MAL-2026-6143 Malicious code in node-vfs-polyfill (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7fb213e524ed75dcb54961d6d2ee9431ea6a32f4fdcb9d777bc260102920d81b On install, postinstall.js executes automatically and exfiltrates host reconnaissance data to attacker-controlled subdomains on oastify.com Burp...

MAL-2026-5394 Malicious code in @sql-access/nodesql (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2acee7592879b9eab377fb8e97a1fa2949b298f4418d37fb963e157971638c90 @sql-access/[email protected] is a decoy package whose identity, README, and code do not match. The package name and keywords advertise SQL/Node...

CVE-2026-46644

insecure equivalence in symfony/polyfill-intl-idn for ASCII-only xn-- labels...

UBUNTU-CVE-2026-46644

insecure equivalence in symfony/polyfill-intl-idn for ASCII-only xn-- labels...

Linux Distros Unpatched Vulnerability : CVE-2026-46644

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - symfony/polyfill-intl-idn: xn-- labels with ASCII-only Punycode payloads are treated as equivalent to their decoded form CVE-2026-46644 Note that Nessus relies ...

Incorrect Comparison

Overview Affected versions of this package are vulnerable to Incorrect Comparison in the process function in Idn.php, which does not necessarily treat xn-- labeled input as punycode, if it contains only ASCII. This case was overlooked in the specification until UTS 46 revision 33, when it was...

CVE-2026-46644

insecure equivalence in symfony/polyfill-intl-idn for ASCII-only xn-- labels...

CVE-2026-46644: symfony/polyfill-intl-idn accepts xn-- labels whose Punycode payload decodes to ASCII-only: insecure equivalence

More info at https://symfony.com/cve-2026-46644...

PT-2026-43392

Name of the Vulnerable Software and Affected Versions symfony/polyfill-intl-idn versions prior to 1.x Description The Idn::process function fails to enforce the validity criterion defined in UTS 46 revision 33 Section 4 step 4.1.2. Specifically, it does not verify that a label prefixed with xn--...

[SECURITY] Fedora 44 Update: rust-podman-sequoia-0.3.2-2.fc44

A polyfill to use Sequoia as a signing backend for containers...

Malicious code in rollup-plugin-polyfill-route (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ae32c5ba788989f856ede10fa991e6dafa8d9263b0f5fc7384c69fba97e41d4a The package rollup-plugin-polyfill-route was found to contain malicious code. Source: ghsa-malware...

Malicious Package

Overview rollup-plugin-polyfill-route is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...

MAL-2026-3009 Malicious code in rollup-plugin-polyfill-route (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ae32c5ba788989f856ede10fa991e6dafa8d9263b0f5fc7384c69fba97e41d4a The package rollup-plugin-polyfill-route was found to contain malicious code. Source: ghsa-malware...

Malicious Package

Overview rollup-plugin-polyfill-utils is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...

Malicious code in rollup-plugin-polyfill-utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 985c6e7bc0975c513137b35a6dca07cf02aa2b87444716244933ca17d56c6bd2 The package rollup-plugin-polyfill-utils was found to contain malicious code. Source: ghsa-malware...

MAL-2026-1979 Malicious code in rollup-plugin-polyfill-utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 985c6e7bc0975c513137b35a6dca07cf02aa2b87444716244933ca17d56c6bd2 The package rollup-plugin-polyfill-utils was found to contain malicious code. Source: ghsa-malware...

Malicious code in rollup-plugin-polyfill-build (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 66951e7a327d1fc859d6225c197895d0366cbe1dcb33f3fcf4879b223211a76a The package rollup-plugin-polyfill-build was found to contain malicious code. Source: ghsa-malware...

Malicious Package

Overview rollup-plugin-polyfill-build is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...

MAL-2026-1967 Malicious code in rollup-plugin-polyfill-build (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 66951e7a327d1fc859d6225c197895d0366cbe1dcb33f3fcf4879b223211a76a The package rollup-plugin-polyfill-build was found to contain malicious code. Source: ghsa-malware...

SUSE CVE-2026-32260

Deno is a JavaScript, TypeScript, and WebAssembly runtime. From 2.7.0 to 2.7.1, A command injection vulnerability exists in Deno's node:childprocess polyfill shell: true mode that bypasses the fix for CVE-2026-27190. The two-stage argument sanitization in transformDenoShellCommand...