Malicious code in loadcoremwassistant (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 20499474b0d0eb5a02bdd34aba8dbd438993b87506fb7a9bd88a62a729736221 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

MAL-2026-2834 Malicious code in loadcoremwassistant (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 20499474b0d0eb5a02bdd34aba8dbd438993b87506fb7a9bd88a62a729736221 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

MAL-2026-2836 Malicious code in restasv3 (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 8b1f1a7427290168b0acaa2bd682cb33a9d3384eb9f0ea95d2bbd295152bfff7 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

Vaadin Flow and the axios npm supply-chain compromise

On March 31, 2026, compromised versions of the popular axios HTTP client library 1.14.1 and 0.30.4 were published to NPM via a hijacked maintainer account. The malicious versions injected [email protected], a cross-platform RAT dropper that connected to a command-and-control server. The...

CVE-2026-41082

In OCaml opam before 2.5.1, a .install field containing a destination filepath can use ../ to reach a parent directory...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-007413)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007413 advisory. In the Linux kernel, the following vulnerability has been resolved: xen: fix UAF in dmabufexpfrompages dmabuffd fixes; no preferences regarding the tree it goes...

UBUNTU-CVE-2026-41082

In OCaml opam before 2.5.1, a .install field containing a destination filepath can use ../ to reach a parent directory...

[SECURITY] Fedora 44 Update: nix-2.34.5-1.fc44

Nix is a purely functional package manager. It allows multiple versions of a package to be installed side-by-side, ensures that dependency specifications are complete, supports atomic upgrades and rollbacks, allows non-root users to install software, and has many other features. It is the basis o...

Malicious code in robase-quick-install (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 f69377c01d5c0980cb9bf905be35133e5cd077e7c64c577460dc06e3871c2d9e During installation package downloads and runs a malicious executable. Likely continuation of 2026-03-rowrap. The campaign is built over a malicious Roblox API...

MAL-2026-2821 Malicious code in robase-quick-install (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 f69377c01d5c0980cb9bf905be35133e5cd077e7c64c577460dc06e3871c2d9e During installation package downloads and runs a malicious executable. Likely continuation of 2026-03-rowrap. The campaign is built over a malicious Roblox API...

electerm: electerm_install_script_CommandInjection Vulnerability Report

Impact What kind of vulnerability is it? Who is impacted? Command Injection vulnerabilities in electerm: A command injection vulnerability exists in github.com/elcterm/electerm/npm/install.js:150. The runMac function appends attacker-controlled remote releaseInfo.name directly into an exec"open...

GHSA-WXW2-RWMH-VR8F electerm: electerm_install_script_CommandInjection Vulnerability Report

Impact What kind of vulnerability is it? Who is impacted? Command Injection vulnerabilities in electerm: A command injection vulnerability exists in github.com/elcterm/electerm/npm/install.js:150. The runMac function appends attacker-controlled remote releaseInfo.name directly into an exec"open...

EUVD-2026-23288

In OCaml opam before 2.5.1, a .install field containing a destination filepath can use ../ to reach a parent directory...

CVE-2026-41082

In OCaml opam before 2.5.1, a .install field containing a destination filepath can use ../ to reach a parent directory...

CVE-2026-41082

In OCaml opam before 2.5.1, a .install field containing a destination filepath can use ../ to reach a parent directory...

CVE-2026-41082

OCaml opam before 2.5.1 is affected: a .install field containing a destination filepath can traverse to a parent directory via ../, enabling potential path traversal. The issue is fixed in opam 2.5.1 (see OCaml/opam release 2.5.1). Affected component: opam’s packaging/install logic; root cause: i...

CVE-2026-41082

In OCaml opam before 2.5.1, a .install field containing a destination filepath can use ../ to reach a parent directory...

CVE-2026-41082

In OCaml opam before 2.5.1, a .install field containing a destination filepath can use ../ to reach a parent directory...

CVE-2026-41082

In OCaml opam before 2.5.1, a .install field containing a destination filepath can use ../ to reach a parent directory...

WordPress Riaxe Product Customizer plugin <= 2.1.2 - Missing Authorization to Unauthenticated Arbitrary Options Update to Privilege Escalation via 'install-imprint' AJAX Action vulnerability

Missing Authorization to Unauthenticated Arbitrary Options Update to Privilege Escalation via 'install-imprint' AJAX Action vulnerability discovered by Kai Aizen in WordPress Plugin Riaxe Product Customizer versions = 2.1.2...