Malicious Package

Overview forge-jsx2 is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...

CVE-2026-50571

creationtimestamp| type| source ---|---|--- 2026-06-08 12:27:23+00:00| seen| https://www.cert.at/de/warnungen/2026/6/angriffe-gegen-checkpoint-vpn-losungen-hotfix-verfugbar...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from improper setting of vmaflags in the vb2dmasgmmap function within media videobuf2. This...

PT-2026-46381

Unauthenticated Local File Inclusion in Truemag = 4.3.14.2 versions...

MAL-2026-4616 Malicious code in muaddib-scanner (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c8eea5d3ed390c4c82b5bfa89ac220f1d424fcaebe70fe71bbbe3bce66f0f48f package.json declares "loadash": "^1.0.0" as a runtime dependency. loadash is a well-known typosquat of lodash and is never required or imported...

XSS-Payload-Generator

XSS-Payload-Generator user guide 0. This script is an XSS payl...

Malicious Package

Overview @bcs-react-ui/select is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

Malicious Package

Overview frank-newton3-user-hunt is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this packa...

Upsonic: remote code execution vulnerability in its MCP server/task creation functionality

Upsonic 0.71.6 contains a remote code execution vulnerability in its MCP server/task creation functionality. The application allows users to define MCP tasks with arbitrary command and args values. Although an allowlist exists, certain allowed commands npm, npx accept argument flags that enable...

is-localhost-ip 2.0.0 - SSRF

Titles: is-localhost-ip 2.0.0 - SSRF Author: nu11secur1ty Date: 11/09/2025 Vendor: https://github.com/tinovyatkin/is-localhost-ip Software: https://github.com/tinovyatkin/is-localhost-ip/releases/tag/v2.0.0 Reference: https://portswigger.net/web-security/ssrf Description: SSRF PoC — Professional...

PT-2026-29591

https://t.co/UOa9QBXyfb BSI: Critical SharePoint vulnerability is being actively attacked The German Federal Office for Information Security BSI is warning of a critical vulnerability in Microsoft SharePoint version 9.8 CVE-2026-238220-1032 that, according to available ev… https://t.co/QFBtTAIUNm...

Malicious Package

Overview testtestsharp is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

PT-2026-24428

Name of the Vulnerable Software and Affected Versions Unraid affected versions not specified Description A path traversal flaw exists in the Unraid update request handling mechanism. This issue could allow for remote code execution. The vulnerability is related to the handling of update requests,...

CVE-2026-2451 Unsafe variable evaluation in email templates

Emails sent by pretix can utilize placeholders that will be filled with customer data. For example, when name is used in an email template, it will be replaced with the buyer's name for the final email. This mechanism contained a security-relevant bug: It was possible to exfiltrate information...

CVE-1999-0590

A system does not present an appropriate legal message or warning to a user who is accessing it...

Malicious Package

Overview nodenetbanxsdk is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

Malicious code in posthog-node (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c2ec4a50c0b553e9abbcc25147ad50014cf1488415e1ec8e3234f3e9bb3cc24e The package posthog-node was found to contain malicious code. Source: google-open-source-security...

EUVD-2025-177848

Malicious code in meteor-zephyr-singularitarianism-local npm...

EUVD-2025-50823

Parse Server allows public explain queries which may expose sensitive database performance information and schema details...

EUVD-2025-133941

Malicious code in lookingan-nanakila32 npm...