231 matches found
Malicious code in @emcd-vue/auth (npm)
Part of a coordinated multi-package supply-chain attack impersonating EMCD emcd.io, a legitimate Russian cryptocurrency exchange and mining pool. The attacker registered the @emcd-vue npm scope to pose as an internal Vue.js front-end tooling package from "EMCD Platform Engineering." The package...
MAL-2026-4762 Malicious code in pgrayy-wasmtime (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e7c9cfd90d6de2acd86d50019dfa4a2b140ac9246fdcbae8d7aaa3d17bd4af6e The distribution is published as pgrayy-wasmtime but its toplevel.txt declares the top-level import name as wasmtime, and the entire Python source tr...
Malicious code in pgrayy-wasmtime (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e7c9cfd90d6de2acd86d50019dfa4a2b140ac9246fdcbae8d7aaa3d17bd4af6e The distribution is published as pgrayy-wasmtime but its toplevel.txt declares the top-level import name as wasmtime, and the entire Python source tr...
K000160934: Multiple Go vulnerabilities
Security Advisory Description CVE-2023-45285 Using go get to fetch a module with the ".git" suffix may unexpectedly fallback to the insecure "git://" protocol if the module is unavailable via the secure "https://" and "git+ssh://" protocols, even if GOINSECURE is not set for said module. This onl...
CVE-2026-39883
OpenTelemetry-Go is the Go implementation of OpenTelemetry. From 1.15.0 to 1.42.0, the fix for CVE-2026-24051 changed the Darwin ioreg command to use an absolute path but left the BSD kenv command using a bare name, allowing the same PATH hijacking attack on BSD and Solaris platforms. This...
CVE-2026-39883
OpenTelemetry-Go is the Go implementation of OpenTelemetry. From 1.15.0 to 1.42.0, the fix for CVE-2026-24051 changed the Darwin ioreg command to use an absolute path but left the BSD kenv command using a bare name, allowing the same PATH hijacking attack on BSD and Solaris platforms. This...
UBUNTU-CVE-2026-39883
OpenTelemetry-Go is the Go implementation of OpenTelemetry. From 1.15.0 to 1.42.0, the fix for CVE-2026-24051 changed the Darwin ioreg command to use an absolute path but left the BSD kenv command using a bare name, allowing the same PATH hijacking attack on BSD and Solaris platforms. This...
CVE-2026-39883
OpenTelemetry-Go is the Go implementation of OpenTelemetry. From 1.15.0 to 1.42.0, the fix for CVE-2026-24051 changed the Darwin ioreg command to use an absolute path but left the BSD kenv command using a bare name, allowing the same PATH hijacking attack on BSD and Solaris platforms. This...
CVE-2026-39883
OpenTelemetry-Go is the Go implementation of OpenTelemetry. From 1.15.0 to 1.42.0, the fix for CVE-2026-24051 changed the Darwin ioreg command to use an absolute path but left the BSD kenv command using a bare name, allowing the same PATH hijacking attack on BSD and Solaris platforms. This...
MAL-2026-1937 Malicious code in @dotprompt/promptly-darwin-arm64 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 120d702f1e340ffdca19411824d16c6b6f381c53e0cb3e123982aaba2d013458 The package @dotprompt/promptly-darwin-arm64 was found to contain malicious code. Source: ghsa-malware...
CVE-2026-24051
OpenTelemetry-Go is the Go implementation of OpenTelemetry. The OpenTelemetry Go SDK in version v1.20.0-1.39.0 is vulnerable to Path Hijacking Untrusted Search Paths on macOS/Darwin systems. The resource detection code in sdk/resource/hostid.go executes the ioreg system command using a search pat...
CVE-2026-24051
OpenTelemetry-Go is the Go implementation of OpenTelemetry. The OpenTelemetry Go SDK in version v1.20.0-1.39.0 is vulnerable to Path Hijacking Untrusted Search Paths on macOS/Darwin systems. The resource detection code in sdk/resource/hostid.go executes the ioreg system command using a search pat...
EUVD-2003-0050
Malware in sbrugna...
EUVD-2003-0415
Malware in sbrugna...
EUVD-2003-1404
Malware in sbrugna...
EUVD-2003-0417
Malware in sbrugna...
EUVD-2003-0048
Malware in sbrugna...
EUVD-2003-0496
Malware in sbrugna...
EUVD-2005-2196
Malware in sbrugna...
EUVD-2003-0416
Malware in sbrugna...