5600 matches found
CVE-2026-42574
The CVE-2026-42574 issue affects apko dirFS used to build/publish OCI images. A crafted APK could place a TypeSymlink tar entry whose target points outside the build root, enabling traversal to host paths via subsequent directory creation or write operations within the same or later archive. Root...
CVE-2026-2625 Rust-rpm-sequoia: rust-rpm-sequoia: denial of service via crafted rpm file during signature verification
A flaw was found in rust-rpm-sequoia. An attacker can exploit this vulnerability by providing a specially crafted Red Hat Package Manager RPM file. During the RPM signature verification process, this crafted file can trigger an error in the OpenPGP signature parsing code, leading to an...
CVE-2026-2625
A flaw was found in rust-rpm-sequoia. An attacker can exploit this vulnerability by providing a specially crafted Red Hat Package Manager RPM file. During the RPM signature verification process, this crafted file can trigger an error in the OpenPGP signature parsing code, leading to an...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Sha1-hulud supply chain attack, and its content was removed from the official package manager. The malware functions as a self-replicating worm capable of...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Sha1-hulud supply chain attack, and its content was removed from the official package manager. The malware functions as a self-replicating worm capable of...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Sha1-hulud supply chain attack, and its content was removed from the official package manager. The malware functions as a self-replicating worm capable of...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Sha1-hulud supply chain attack, and its content was removed from the official package manager. The malware functions as a self-replicating worm capable of...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Sha1-hulud supply chain attack, and its content was removed from the official package manager. The malware functions as a self-replicating worm capable of...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Sha1-hulud supply chain attack, and its content was removed from the official package manager. The malware functions as a self-replicating worm capable of...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Sha1-hulud supply chain attack, and its content was removed from the official package manager. The malware functions as a self-replicating worm capable of...
Malicious code in web-route-final-nu-route (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3a5c7be5f1d5e20af05a8a41845cf88aa11d49fe80adadaa957e21395a29b1a4 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in cosmogenic-spinner-andromeda-quasarjet (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3192e1b1356672c3cd9c2ed6782552c38b1e7b45566fb986f074c3a22823a61b This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in quantum-computing-less-loader-mensa-css-loader (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector eefb4c011996c06f58eda7e1840993e823cf3eddca4bdc92a366643fbc9da57c This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in deploy-good-data-double-unix (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c9f539fb8f3d51fa364bbc575962a64190641a7845e4ad288836f916b9fe9df7 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in apex-aurora-xml-fomalhaut (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector dd7d0a68560ea990b728310621a54435d29f21a74d08f8126b4956b41fc0234e This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in draco-terser-webpack-plugin-hermes-corvus (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0cfc47154389db6b336180cea32210fc4d2ad1ab645c023aa1af51c7d31900f5 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in big-tau-stack-root-compress (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4589efda7676656b37dde7e69e0fe24d7b7685946d2b91de4fbbf0757782b255 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in ignite-cosmicray-accretion-altair (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6898aafe008e3c13932d7554f16b7c52bff08415b7ba39795af33e4b574c3c6f This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in miranda-cosmos-resonance-loopback (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c95e97f651188e953913cd0aa5f218e99332b565f20b2a3260e5b791bee3db7b This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in geodynamo-draco-cache-thermochronology (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector faf8bc17f4419109058b137dbb7f9cfea702b6352c942c830cee9294fde9f0f9 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...