Malicious code in oh-langfuse (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b94251e0353c83033676a5e7b3a5c2b039b3e79914adda00d48aea70750a25bf The package's documented oh-langfuse setup command defaults LANGFUSEBASEURL to the bare-IP plaintext endpoint http://120.46.221.227:3000 bin/cli.js...

CLEANSTART-2026-TL66481 Security fixes for CVE-2024-24786, CVE-2024-35255, CVE-2025-22868, CVE-2025-61726, CVE-2025-61728, CVE-2025-61730, CVE-2025-61732, CVE-2025-68119, CVE-2025-68121, CVE-2026-25679, CVE-2026-27139, CVE-2026-27142, CVE-2026-27143, CVE-2026-27144, CVE-2026-32280, CVE-2026-32281, CVE-2026-32282, CVE-2026-32283, CVE-2026-32289, CVE-2026-33810, CVE-2026-33811, CVE-2026-33814, CVE-2026-39817, CVE-2026-39819, CVE-2026-39820, CVE-2026-39823, CVE-2026-39825, CVE-2026-39826, CVE-2026-39836, CVE-2026-40179, CVE-2026-42151, CVE-2026-42154, CVE-2026-42499, CVE-2026-42501, CVE-2026-44903, ghsa-8rm2-7qqf-34qm, ghsa-fw8g-cg8f-9j28, ghsa-vffh-x6r8-xx99, ghsa-wg65-39gg-5wfj applied in versions: 0.69.1-r0, 0.69.1-r1, 0.87.1-r0, 0.89.0-r0

Multiple security vulnerabilities affect the prometheus-operator package. These issues are resolved in later releases. See references for individual vulnerability details...

CLEANSTART-2026-MV81821 Security fixes for CVE-2025-61726, CVE-2025-61728, CVE-2025-61730, CVE-2025-61732, CVE-2025-68119, CVE-2025-68121, CVE-2026-25679, CVE-2026-27139, CVE-2026-27142, CVE-2026-29181, CVE-2026-32280, CVE-2026-32281, CVE-2026-32282, CVE-2026-32283, CVE-2026-32289, CVE-2026-33811, CVE-2026-33814, CVE-2026-39817, CVE-2026-39819, CVE-2026-39820, CVE-2026-39823, CVE-2026-39825, CVE-2026-39826, CVE-2026-39836, CVE-2026-40179, CVE-2026-42151, CVE-2026-42154, CVE-2026-42499, CVE-2026-42501, CVE-2026-44903, ghsa-8rm2-7qqf-34qm, ghsa-fw8g-cg8f-9j28, ghsa-mh2q-q3fh-2475, ghsa-vffh-x6r8-xx99, ghsa-wg65-39gg-5wfj applied in versions: 0.87.1-r0, 0.87.1-r1, 0.87.1-r2, 0.87.1-r3

Multiple security vulnerabilities affect the prometheus-operator package. These issues are resolved in later releases. See references for individual vulnerability details...

CLEANSTART-2026-LG79681 Security fixes for CVE-2025-61726, CVE-2025-61728, CVE-2025-61730, CVE-2025-61732, CVE-2025-68119, CVE-2025-68121, CVE-2026-25679, CVE-2026-27139, CVE-2026-27142, CVE-2026-27144, CVE-2026-29181, CVE-2026-32280, CVE-2026-32281, CVE-2026-32282, CVE-2026-32283, CVE-2026-32289, CVE-2026-33810, CVE-2026-33811, CVE-2026-33814, CVE-2026-39817, CVE-2026-39819, CVE-2026-39820, CVE-2026-39823, CVE-2026-39825, CVE-2026-39826, CVE-2026-39836, CVE-2026-42499, CVE-2026-42501, ghsa-mh2q-q3fh-2475 applied in versions: 0.87.1-r0, 0.89.0-r0, 0.89.0-r1

Multiple security vulnerabilities affect the prometheus-operator package. These issues are resolved in later releases. See references for individual vulnerability details...

CLEANSTART-2026-OD56729 Security fixes for CVE-2025-61726, CVE-2025-61728, CVE-2025-61730, CVE-2025-61732, CVE-2025-68119, CVE-2025-68121, CVE-2026-25679, CVE-2026-27139, CVE-2026-27142, CVE-2026-27143, CVE-2026-27144, CVE-2026-29181, CVE-2026-32280, CVE-2026-32281, CVE-2026-32282, CVE-2026-32283, CVE-2026-32289, CVE-2026-33810, CVE-2026-33811, CVE-2026-33814, CVE-2026-39817, CVE-2026-39819, CVE-2026-39820, CVE-2026-39823, CVE-2026-39825, CVE-2026-39826, CVE-2026-39836, CVE-2026-42499, CVE-2026-42501, ghsa-mh2q-q3fh-2475 applied in versions: 0.87.1-r0, 0.88.1-r0, 0.89.0-r0

Multiple security vulnerabilities affect the prometheus-operator package. These issues are resolved in later releases. See references for individual vulnerability details...

CLEANSTART-2026-CH40794 Security fixes for CVE-2025-61726, CVE-2025-61728, CVE-2025-61730, CVE-2025-61732, CVE-2025-68119, CVE-2025-68121, CVE-2026-25679, CVE-2026-27139, CVE-2026-27142, CVE-2026-33811, CVE-2026-33814, CVE-2026-39817, CVE-2026-39819, CVE-2026-39820, CVE-2026-39823, CVE-2026-39825, CVE-2026-39826, CVE-2026-39836, CVE-2026-42499, CVE-2026-42501 applied in versions: 0.87.1-r0, 0.89.0-r0, 0.90.1-r0

Multiple security vulnerabilities affect the prometheus-operator package. These issues are resolved in later releases. See references for individual vulnerability details...

GHSA-M7CR-M3PV-HGRP vulnerabilities

Vulnerabilities for packages: flux, cerbos, gitea, bom, argo-events, nfpm, zarf, external-secrets-operator, kaniko, tfsec, scorecard, trivy-operator, melange, grype, xeol, crossplane, pulumi-language-yaml, skaffold, osv-scanner, kubevela, zot, kubescape, rancher-fleet, kyverno, teleport, argo-cd,...

GHSA-CRHJ-59GH-8X96 vulnerabilities

Vulnerabilities for packages: flux, cerbos, gitea, bom, argo-events, nfpm, zarf, external-secrets-operator, kaniko, tfsec, scorecard, trivy-operator, melange, grype, xeol, crossplane, pulumi-language-yaml, skaffold, osv-scanner, kubevela, zot, kubescape, rancher-fleet, kyverno, teleport, argo-cd,...

CVE-2026-45571 vulnerabilities

Vulnerabilities for packages: flux, cerbos, gitea, bom, argo-events, nfpm, zarf, external-secrets-operator, kaniko, tfsec, scorecard, trivy-operator, melange, grype, xeol, crossplane, pulumi-language-yaml, skaffold, osv-scanner, kubevela, zot, kubescape, rancher-fleet, kyverno, teleport, argo-cd,...

CVE-2026-45570 vulnerabilities

Vulnerabilities for packages: flux, cerbos, gitea, bom, argo-events, nfpm, zarf, external-secrets-operator, kaniko, tfsec, scorecard, trivy-operator, melange, grype, xeol, crossplane, pulumi-language-yaml, skaffold, osv-scanner, kubevela, zot, kubescape, rancher-fleet, kyverno, teleport, argo-cd,...

GHSA-CRHJ-59GH-8X96 vulnerabilities

Vulnerabilities for packages: cg, rancher-fleet, flux, jfrog-cli, trivy, gitlab-rails-ce-fips, trufflehog, argo-events-fips, melange, zot, pulumi-kubernetes-operator, argocd-image-updater-fips, pulumi, chainctl, act, gitlab-runner, witness, kyverno, argo-cd-fips, guac, teleport, steampipe,...

GHSA-M7CR-M3PV-HGRP vulnerabilities

Vulnerabilities for packages: cg, rancher-fleet, flux, jfrog-cli, trivy, gitlab-rails-ce-fips, trufflehog, argo-events-fips, melange, zot, pulumi-kubernetes-operator, argocd-image-updater-fips, pulumi, chainctl, act, gitlab-runner, witness, kyverno, argo-cd-fips, guac, teleport, steampipe,...

CVE-2026-45571 vulnerabilities

Vulnerabilities for packages: cg, rancher-fleet, flux, jfrog-cli, trivy, gitlab-rails-ce-fips, trufflehog, argo-events-fips, melange, zot, pulumi-kubernetes-operator, argocd-image-updater-fips, pulumi, chainctl, act, gitlab-runner, witness, kyverno, argo-cd-fips, guac, teleport, steampipe,...

GO-2026-4996 Grafana Tempo Operator Vulnerable to Exposure of Sensitive Information to an Unauthorized Actor in github.com/grafana/tempo-operator

Grafana Tempo Operator Vulnerable to Exposure of Sensitive Information to an Unauthorized Actor in github.com/grafana/tempo-operator...

Malicious code in vlifegram (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8771013473b84f29159a80ec15ce3e9897bc69908ddfa2438845811dd276d87c VLifeGram is published under its own name on PyPI but installs into the pyrogram/ namespace and ships a Pyrogram fork at version 2.1.2.4. It adds an...

EUVD-2026-31140

In Splunk AI Toolkit versions below 5.7.3, a low-privileged user that does not hold the 'admin' or 'power' roles could access confidential data that was restricted through srchFilter configurations on custom roles.The app contains an authorize.conf configuration file with a srchFilter entry that...

Important: Red Hat Security Advisory: Red Hat build of Keycloak 26.4.12 Images Security Update

New images are available for Red Hat build of Keycloak 26.4.12 and Red Hat build of Keycloak 26.4.12 Operator, running on OpenShift Container Platform Red Hat build of Keycloak is an integrated sign-on solution, available as a Red Hat JBoss Middleware for OpenShift containerized image. The Red Ha...

Important: Red Hat Security Advisory: Red Hat build of Keycloak 26.2.16 Images Security Update

New images are available for Red Hat build of Keycloak 26.2.16 and Red Hat build of Keycloak 26.2.16 Operator, running on OpenShift Container Platform Red Hat build of Keycloak is an integrated sign-on solution, available as a Red Hat JBoss Middleware for OpenShift containerized image. The Red Ha...

Astra Linux - уязвимость в vim

Floating Point Comparison with Incorrect Operator in GitHub repository vim/vim prior to 9.0.0804...

Astra Linux - уязвимость в linux, linux-5.10, linux-5.15, linux-6.1

In the Linux kernel, the following vulnerabilities have been resolved: l2tp: The correct message length must be passed to ip6 AppendData. l2tpip6sendmsg needs to avoid accounting for the transport header twice when splicing more data into an already partially-occupied skbuff. To handle this, we...