MAL-2026-5642 Malicious code in optional-cpu-features (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4dbbb7dd9c604ef3e5782d477d4db7c04c50f7906b19af03e63a540e0a44166e On npm install, both the install and postinstall lifecycle scripts run node install.js, which requires lib/sync.js. That file hardcodes BASE =...

Malicious code in @refactco/refact-os (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 072881a1fd9241acfcd601ad5387b0338a26ff4828763658c3840b43a3cedb1c Running this package's refact-os init CLI scaffolds AI-editor hook configurations .claude/settings.json, .cursor/hooks.json and copies two Python hoo...

EUVD-2017-14732

Malware in sbrugna...

EUVD-2019-7945

Malware in sbrugna...

EUVD-2019-8877

Malware in sbrugna...

CVE-2013-5183

Mail in Apple Mac OS X before 10.9, when Kerberos authentication is enabled and TLS is disabled, sends invalid cleartext data, which allows remote attackers to obtain sensitive information by sniffing the network...

CVE-2019-17633

For Eclipse Che versions 6.16 to 7.3.0, with both authentication and TLS disabled, visiting a malicious web site could trigger the start of an arbitrary Che workspace. Che with no authentication and no TLS is not usually deployed on a public network but is often used for local installations e.g. ...