Malicious code in @b2b-portal/kit (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fa5c1b32159c7e6dc9c07e663c7f8cf3b3ee24450a33289a1a79589c69906eed The package @b2b-portal/kit was found to contain malicious code. Source: ghsa-malware 20de22d7080860e2c01f3de58d2809af28e543302e49545749666efd4956c23...

Malicious Package

Overview @b2b-portal/kit is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

MAL-2026-2577 Malicious code in @b2b-portal/kit (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fa5c1b32159c7e6dc9c07e663c7f8cf3b3ee24450a33289a1a79589c69906eed The package @b2b-portal/kit was found to contain malicious code. Source: ghsa-malware 20de22d7080860e2c01f3de58d2809af28e543302e49545749666efd4956c23...

FBI and Indonesian Police Dismantle W3LL Phishing Network Behind $20M Fraud Attempts

The U.S. Federal Bureau of Investigation FBI, in partnership with the Indonesian National Police, has dismantled the infrastructure associated with a global phishing operation that leveraged an off-the-shelf toolkit called W3LL to steal thousands of victims' account credentials and attempt more...

WordPress WP Directory Kit plugin <= 1.5.0 - SQL Injection vulnerability

SQL Injection vulnerability discovered by Martín Martín in WordPress Plugin WP Directory Kit versions = 1.5.0...

EUVD-2026-21900

A Code Injection and Missing Authentication vulnerability in Google Agent Development Kit ADK versions 1.7.0 and 2.0.0a1 through 1.28.1 and 2.0.0a2 on Python OSS, Cloud Run, and GKE allows an unauthenticated remote attacker to execute arbitrary code on the server hosting the ADK instance. This...

Arbitrary Code Injection

Overview google-adk is an Agent Development Kit Affected versions of this package are vulnerable to Arbitrary Code Injection via the the builder UI on Python OSS, Cloud Run, and GKEdue to missing authentication in the process. An attacker can execute arbitrary code on the server by uploading YAML...

Google Agent Development Kit (ADK) has a Code Injection and Missing Authentication vulnerability

A Code Injection and Missing Authentication vulnerability in Google Agent Development Kit ADK versions 1.7.0 and 2.0.0a1 through 1.28.1 and 2.0.0a2 on Python OSS, Cloud Run, and GKE allows an unauthenticated remote attacker to execute arbitrary code on the server hosting the ADK instance. This...

CVE-2026-4810

A Code Injection and Missing Authentication vulnerability in Google Agent Development Kit ADK versions 1.7.0 and 2.0.0a1 through 1.28.1 and 2.0.0a2 on Python OSS, Cloud Run, and GKE allows an unauthenticated remote attacker to execute arbitrary code on the server hosting the ADK instance. This...

CVE-2026-4810 Remote Code Execution in Google Agent Development Kit (ADK)

A Code Injection and Missing Authentication vulnerability in Google Agent Development Kit ADK versions 1.7.0 and 2.0.0a1 through 1.28.1 and 2.0.0a2 on Python OSS, Cloud Run, and GKE allows an unauthenticated remote attacker to execute arbitrary code on the server hosting the ADK instance. This...

CVE-2026-4810

A Code Injection and Missing Authentication vulnerability in Google Agent Development Kit ADK versions 1.7.0 and 2.0.0a1 through 1.28.1 and 2.0.0a2 on Python OSS, Cloud Run, and GKE allows an unauthenticated remote attacker to execute arbitrary code on the server hosting the ADK instance. This...

CVE-2026-4810 Remote Code Execution in Google Agent Development Kit (ADK)

A Code Injection and Missing Authentication vulnerability in Google Agent Development Kit ADK versions 1.7.0 and 2.0.0a1 through 1.28.1 and 2.0.0a2 on Python OSS, Cloud Run, and GKE allows an unauthenticated remote attacker to execute arbitrary code on the server hosting the ADK instance. This...

Agent Development Kit 安全漏洞

Agent Development Kit is an open-source development framework provided by Google for building and deploying AI agents. Versions 1.7.0 to 1.28.1 and 2.0.0a1 to 2.0.0a2 of the Agent Development Kit contain security vulnerabilities. These vulnerabilities stem from code injection and lack of...

PT-2026-32287

I got an alert from GitHub Dependabot to update the google-adk python version to v1.28.1 because of a vulnerability in versions 1.7.0 to 1.28.0. https://github.com/advisories/GHSA-rg7c-g689-fr3x A Code Injection and Missing Authentication vulnerability in Google Agent Development Kit ADK versions...

@alexaegis/svelte-config (>=0.9.2 <=0.15.0), @builders-of-stuff/svelte-sui-wallet-adapter (>=1.1.4 <=2.1.0) +11 more potentially affected by CVE-2026-40074 via @sveltejs/kit (>=2.0.0 <=2.55.0)

@sveltejs/kit NPM version =2.0.0, =0.9.2, =1.1.4, =0.0.137, =0.1.0, =0.4.1, =5.0.0-alpha.1, =0.0.1, =1.0.1-next.0, =0.0.10, =1.0.2, =0.0.1, =1.3.0, =1.15.1 Source cves: CVE-2026-40074 Source advisory: SNYK:JS-SVELTEJSKIT-15967888...

@alexaegis/svelte-config (>=0.9.2 <=0.15.0), @builders-of-stuff/svelte-sui-wallet-adapter (>=1.1.4 <=2.1.0) +11 more potentially affected by CVE-2026-40073 via @sveltejs/kit (>=2.0.0 <=2.55.0)

@sveltejs/kit NPM version =2.0.0, =0.9.2, =1.1.4, =0.0.137, =0.1.0, =0.4.1, =5.0.0-alpha.1, =0.0.1, =1.0.1-next.0, =0.0.10, =1.0.2, =0.0.1, =1.3.0, =1.15.1 Source cves: CVE-2026-40073 Source advisory: SNYK:JS-SVELTEJSKIT-15967891...

@sveltejs/adapter-node has a BODY_SIZE_LIMIT bypass

Under certain circumstances, requests could bypass the BODYSIZELIMIT on SvelteKit applications running with adapter-node. This bypass does not affect body size limits at other layers of the application stack, so limits enforced in the WAF, gateway, or at the platform level are unaffected...

Malicious code in @lamoda/seller-ui-kit (npm)

Malicious package with preinstall script executing a file that gathers sensitive data and exfiltrates it to a suspicious domain. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector dec0cd5c3b13d6c0355868de10ce8ebcf855a28254251280b38743e860217f98 The package...

MAL-2026-2588 Malicious code in @lamoda/seller-ui-kit (npm)

Malicious package with preinstall script executing a file that gathers sensitive data and exfiltrates it to a suspicious domain. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector dec0cd5c3b13d6c0355868de10ce8ebcf855a28254251280b38743e860217f98 The package...

Sleuth Kit tsk_recover Path Traversal

...