology DiskStation Manager DSM before 7.2.1-69057-2 and 7.2.2-72806 and Synology Unified Controller DSMUC before 3.1.4-23079 allows remote attackers to conduct denial-of-service attacks via unspecified vectors. This plugin only works with...

January 17, 2026—KB5077744 (OS Builds 26200.7627 and 26100.7627) Out-of-band

January 17, 2026—KB5077744 OS Builds 26200.7627 and 26100.7627 Out-of-band ​​​​This out-of-band update for Windows 11, version 25H2 and 24H2 KB5077744 is cumulative. It includes updates from previous security and non-security releases, along with an additional fix. To learn more about differences...

@alexanderniebuhr/eslint-config (>=1.3.0 <=1.4.0), @alexanderniebuhr/style (>=1.1.0 <=1.3.0) +171 more potentially affected by unknown CVE via svelte (>=3.12.1 <=3.59.1)

svelte NPM version =3.12.1, =1.3.0, =1.1.0, =1.3.0, =1.0.3, =0.0.999-alpha.30, =10.0.0, =7.1.4, =21.0.4, =8.0.4, =2.0.4, =1.0.1, =6.0.4, =12.1.1 and more Source cves: unknown CVE Source advisory: OSV:GHSA-GW32-9RMW-QWWW...

Malicious Package

Overview assurance-common-components is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...

Malicious Package

Overview lusha-ui-components is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

ba.sake:hepek-components_2.12 (>=0.7.0 <=0.8.0), ba.sake:hepek-components_2.13 (>=0.7.0 <=0.9.0) +327 more potentially affected by CVE-2026-0858 via net.sourceforge.plantuml:plantuml (>=1.2017.12 <=1.2025.7)

net.sourceforge.plantuml:plantuml MAVEN version =1.2017.12, =0.7.0, =0.7.0, =0.7.0, =0.7.0, =0.7.0, =0.7.0, =0.0.2, =0.0.1, =0.0.59, =0.0.46, =0.0.46, =1.4.0, =2.0.0-M4 and more Source cves: CVE-2026-0858 Source advisory: OSV:GHSA-HRVF-G648-RF3M...

EUVD-2026-3087

Malicious code in assurance-common-components npm...

Malicious code in lusha-ui-components (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 50c1c6b65695a715c9538b69f7230b4c9f89fef68de10ad9b6e2b625f2b22f62 The package lusha-ui-components was found to contain malicious code. Source: ghsa-malware...

Malicious code in assurance-common-components (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8f8abc4852c66bf4b76ca608a34a2c7ec7a32f25ade245d11fd2eb4429d2ad48 The package assurance-common-components was found to contain malicious code. Source: ghsa-malware...

MAL-2026-294 Malicious code in lusha-ui-components (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 50c1c6b65695a715c9538b69f7230b4c9f89fef68de10ad9b6e2b625f2b22f62 The package lusha-ui-components was found to contain malicious code. Source: ghsa-malware...

EUVD-2026-3065

Malicious code in lusha-ui-components npm...

MAL-2026-268 Malicious code in assurance-common-components (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8f8abc4852c66bf4b76ca608a34a2c7ec7a32f25ade245d11fd2eb4429d2ad48 The package assurance-common-components was found to contain malicious code. Source: ghsa-malware...

Freeter security vulnerabilities

Freeter is an open-source work assistant software developed by Freeter. Version 1.2.1 of Freeter contains a security vulnerability. This vulnerability stems from custom component titles and files that contain stored cross-site scripting, which may lead to remote code execution...

CVE-2026-22645

The application discloses all used components, versions and license information to unauthenticated actors, giving attackers the opportunity to target known security vulnerabilities of used components...

CVE-2026-22645

The application discloses all used components, versions and license information to unauthenticated actors, giving attackers the opportunity to target known security vulnerabilities of used components...

CVE-2026-22645

The application discloses all used components, versions and license information to unauthenticated actors, giving attackers the opportunity to target known security vulnerabilities of used components...

CVE-2026-22645

The application discloses all used components, versions and license information to unauthenticated actors, giving attackers the opportunity to target known security vulnerabilities of used components...

CVE-2026-22645

The application discloses all used components, versions and license information to unauthenticated actors, giving attackers the opportunity to target known security vulnerabilities of used components...