3245 matches found
MAL-2026-10613 Malicious code in ethereum-lib-utils (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 58bddf420dcb894a940b62fba777628f0c3a9d31dd7fa915afaea618c1914d52 Package [email protected] impersonates the widely-used ethereumjs-util library: the package name, README badge, repository, homepage, and auth...
MAL-2026-10612 Malicious code in assertion-utils-js (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 311d22d9694863456136cf4f8b69a291fdbb631eda56bafca1959e0c184774a1 assertion-utils-js is a typosquat of chai name, description, and keywords mirror the real package. On require, index.js spawns a detached Node child...
EUVD-2026-43541
Glarysoft Glary Utilities Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Glarysoft Glary Utilities. An attacker must first obtain the ability to execute low-privileged code on the target system...
CVE-2026-15684
Glarysoft Glary Utilities Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Glarysoft Glary Utilities. An attacker must first obtain the ability to execute low-privileged code on the target system...
CVE-2026-15684
CVE-2026-15684 affects Glarysoft Glary Utilities. The flaw resides in the Disk Clean functionality, where an attacker who can run low-privileged code can abuse a folder junction to delete arbitrary files, enabling a local privilege escalation to SYSTEM and potential arbitrary code execution. The ...
CVE-2026-15684 Glarysoft Glary Utilities Link Following Local Privilege Escalation Vulnerability
Glarysoft Glary Utilities Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Glarysoft Glary Utilities. An attacker must first obtain the ability to execute low-privileged code on the target system...
USN-8496-3 cifs-utils vulnerability
USN-8496-1 fixed vulnerabilities in cifs-utils. The update caused a regression and was backed out in USN-8496-2. This update reintroduces the security fix, along with a fix for the regression. Original advisory details: It was discovered that cifs-utils incorrectly dropped root privileges before...
org.codehaus.plexus:plexus-utils: Plexus-utils: Directory Traversal in extractFile method
A flaw was found in plexus-utils. This vulnerability, known as a Directory Traversal, exists within the extractFile method. An attacker can exploit this to execute unauthorized code on the system in the context of the current working user...
org.codehaus.plexus:plexus-utils: Plexus-utils: Directory Traversal in extractFile method
A flaw was found in plexus-utils. This vulnerability, known as a Directory Traversal, exists within the extractFile method. An attacker can exploit this to execute unauthorized code on the system in the context of the current working user...
TencentOS Server 4: cifs-utils (TSSA-2026:0552)
The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2026:0552 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...
CVE-2026-55471
CVE-2026-55471 concerns HAPI FHIR’s XsltUtilities.sax(on)Transform overloads, which historically instantiate a bare net.sf.saxon.TransformerFactoryImpl() without external-access restrictions. This enables XML External Entity (XXE) processing, allowing local file disclosure and blind XXE/SSRF when...
CVE-2026-15033 christopherthielen check-peer-dependencies peerDependencies packageUtils.js shelljs.exec os command injection
A flaw has been found in christopherthielen check-peer-dependencies up to 4.3.4. Affected by this vulnerability is the function shelljs.exec of the file dist/packageUtils.js of the component peerDependencies. This manipulation causes os command injection. The attack may be initiated remotely. The...
Malicious code in notifier-utils (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6a5846e3c26fdded8225d54ec017b01be255353470c39a780bbd9b556c059120 The package presents itself as a pino-compatible logger README, keywords, and a module.exports.pino alias mirror the pino identity, and lib/ replicat...
MAL-2026-6923 Malicious code in notifier-utils (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6a5846e3c26fdded8225d54ec017b01be255353470c39a780bbd9b556c059120 The package presents itself as a pino-compatible logger README, keywords, and a module.exports.pino alias mirror the pino identity, and lib/ replicat...
RHSA-2026:35991 Red Hat Security Advisory: plexus-utils security update
Bulletin has no description...
Fedora 45 : cifs-utils (2026-90dbff48ca)
The remote Fedora 45 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-90dbff48ca advisory. Automatic update for cifs-utils-7.6-2.fc45. Changelog Mon Jul 6 2026 Paulo Alcantara - 7.6-2 - cifs.upcall: fix regression with kerberos mounts - Resolves:...
EUVD-2026-24981
rm: --preserve-root bypassed via a symlink to / string check instead of dev/inode...
MAL-2026-6903 Malicious code in windrule-utils (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 12204dba8f73baf0bb7f6ce1ebd80bb2ce689752abaea290e1429aed4037bb9c No suspicious behaviors were observed in this package version. There are no lifecycle scripts fetching or executing remote code, no hardcoded...
Malicious code in windrule-utils (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 12204dba8f73baf0bb7f6ce1ebd80bb2ce689752abaea290e1429aed4037bb9c No suspicious behaviors were observed in this package version. There are no lifecycle scripts fetching or executing remote code, no hardcoded...
MAL-2026-6899 Malicious code in twcompose-utils (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 096d151917a14021013de8dbd595466944a677be49ee8ca4b3ed94de63d85cd9 The package's main entry point src/index.js contains heavily obfuscated JavaScript at line 138 using a classic string-array shuffle pattern while!!...