EUVD-2026-39812

extract-zip does not validate symlink targets when extracting zip archives. When processing a malicious zip file containing a symlink with a relative path like '../../../../etc/passwd', extract-zip will extract the symlink without validation, allowing it to point outside the extraction directory...

EUVD-2025-210362

The default JVM can access files and directories under /tmp/ including the $TemporaryDirectory of other users on the same cloud instance /tmp/UserTemporaryFiles/. The -init file for the the JVM initialization exists in the vulnerable directory during the startup of the JVM. An attacker with acces...

CVE-2026-56876

CVE-2026-56876 affects the extract-zip library: when extracting archives, symlink targets are not validated, enabling a symlink with a relative path (e.g., '../../../../etc/passwd') to point outside the extraction directory. Depending on usage, this could allow reading or writing to arbitrary fil...

CVE-2026-55686 Podman: WORKDIR symlink traversal vulnerability

Podman is a tool for managing OCI containers and pods. From 3.0.0 until 5.7.1, running a malicious container image where the WORKDIR path contains a symlink can create a directory or modify ownership on the host filesystem. Modified ownership is less likely to happen as that requires help from an...

CVE-2026-44018

Docling simplifies document processing by parsing diverse formats and providing integrations with the generative AI ecosystem. From 2.45.0 until 2.91.0, the METS-GBS backend's XML parsing and the input document format detection lacked security controls. An attacker could craft malicious METS-GBS...

CVE-2025-11919

The default JVM can access files and directories under /tmp/ including the $TemporaryDirectory of other users on the same cloud instance /tmp/UserTemporaryFiles/. The -init file for the the JVM initialization exists in the vulnerable directory during the startup of the JVM. An attacker with acces...

CVE-2026-57518

Pagekit CMS 1.0.18 contains a privilege escalation flaw in UserApiController::saveAction(). Authenticated users with the 'user: manage users' permission can assign arbitrary custom roles to themselves, including roles with 'system: manage packages' permission, enabling them to upload and install ...

CVE-2026-57518

Pagekit CMS 1.0.18 contains a privilege escalation vulnerability that allows authenticated users with the 'user: manage users' permission to escalate privileges by assigning arbitrary custom roles to themselves due to missing authorization checks in UserApiController::saveAction. Attackers can...

EUVD-2026-39790

Docling simplifies document processing by parsing diverse formats and providing integrations with the generative AI ecosystem. From 2.45.0 until 2.91.0, the METS-GBS backend's XML parsing and the input document format detection lacked security controls. An attacker could craft malicious METS-GBS...

CVE-2025-11919 Unprotected temporary directories in Wolfram Cloud may result in privilege escalation

The default JVM can access files and directories under /tmp/ including the $TemporaryDirectory of other users on the same cloud instance /tmp/UserTemporaryFiles/. The -init file for the the JVM initialization exists in the vulnerable directory during the startup of the JVM. An attacker with acces...

CVE-2025-11919

The default JVM can access files and directories under /tmp/ including the $TemporaryDirectory of other users on the same cloud instance /tmp/UserTemporaryFiles/. The -init file for the the JVM initialization exists in the vulnerable directory during the startup of the JVM. An attacker with acces...

CVE-2025-11919

CVE-2025-11919 affects Wolfram Cloud (multi-tenant environment) where the default JVM can access temporary resources under /tmp, including other users’ TemporaryDirectory. A race during JVM startup allows an attacker with access to shared /tmp to create/replace .jar files via the -init file, caus...

Malicious code in @epsteinlovekids483/crossmint-wallets-sdk-pentest (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6e43e5a418541bb3e485010eba536ecc9f1483dba866af53ff4a760684409213 Package's main entry dist/index.cjs unconditionally requires dist/shai-hulud.js at module load. On require, the code harvests installer secrets —...

MAL-2026-6513 Malicious code in dtxto1ols (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 926fc822a2a507fafa6d2e1bb02a9b2bada7d89d3042bd3f0cac0ba2fd7c1991 package.json declares a postinstall script that runs automatically on npm install. The script performs filesystem reconnaissance find / -type f...

Malicious code in dtxto1ols (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 926fc822a2a507fafa6d2e1bb02a9b2bada7d89d3042bd3f0cac0ba2fd7c1991 package.json declares a postinstall script that runs automatically on npm install. The script performs filesystem reconnaissance find / -type f...

Malicious code in dtxtools (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector de085e4b6d38025a5a0b959b19b1022deaa7525b427e66679b58b6892328297a package.json declares a postinstall lifecycle script that auto-executes on npm install. The hook performs a recursive filesystem search for database...

MAL-2026-6514 Malicious code in dtxtools (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector de085e4b6d38025a5a0b959b19b1022deaa7525b427e66679b58b6892328297a package.json declares a postinstall lifecycle script that auto-executes on npm install. The hook performs a recursive filesystem search for database...

CVE-2026-41523

A flaw was found in vLLM, an inference and serving engine for large language models LLMs. An unauthenticated attacker can exploit an assert-based security check during activation function loading. By publishing a malicious HuggingFace model, an attacker can achieve arbitrary code execution on the...

MAL-2026-6512 Malicious code in react-context-form-tdsss (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7a53e75a65681ee9ea818634ddee1ed52c6c8398dbd68e2b6abca255b24aaf37 [email protected] is a dependency-confusion payload. package.json declares scripts.preinstall="node index.js", and index.js issues an...

Malicious code in react-context-form-tdsss (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7a53e75a65681ee9ea818634ddee1ed52c6c8398dbd68e2b6abca255b24aaf37 [email protected] is a dependency-confusion payload. package.json declares scripts.preinstall="node index.js", and index.js issues an...