11777 matches found
Malicious code in @redhat-cloud-services/tsc-transform-imports (npm)
Part of the "Mini Shai-Hulud" supply chain worm campaign that compromised the GitHub Actions OIDC trusted publisher shared by Red Hat Cloud Services npm packages. The attacker injected a preinstall hook into this and 31 other packages in the @redhat-cloud-services scope. The hook delivers a...
Hermes Agent security vulnerabilities
Hermes Agent is an AI agent tool developed by Nous Research, featuring a self-learning mechanism. Versions of Hermes Agent prior to 2026.4.30 contained a security vulnerability, which was caused by a problem with the sanitizeenvlines function in the hermescli/config.py file. This vulnerability...
PT-2026-45356
Name of the Vulnerable Software and Affected Versions SOPlanning versions prior to 1.56 Description Lack of authorization enforcement for backup functionalities allows an unauthenticated attacker to query backup-related endpoints. This can lead to the retrieval of backup archives containing user...
@redhat-cloud-services/frontend-components-config (>=6.0.0 <=6.11.2) potentially affected by unknown CVE via @redhat-cloud-services/tsc-transform-imports (=1.2.1)
@redhat-cloud-services/tsc-transform-imports NPM version =1.2.1 is affected by a known vulnerability. The following packages have a transitive dependency on @redhat-cloud-services/tsc-transform-imports and may be impacted: - @redhat-cloud-services/frontend-components-config =6.0.0, =6.11.2 Source...
@redhat-cloud-services/frontend-components-config (>=6.3.6 <=6.11.2) potentially affected by unknown CVE via @redhat-cloud-services/frontend-components-config-utilities (=4.11.1)
@redhat-cloud-services/frontend-components-config-utilities NPM version =4.11.1 is affected by a known vulnerability. The following packages have a transitive dependency on @redhat-cloud-services/frontend-components-config-utilities and may be impacted: -...
CVE-2026-10187
The CVE-2026-10187 entry concerns Totolink N300RH (firmware 6.1c.1353_B20190305). The vulnerability affects the Web Management Interface’s file wireless.so in the setWiFiBasicConfig function; manipulating the argument KeyStr triggers a stack-based buffer overflow. This enables remote code executi...
RockyLinux 9 : kernel (RLSA-2026:21556)
The remote RockyLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:21556 advisory. kernel: proc: use the same treatment to check proclseek as ones for procreaditer et.al CVE-2025-38653 kernel: ima: don't clear IMADIGSIG flag when setti...
Open5GS 安全漏洞
Open5GS is an open-source implementation of 5G Core and EPC in C language, which serves as the core network for LTE/NR networks. Versions of Open5GS 2.7.7 and earlier contain security vulnerabilities. These vulnerabilities stem from a denial-of-service attack in the shared NF configuration file...
Malicious Package
Overview @breezeai-frontend/tailwind-config is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and...
Malicious Package
Overview @timelycare/config-service is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...
MAL-2026-5085 Malicious code in web3-config-loader (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware dc426e6e28603268949be1817881f2269e7b0464c0fd513690f2f77b6637a719 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious Package
Overview web3-config-loader is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...
Malicious code in web3-config-loader (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware dc426e6e28603268949be1817881f2269e7b0464c0fd513690f2f77b6637a719 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in evmchain-config (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 32ebbd11fa492f47ef6373d99224e4b937f9daaaef387446fd11ffa9bb3ddcc9 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious Package
Overview evmchain-config is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...
MAL-2026-5069 Malicious code in evmchain-config (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 32ebbd11fa492f47ef6373d99224e4b937f9daaaef387446fd11ffa9bb3ddcc9 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious Package
Overview foundry-config is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...
Malicious code in foundry-config (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 4918af978c72d6459e02a9d0b1114f54cde7f3973b1cc3f61b497a0575269592 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2026-5070 Malicious code in foundry-config (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 4918af978c72d6459e02a9d0b1114f54cde7f3973b1cc3f61b497a0575269592 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
CVE-2026-34127
A stored cross-site scripting XSS vulnerability has been identified in the web management interface of TP-Link's TL-SG108PE v5 switch due to improper sanitation of the SYSNAM configuration parameter during configuration file import. An attacker with administrator access can inject malicious scrip...