Malicious code in @cloudsop/hmoment (npm)

Malicious package due to suspicious install script attempting to require the current directory and low project popularity. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ad95ef51ef99f49ca08b99a81d6a18ecb75dafb1dad2afc2bca687f221ef95dc The package...

Malicious code in @ceeferenderer/itg-renderer-sdk (npm)

Malicious package due to code obfuscation, dynamic module loading, process exposure, suspicious install script, and untrustworthy author email. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 51b9fa22264e38705c3a7ba319515ee66036e72ab14c32d08b01a5695aa191b8 This...

MAL-2026-2407 Malicious code in @ceeferenderer/itg-renderer-sdk (npm)

Malicious package due to code obfuscation, dynamic module loading, process exposure, suspicious install script, and untrustworthy author email. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 51b9fa22264e38705c3a7ba319515ee66036e72ab14c32d08b01a5695aa191b8 This...

MAL-2026-2406 Malicious code in @ceeferenderer/fe-renderer-sdk (npm)

Multiple evidences suggest malicious intent: code obfuscation, dynamic code execution, process access, install script, and suspicious email. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector feee20bafab758bb648bbe425a100a13e6d21799552a2b5566fe6029faef6ce4 Package...

Malicious code in cclr-component-resources (npm)

Multiple evidences suggest this package is a malware: code obfuscation, dynamic code execution, suspicious domain, and unusual install script. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 61af3265fce06cfbb9bbf20e38d468e136487f69c41f70b0bbb1b331535bdf82 The...

MAL-2026-2413 Malicious code in cclr-component-resources (npm)

Multiple evidences suggest this package is a malware: code obfuscation, dynamic code execution, suspicious domain, and unusual install script. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 61af3265fce06cfbb9bbf20e38d468e136487f69c41f70b0bbb1b331535bdf82 The...

EUVD-2026-9096

openDCIM version 23.04, through commit 4467e9c4, contains a missing authorization vulnerability in install.php and container-install.php. The installer and upgrade handler expose LDAP configuration functionality without enforcing application role checks. Any authenticated user can access this...

CVE-2026-28515 openDCIM <= 23.04 Missing Authorization in install.php

openDCIM version 23.04, through commit 4467e9c4, contains a missing authorization vulnerability in install.php and container-install.php. The installer and upgrade handler expose LDAP configuration functionality without enforcing application role checks. Any authenticated user can access this...

openSUSE 16 Security Update : chromium (openSUSE-SU-2026:20248-1)

The remote openSUSE 16 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20248-1 advisory. Changes in chromium: - more fixes for desktop file, some variables were lowercased, further adaptions in INSTALL script boo1258199 - also copy...

OPENSUSE-SU-2026:20248-1 Security update for chromium

This update for chromium fixes the following issues: Changes in chromium: - more fixes for desktop file, some variables were lowercased, further adaptions in INSTALL script boo1258199 - also copy rollup into thirdparty/node/nodemodules - stay on llvm-10 for swiftshader but bring a similar patch -...

Malicious code in test-for-ppe (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 11b30802efbc46f73d07dbb7b80490e86a7799e4a3abe24b128631de15ad41b1 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

MAL-2026-655 Malicious code in pipeline-poision-test (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 9de6153f538cb8ccedf00f0f944128afb45f14522913cf398754fc4021f47e3e Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

wireshark security update

4.4.2-4.0.1.el101.2 - Fix post script to not fail during initial installation Orabug: 37565359 1:4.4.2-4.2 - Resolves: RHEL-136916 - NULL Pointer Dereference in Wireshark CVE-2025-9817 1:4.4.2-4.1 - Resolves: RHEL-130425 - Access of Uninitialized Pointer in Wireshark...

CVE-2026-24840

Dokploy is a free, self-hostable Platform as a Service PaaS. In versions prior to 0.26.6, a hardcoded credential in the provided installation script located at https://dokploy.com/install.sh, line 154 uses a hardcoded password when creating the database container. This means that nearly all Dokpl...

CVE-2026-24840

Dokploy is a free, self-hostable Platform as a Service PaaS. In versions prior to 0.26.6, a hardcoded credential in the provided installation script located at https://dokploy.com/install.sh, line 154 uses a hardcoded password when creating the database container. This means that nearly all Dokpl...

CVE-2026-24840 Dokploy uses hardcoded credentials in installation script, which could result in database access

Dokploy is a free, self-hostable Platform as a Service PaaS. In versions prior to 0.26.6, a hardcoded credential in the provided installation script located at https://dokploy.com/install.sh, line 154 uses a hardcoded password when creating the database container. This means that nearly all Dokpl...

CVE-2026-24840 Dokploy uses hardcoded credentials in installation script, which could result in database access

Dokploy is a free, self-hostable Platform as a Service PaaS. In versions prior to 0.26.6, a hardcoded credential in the provided installation script located at https://dokploy.com/install.sh, line 154 uses a hardcoded password when creating the database container. This means that nearly all Dokpl...

CVE-2026-24840

CVE-2026-24840 affects Dokploy PaaS. In versions prior to 0.26.6, the installation script at install.sh contains a hardcoded database credential (line 154), causing nearly all deployments to share the same password and enabling potential compromise of the database container. Red Hat/NVD/CVE listi...

CVE-2026-24840

Dokploy is a free, self-hostable Platform as a Service PaaS. In versions prior to 0.26.6, a hardcoded credential in the provided installation script located at https://dokploy.com/install.sh, line 154 uses a hardcoded password when creating the database container. This means that nearly all Dokpl...

EUVD-2026-4905

Dokploy is a free, self-hostable Platform as a Service PaaS. In versions prior to 0.26.6, a hardcoded credential in the provided installation script located at https://dokploy.com/install.sh, line 154 uses a hardcoded password when creating the database container. This means that nearly all Dokpl...