MAL-2026-5419 Malicious code in @nstrlabs/auth (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 608be3457e7c809e60c1b76b9406489652f0ef708bfb97db2b6e0bb92b6836c2 On npm install, the package's preinstall hook node index.js || true, declared in package.json automatically collects host identifiers — os.hostname,...

CIFSwitch

CIFSwitch CVE-2026-46243 Writeuphttps://heyitsas.im/post...

Malicious code in intl-ads (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c7e29be11c53c137c2a24258ae423cf422fefcaad06183d67aa5c895a8fe4801 On npm install, the package's scripts.preinstall runs poc.js which collects hostname, username, full network configuration ipconfig/ip a/resolv.conf,...

Malicious code in osep-api-hub-service-client-v1 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cd131719d20e013a4627e1ea402ffc26135d66a5d6dd35669b8a3a6fb85e5f76 package.json declares "preinstall": "node index.js", causing index.js to run automatically on npm install. index.js collects host identifiers —...

Malicious code in @vivaux/telemetry (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e0a848407f225f6d34a9d48d9619b517c80e007c2a12c20a341e48cb7f907f81 @vivaux/[email protected] ships an empty index.js and exists only to pull in an off-registry dependency. package.json declares "ltidisafe":...

MAL-2026-4463 Malicious code in @vivaux/telemetry (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e0a848407f225f6d34a9d48d9619b517c80e007c2a12c20a341e48cb7f907f81 @vivaux/[email protected] ships an empty index.js and exists only to pull in an off-registry dependency. package.json declares "ltidisafe":...

Linux Distros Unpatched Vulnerability : CVE-2019-6789

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It allows Information Disclosu...

SUSE CVE-2010-3706

plugins/acl/acl-backend-vfile.c in Dovecot 1.2.x before 1.2.15 and 2.0.x before 2.0.5 interprets an ACL entry as a directive to add to the permissions granted by another ACL entry, instead of a directive to replace the permissions granted by another ACL entry, in certain circumstances involving t...

PT-2020-11909 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: GitLab EE versions 11.6 through 12.8.1 Description: The issue allows information disclosure by sending a specially crafted request to the "vulnerability feedback" endpoint, potentially exposing a private project namespace. Recommendations: Fo...

UBUNTU-CVE-2019-6789

An issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It allows Information Disclosure issue 4 of 6. In some cases, users without project permissions will receive emails after a project move. For private projects, this wi...

Microsoft Windows Edge/Internet Explorer - Isolated Private Namespace Insecure DACL Privilege Escalation (MS16-118)

/ Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=879 Windows: Edge/IE Isolated Private Namespace Insecure DACL EoP Platform: Windows 10 10586, Edge 25.10586.0.0 not tested 8.1 Update 2 or Windows 7 Class: Elevation of Privilege Summary: The isolated private namespace created by...

Microsoft Windows EdgeInternet Explorer - Isolated Private Namespace Insecure DACL Privilege Escalation (MS16-118)

Microsoft Windows EdgeInternet Explorer - Isolated Private Namespace Insecure DACL Privilege Escalation MS16-118 / Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=879 Windows: Edge/IE Isolated Private Namespace Insecure DACL EoP Platform: Windows 10 10586, Edge 25.10586.0.0 not...

Microsoft Windows Edge/Internet Explorer - Isolated Private Namespace Insecure Boundary Descriptor Privilege Escalation (MS16-118)

/ Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=878 Windows: Edge/IE Isolated Private Namespace Insecure Boundary Descriptor EoP Platform: Windows 10 10586, Edge 25.10586.0.0 not tested 8.1 Update 2 or Windows 7 Class: Elevation of Privilege Summary: The isolated private...

Microsoft Internet Explorer and Edge Remote Privilege Elevation Caveat

Microsoft Internet Explorer IE and Microsoft Edge are both web browsers developed by the American company Microsoft. The former is the default browser that came with operating systems before Windows 10, and the latter is the default browser that comes with the latest operating system, Windows 10...

DEBIAN-CVE-2010-3706

plugins/acl/acl-backend-vfile.c in Dovecot 1.2.x before 1.2.15 and 2.0.x before 2.0.5 interprets an ACL entry as a directive to add to the permissions granted by another ACL entry, instead of a directive to replace the permissions granted by another ACL entry, in certain circumstances involving t...