MAL-2026-4723 Malicious code in weavedb-sdk (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c25ff456baf684075b65ecf808bbfe36cbf91811fb4b04b70c13a3dd9d8a9403 package.json declares "preinstall": "./tools/setup", where tools/setup is a 976KB stripped Linux x86-64 ELF binary sha256...

MAL-2026-4361 Malicious code in @amswf/huoke (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4ec868ff3c73d920bd9c3b66a0e725f2eaf427b83ade2ad0fae284be0386eff4 On npm install, this package's postinstall runs node bin/huoke.js install-skill, which enumerates /home/ for every system user, finds each user's...

CVE-2026-44225

Pulpy is a lightweight, cross-platform desktop application packager for web apps. Prior to 0.1.1, Pulpy injects a pulpy.fs JavaScript API into every packaged web application, giving it access to the host filesystem. A validateFsPath function is supposed to sandbox this access, but its blocklist i...

CVE-2026-44225

Pulpy is a lightweight, cross-platform desktop application packager for web apps. Prior to 0.1.1, Pulpy injects a pulpy.fs JavaScript API into every packaged web application, giving it access to the host filesystem. A validateFsPath function is supposed to sandbox this access, but its blocklist i...

CVE-2026-44225

CVE-2026-44225 (Pulpy) : The vulnerability affects Pulpy, a cross-platform desktop app packager for web apps. Before version 0.1.1, Pulpy injects a pulpy.fs JavaScript API into packaged web apps and the intended sandbox via validateFsPath() is incomplete, allowing a web app to read and write arbi...

PT-2026-40423

Name of the Vulnerable Software and Affected Versions Pulpy versions prior to 0.1.1 Description Pulpy injects a pulpy.fs JavaScript API into packaged web applications to provide host filesystem access. The validateFsPath function, intended to sandbox this access, contains an incomplete blocklist...

CVE-2025-49642 Agent builds for AIX vulnerable to library loading hijacking

Library loading on AIX Zabbix Agent builds can be hijacked by local users with write access to the /home/cecuser directory...

CVE-2025-62794

GitHub Workflow Updater is a VS Code extension that automatically pins GitHub Actions to specific commits for enhanced security. Before 0.0.7, any provided Github token would be stored in plaintext in the editor configuration as json on disk, rather than through the more secure "securestorage" ap...

CVE-2025-62794 GitHub Workflow Updater stored the optional Github token in plaintext

GitHub Workflow Updater is a VS Code extension that automatically pins GitHub Actions to specific commits for enhanced security. Before 0.0.7, any provided Github token would be stored in plaintext in the editor configuration as json on disk, rather than through the more secure "securestorage" ap...

CVE-2025-62794 GitHub Workflow Updater stored the optional Github token in plaintext

GitHub Workflow Updater is a VS Code extension that automatically pins GitHub Actions to specific commits for enhanced security. Before 0.0.7, any provided Github token would be stored in plaintext in the editor configuration as json on disk, rather than through the more secure "securestorage" ap...

CVE-2025-62794 GitHub Workflow Updater stored the optional Github token in plaintext

GitHub Workflow Updater is a VS Code extension that automatically pins GitHub Actions to specific commits for enhanced security. Before 0.0.7, any provided Github token would be stored in plaintext in the editor configuration as json on disk, rather than through the more secure "securestorage" ap...

Juniper Junos OS Vulnerability (JSA103167)

The version of Junos OS installed on the remote host is affected by a vulnerability as referenced in the JSA103167 advisory. - An Authentication Bypass by Primary Weakness in the FTP server of Juniper Networks Junos OS allows an unauthenticated, network-based attacker to get limited read-write...

CVE-2025-59980

An Authentication Bypass by Primary Weakness in the FTP server of Juniper Networks Junos OS allows an unauthenticated, network-based attacker to get limited read-write access to files on the device. When the FTP server is enabled and a user named "ftp" or "anonymous" is configured, that user can...

CVE-2025-59980

An Authentication Bypass by Primary Weakness in the FTP server of Juniper Networks Junos OS allows an unauthenticated, network-based attacker to get limited read-write access to files on the device. When the FTP server is enabled and a user named "ftp" or "anonymous" is configured, that user can...

CVE-2025-59980

Summary of CVE-2025-59980 : Juniper Networks Junos OS FTP server contains an authentication bypass. When the FTP server is enabled and a user named “ftp” or “anonymous” exists, an unauthenticated attacker can log in without a password and gain read/write access to the user’s home directory. Affec...

EUVD-2019-13434

Malware in sbrugna...

EUVD-2017-16442

Malware in sbrugna...

[SECURITY] Fedora 41 Update: toolbox-0.2-1.fc41

Toolbx is a tool for Linux, which allows the use of interactive command line environments for software development and troubleshooting the host operating system, without having to install software on the host. It is built on top of Podman and other standard container technologies from OCI. Toolbx...

Linux Distros Unpatched Vulnerability : CVE-2024-9902

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in Ansible. The ansible-core user module can allow an unprivileged user to silently create or replace the contents of any file on any system pa...

Korenix JetNet Security Vulnerability

Korenix JetNet is an industrial 5-port 10 / 100Base-TX Ethernet switch from Korenix. A security vulnerability exists in Korenix JetNet firmware versions prior to 2024/01, which stems from incorrect authentication in TFTP, allowing users to upload and download files to the /home folder...