Malicious code in tailwindcss-animates-kit (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 36f982d7c842137890d743938442fe409fd41a786fe5727bcd77277406b2a189 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious Package

Overview tailwindcss-animates-kit is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...

MAL-2026-5630 Malicious code in tailwindcss-animates-kit (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 36f982d7c842137890d743938442fe409fd41a786fe5727bcd77277406b2a189 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in tailwind-dark-mode-kit (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 05c8c711242c04547353cacb4860ee757d595ac459a6f8d7311d2c0827a6bc92 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2026-5586 Malicious code in tailwind-dark-mode-kit (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 05c8c711242c04547353cacb4860ee757d595ac459a6f8d7311d2c0827a6bc92 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious Package

Overview tailwind-dark-mode-kit is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this packag...

.NET 8.0 security update

8.0.128-1.0.1 - Add support for Oracle Linux 8.0.128-1 - Update to .NET SDK 8.0.128 and Runtime 8.0.28 - Resolves: RHEL-181052 8.0.126-2 - Update to .NET SDK 8.0.126 and Runtime 8.0.26 - Resolves: RHEL-163413 8.0.125-2 - Update to .NET SDK 8.0.125 and Runtime 8.0.25 - Resolves: RHEL-152929...

.NET 9.0 security update

9.0.118-1.0.1 - Add support for Oracle Linux 9.0.118-1 - Update to .NET SDK 9.0.118 and Runtime 9.0.17 - Resolves: RHEL-181550 9.0.116-2 - Update to .NET SDK 9.0.116 and Runtime 9.0.15 - Resolves: RHEL-163389 9.0.115-2 - Update to .NET SDK 9.0.115 and Runtime 9.0.14 - Resolves: RHEL-152941...

CVE-2026-45644

Improper neutralization of input during web page generation 'cross-site scripting' in Microsoft Live Share Canvas SDK allows an authorized attacker to elevate privileges over a network...

CVE-2026-11417

OS command injection in the NodejsFunction local bundling pipeline in aws-cdk-lib before 2.245.0 2.246.0 on Windows might allow an actor who controls the value of one or more bundling properties externalModules, define, loader, inject, or esbuildArgs to execute arbitrary commands on the host...

CVE-2026-11417 OS Command Injection in NodejsFunction Bundling in aws-cdk-lib

OS command injection in the NodejsFunction local bundling pipeline in aws-cdk-lib before 2.245.0 2.246.0 on Windows might allow an actor who controls the value of one or more bundling properties externalModules, define, loader, inject, or esbuildArgs to execute arbitrary commands on the host...

CVE-2026-11417

OS command injection in the NodejsFunction local bundling pipeline of aws-cdk-lib (pre-2.245.0; 2.246.0 on Windows) allows a threat actor who controls bundling properties (externalModules, define, loader, inject, esbuildArgs) to execute arbitrary commands on the host running the CDK toolchain via...

@meme-sdk/trade (>=1.0.0 <=1.0.1), @solana-launchpad/sdk (>=1.0.10 <=1.0.13) +2 more potentially affected by unknown CVE via @validate-sdk/v2 (>=1.22.11 <=1.22.31)

@validate-sdk/v2 NPM version =1.22.11, =1.0.0, =1.0.10, =1.0.5, =1.0.6 - openpaw-graveyard =3.0.0 Source cves: unknown CVE Source advisory: OSV:MAL-2026-5497...

ALSA-2026:25114 Important: .NET 10.0 security update

.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 10.0.109 and .NET Runtime...

AWS Cloud Development Kit 操作系统命令注入漏洞

AWS Cloud Development Kit is an open-source software development framework developed by Amazon Web Services. It is used to define cloud infrastructure in code and configure it using AWS CloudFormation. Versions of the AWS Cloud Development Kit prior to 2.245.0 contained a vulnerability related to...

Important: .NET 10.0 security update

.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 10.0.109 and .NET Runtime...

Important: .NET 9.0 security update

.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 9.0.118 and .NET Runtime...

CVE-2026-41731 In Spring for Apache Kafka, overly broad trusted-package matching in header mappers exposes JDK classes to deserialization

JsonKafkaHeaderMapper and the deprecated DefaultKafkaHeaderMapper matched type headers against trusted packages using a prefix check, meaning that trusting any package implicitly trusted all of its subpackages. Combined with Jackson's default bean deserialization, a producer could supply crafted...

CVE-2026-45644 Microsoft Live Share Canvas SDK Elevation of Privilege Vulnerability

...

EUVD-2026-35551

Use after free in Windows SDK allows an authorized attacker to elevate privileges locally...