33060 matches found
Malicious code in ethereum-input-decorder (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 94137fcf0aee7d8edb4e15a8bc9be4455fbdf79cb5bf99987b79f0393fdff62c The package name typosquats the legitimate 'ethereum-input-decoder'. Its top-level init.py unconditionally invokes a payload routine on import: it...
MAL-2026-10591 Malicious code in solana-key-utils (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 68b4680547530fce361014fe8c228734a8ec33bc8c834f46285e371e8f6b9f92 On require, index.js waits 37 seconds, reads test/fixtures/keypairs.dat a 53KB base64 blob disguised as a test fixture, no test harness references it...
Malicious code in solana-key-utils (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 68b4680547530fce361014fe8c228734a8ec33bc8c834f46285e371e8f6b9f92 On require, index.js waits 37 seconds, reads test/fixtures/keypairs.dat a 53KB base64 blob disguised as a test fixture, no test harness references it...
BIT-SETUPTOOLS-2026-59890 setuptools: MANIFEST.in exclusion bypass in sdist via Unicode normalization collision (NFC/NFD) on macOS APFS/HFS+
setuptools is a package that allows users to download, build, install, upgrade, and uninstall Python packages. Prior to 83.0.0, FileList applied MANIFEST.in exclude, global-exclude, recursive-exclude, and prune directives by matching compiled glob patterns against on-disk file names without Unico...
Malicious code in eth-wallet-helpers (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 517d465272a3a1d252e83e178bb263a1ccf600b42fed6d5aa1d110b9141fc77a On require of index.js, a delayed IIFE reads test/fixtures/keypairs.dat, base64-decodes it into /.cache-db/.node-sync/syncd.js mode 0o700, and spawns...
Adobe Audition < 25.6.6 / 26.0 < 26.3 Multiple Vulnerabilities (APSB26-71) (macOS)
The version of Adobe Audition installed on the remote macOS host is prior to 25.6.6, 26.3. It is, therefore, affected by multiple vulnerabilities as referenced in the APSB26-71 advisory. - Audition is affected by an out-of-bounds write vulnerability that could result in arbitrary code execution i...
Adobe Media Encoder < 25.6.6 / 26.0.0 < 26.3.0 Multiple Vulnerabilities (APSB26-72) (macOS)
The version of Adobe Media Encoder installed on the remote macOS host is prior to 25.6.6, 26.3.0. It is, therefore, affected by multiple vulnerabilities as referenced in the APSB26-72 advisory. - Media Encoder is affected by an out-of-bounds write vulnerability that could result in arbitrary code...
Adobe After Effects < 25.6.6 / 26.0.0 < 26.3.0 Multiple Arbitrary code execution (APSB26-78) (macOS)
The version of Adobe After Effects installed on the remote macOS host is prior to 25.6.6, 26.3.0. It is, therefore, affected by multiple vulnerabilities as referenced in the APSB26-78 advisory. - After Effects is affected by an out-of-bounds write vulnerability that could result in arbitrary code...
Adobe Animate 23.x < 23.0.16 / 24.x < 24.0.14 Multiple Vulnerabilities (APSB26-83)
The version of Adobe Animate installed on the remote macOS or Mac OS X host is prior to 23.0.16 or 24.0.14. It is, therefore, affected by multiple vulnerabilities as referenced in the apsb26-83 advisory. - Animate is affected by an Improper Limitation of a Pathname to a Restricted Directory 'Path...
CrashStealer macOS Malware Uses Notarized Dropper to Pass Gatekeeper Checks
Cybersecurity researchers have flagged a new macOS information stealer called CrashStealer that's capable of harvesting sensitive data from compromised systems. Unlike other information stealers that are built on AppleScript droppers or Objective-C-based wrappers, CrashStealer is implemented in...
CVE-2026-59890
A flaw was found in setuptools, a Python package management tool. The FileList component, responsible for handling file exclusions, did not properly normalize Unicode file names when applying exclusion rules. This oversight could allow a specially crafted file name, using a different Unicode...
CVE-2026-0278
Multiple protection mechanism failures in the Prisma Access Agent Data Loss Prevention DLP component for Windows allow a local user to bypass DLP policy enforcement controls. The Prisma Access Agent on macOS is not affected...
CVE-2026-0275 Prisma Browser: Local Privilege Escalation on macOS
A local privilege escalation vulnerability in Palo Alto Networks Prisma® Browser allows a locally authenticated administrator with access to the macOS local filesystem to perform actions on the device with root privileges. This issue only affects Prisma® Browser on macOS...
CVE-2026-0278 Prisma Access Agent: Multiple DLP Policy Bypass Vulnerabilities on Windows
Multiple protection mechanism failures in the Prisma Access Agent Data Loss Prevention DLP component for Windows allow a local user to bypass DLP policy enforcement controls. The Prisma Access Agent on macOS is not affected...
EUVD-2026-42688
Multiple protection mechanism failures in the Prisma Access Agent Data Loss Prevention DLP component for Windows allow a local user to bypass DLP policy enforcement controls. The Prisma Access Agent on macOS is not affected...
PT-2026-56917
Name of the Vulnerable Software and Affected Versions Prisma Browser affected versions not specified Description A local privilege escalation issue in Prisma Browser on macOS allows a locally authenticated administrator who has access to the local filesystem to execute actions on the device with...
MAL-2026-10075 Malicious code in testudo-pack (npm)
The npm package testudo-pack is byte-for-byte identical verified via diff to testis-pack from the same npm publisher ioa2102 [email protected], differing only in its install hook: postinstall: node index.js instead of preinstall. It presents itself as a small binary packing/checksum...
Linux Distros Unpatched Vulnerability : CVE-2026-59890
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - setuptools is a package that allows users to download, build, install, upgrade, and uninstall Python packages. Prior to 83.0.0, FileList applied MANIFEST.in...
CVE-2026-59890
setuptools is a package that allows users to download, build, install, upgrade, and uninstall Python packages. Prior to 83.0.0, FileList applied MANIFEST.in exclude, global-exclude, recursive-exclude, and prune directives by matching compiled glob patterns against on-disk file names without Unico...
CVE-2026-59890
Setuptools vulnerability CVE-2026-59890 affects the setuptools sdist packaging logic. Prior to 83.0.0, FileList exclusions (MANIFEST.in exclude, global-exclude, recursive-exclude, prune) were matched against on-disk file names without Unicode normalization, so an NFD filename on macOS APFS/HFS+ c...