Malicious code in evmchain-cli (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 6d325c67c3edd95dd9b9e24502f3c8d01369606c35e1231231383e34a24b2da7 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

PT-2026-40956

HCL AION is affected by a vulnerability where adequate protections against brute-force attempts are not enforced. This may allow repeated authentication attempts, potentially leading to unauthorized access or account compromise under certain conditions...

MAL-2026-3515 Malicious code in @tallyui/connector-medusa (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 3acb08c5699637240eec2741252206938cd0e0be4b997523e2100925456e2e39 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in @tanstack/virtual-file-routes (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware c95e413c2e182a7d35b0ec3ba9f2a979d63c77c1a7f20a6204059f7b66b433bc Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

EUVD-2026-26862

An insufficient encryption vulnerability exists in the Device Authentication functionality of GeoVision GV-IP Device Utility 9.0.5. Listening to broadcast packets can lead to credentials leak. An attacker can listen to broadcast messages to trigger this vulnerability. When interacting with variou...

Weak Random Value Generation For Secrets (weak PRNG)

Spring Boot is vulnerable to the use of a weak pseudo-random number generator PRNG. The vulnerability is due to the use of predictable random value sources e.g., $random.value, $random.int, $random.long, which allows an attacker to guess or brute-force generated secrets and compromise application...

Malicious code in @usealloy/api-contract (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ac2459ced40bf7d07428205c0322e09c951fdc50972f337b30508ad2ad867b37 The package @usealloy/api-contract was found to contain malicious code. Source: ghsa-malware...

Malicious code in magentaa11y (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 995b52a2411e3213a611e58f659a941136e8021a88e1d638a232018265d5c11a The package magentaa11y was found to contain malicious code. Source: ghsa-malware 1c1c14e542b99ac8e01a06fd61158c90ffe14fbedbf4834d97f38d65d477ebb5 An...

PT-2026-31804

Name of the Vulnerable Software and Affected Versions Juniper Networks Junos OS on MX Series versions 24.4 releases before 24.4R2-S3 Juniper Networks Junos OS on MX Series versions 25.2 releases before 25.2R2 Description A Missing Authorization issue in the CLI of Juniper Networks Junos OS on MX...

USN-8159-1 linux, linux-aws, linux-aws-5.15, linux-gcp, linux-gcp-5.15, linux-gke, linux-gkeop, linux-ibm, linux-ibm-5.15, linux-intel-iotg, linux-intel-iotg-5.15, linux-kvm, linux-lowlatency, linux-lowlatency-hwe-5.15, linux-nvidia, linux-nvidia-tegra, linux-nvidia-tegra-igx, linux-oracle, linux-oracle-5.15, linux-raspi, linux-xilinx-zynqmp vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - Cryptographic API; - Netfilter; - Network traffic control; CVE-2025-37849, CVE-2026-23060,...

CVE-2026-4984

The Twilio integration webhook handler accepts any POST request without validating Twilio's 'X-Twilio-Signature'. When processing media messages, it fetches user-controlled URLs 'MediaUrlN' parameters using HTTP requests that include the integration's Twilio credentials in the 'Authorization'...

MAL-2026-2247 Malicious code in cua-primitives-server (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8835d90bff1ed316ff7b7be2d8a1223402e539c4b10cfc2ba0de3164dc438570 The package cua-primitives-server was found to contain malicious code. Source: ghsa-malware...

Malicious code in levex-refa (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ba11828b57921035328d22b68ebf7ecb28dde3cedc4b58f874cf39c14583c5e0 The package levex-refa was found to contain malicious code. Source: ghsa-malware 5ce255ba60f9db881f821e9c9268a5c70e002212b5b0df88b274878592d4696d Any...

MAL-2026-2164 Malicious code in @rexxtheproject/elaina-libsignal (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7b062d07817c63636edc363a279fdad6c40a72e116a3abd59aba0e30854f059a The package @rexxtheproject/elaina-libsignal was found to contain malicious code. Source: ghsa-malware...

Ubuntu: Security Advisory (USN-8059-8)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Malicious code in rtxnode-sass22 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 36a78ba8212bc3ab76a0cd01b40b2a3c0b18f319ccb29c6ccea455e9a89449a8 The package rtxnode-sass22 was found to contain malicious code. Source: ghsa-malware f55edfe6ea35e734acb3592f0b13348ef997c46497c2975855d609ee45912671...

GHSA-F8MP-VJ46-CQ8V OpenClaw's shell env fallback trusts unvalidated SHELL path from host environment

The shell environment fallback path could invoke an attacker-controlled shell when SHELL was inherited from an untrusted host environment. In affected builds, shell-env loading used $SHELL -l -c 'env -0' without validating that SHELL points to a trusted executable. In threat-model terms, this...

MAL-2026-1169 Malicious code in @global-dax-ad-platform/dax-types (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 465668b4ba6f4c109320a3407a4db8d254d21a7f43af75ca5f8c1873c12c7f46 The package @global-dax-ad-platform/dax-types was found to contain malicious code. Source: ghsa-malware...

Malicious code in @skyzopedia/brat (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b7928fe6b128de0686bbc2619dd9015f58d8f2a38d50911f33d8886b323c6df5 The package @skyzopedia/brat was found to contain malicious code. Source: ghsa-malware 0eb0067d76f7f026901f7d29398dd55485b8fa6a59af7bdbfbdb40d6f97b7e...

MAL-2026-1016 Malicious code in js-multer (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 50fbd8b0061a32bc73c0f643e53d0522b03117bda560c40b279b8cdebe5a1100 The package js-multer was found to contain malicious code. Source: ghsa-malware 330a991375f32abf73368d5d321c5a485cd844db42ccaa02388ebe61bc013376 Any...