Malicious code in react-native-country-select (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 769c13bead812dac05aaece43d165b10a7574c48a0a030b703e022325f736380 The package react-native-country-select was found to contain malicious code. Source: ghsa-malware...

MAL-2026-1931 Malicious code in react-native-country-select (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 769c13bead812dac05aaece43d165b10a7574c48a0a030b703e022325f736380 The package react-native-country-select was found to contain malicious code. Source: ghsa-malware...

Malicious code in react-native-international-phone-number (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f86d66bcbb0f2abf075d3d4ce6a18c3a8ec1563e35087a9fe409f56f9fb64a9f The package react-native-international-phone-number was found to contain malicious code. Source: ghsa-malware...

MAL-2026-1932 Malicious code in react-native-international-phone-number (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f86d66bcbb0f2abf075d3d4ce6a18c3a8ec1563e35087a9fe409f56f9fb64a9f The package react-native-international-phone-number was found to contain malicious code. Source: ghsa-malware...

Important: tomcat

Issue Overview: mproper Input Validation vulnerability. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.14, from 10.1.0-M1 through 10.1.49, from 9.0.0-M1 through 9.0.112. The following versions were EOL at the time the CVE was created but are known to be affected: 8.5.0 through...

Amazon Linux 2 : tomcat, --advisory ALAS2TOMCAT9-2026-024 (ALASTOMCAT9-2026-024)

The version of tomcat installed on the remote host is prior to 9.0.115-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2TOMCAT9-2026-024 advisory. mproper Input Validation vulnerability. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.14, from...

h3 has a middleware bypass with one gadget

H3 NodeRequestUrl bugs Vulnerable pieces of code : js import H3, serve, defineHandler, getQuery, getHeaders, readBody, defineNodeHandler from "h3"; let app = new H3 const internalOnly = defineHandlerevent, next = const token = event.headers.get"x-internal-key"; if token !==...

PT-2026-26194

H3 NodeRequestUrl bugs Vulnerable pieces of code : js import H3, serve, defineHandler, getQuery, getHeaders, readBody, defineNodeHandler from "h3"; let app = new H3 const internalOnly = defineHandlerevent, next = const token = event.headers.get"x-internal-key"; if token !==...

Embedded Malicious Code

Overview react-native-country-select is a 🌍 React Native country picker with flags, search, TypeScript, i18n, and offline support. Lightweight, customizable, and designed with a modern UI. Affected versions of this package are vulnerable to Embedded Malicious Code. The publishing pipeline of this...

Embedded Malicious Code

Overview react-native-international-phone-number is an International mobile phone input component with mask for React Native Affected versions of this package are vulnerable to Embedded Malicious Code. The publishing pipeline of this package was compromised and a malicious version was released on...

Security update for tomcat11

This update for tomcat11 fixes the following issues: Update to Tomcat 11.0.18: CVE-2025-66614: client certificate verification bypass due to virtual host mapping bsc1258371. CVE-2026-24733: improper input validation on HTTP/0.9 requests bsc1258385. CVE-2026-24734: certificate revocation bypass du...

PT-2026-24821

Summary The updateUserNotifications endpoint accepts a user ID from the request payload and uses it to update that user's notification preferences. It checks that the caller is logged in but never verifies that the caller owns the target account id !== userData.user.id. Any authenticated visitor...

ROS-20260310-73-0015

A vulnerability in the ANGLE library of the Google Chrome browser is related to the ability to use memory after it has been freed. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service...

Astra Linux - уязвимость в tomcat9

Improper Input Validation vulnerability in Apache Tomcat Native, Apache Tomcat. When using an OCSP responder, Tomcat Native and Tomcat's FFM port of the Tomcat Native code did not complete verification or freshness checks on the OCSP response which could allow certificate revocation to be bypasse...

@zextras/carbonio-design-system (=12.0.3), react-native-github-markdown (>=2.1.0 <=2.2.0) potentially affected by CVE-2025-68467 via darkreader (>=4.7.15 <=4.9.105)

darkreader NPM version =4.7.15, =2.1.0, =2.2.0 Source cves: CVE-2025-68467 Source advisory: SNYK:JS-DARKREADER-15441035...

@zextras/carbonio-design-system (=12.0.3), react-native-github-markdown (>=2.1.0 <=2.2.0) potentially affected by CVE-2025-68467 via darkreader (>=4.7.15 <=4.9.105)

darkreader NPM version =4.7.15, =2.1.0, =2.2.0 Source cves: CVE-2025-68467 Source advisory: OSV:GHSA-X369-MCW8-8RVJ...

Exploit for Integer Overflow or Wraparound in Apple Ipados

Coruna: Full-Chain Safari/WebKit Exploit Kit Research & Ana...

SUSE CVE-2026-26963

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Versions 1.18.0 through 1.18.5 will incorrectly permit traffic from Pods on other nodes when Native Routing, WireGuard and Node Encryption are enabled. This issue has been fixed in version 1.18.6...

Malicious code in qwery-core (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 c4861116d64db41be8bae04818ecc9f3542fe4bc30055d57588f6f23c11149f3 Obfuscated downloader of encrypted code, compiled to native binary. The remote URL has to be provided to the binary. Likely impersonates legitimate npm library...

CVE-2026-27596 Exiv2: Integer Underflow in LoaderNative::getData() Causes Heap Buffer Overflow

Exiv2 is a C++ library and a command-line utility to read, write, delete and modify Exif, IPTC, XMP and ICC image metadata. Prior to version 0.28.8, an out-of-bounds read was found in Exiv2. The vulnerability is in the preview component, which is only triggered when running Exiv2 with an extra...