209 matches found
CVE-2026-28564
creationtimestamp| type| source ---|---|--- 2026-07-10 10:58:20+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mqbyj7nlat2y 2026-07-10 12:15:27+00:00| seen| https://www.incibe.es/incibe-cert/alerta-temprana/vulnerabilidades/cve-2026-28564 2026-07-10 13:10:06+00:00| seen|...
CVE-2026-11798
creationtimestamp| type| source ---|---|--- 2026-07-08 08:24:07+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mq4oxlcgr72q...
CVE-2026-52188
creationtimestamp| type| source ---|---|--- 2026-07-03 17:22:06+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mpr2oxwnpc2f...
Malicious code in @marketfront/bannerpopup (npm)
The @marketfront/bannerpopup package is part of a 25-package malicious campaign batch-published to the @marketfront npm scope by npm user 'marketfront' [email protected] within a roughly 3-minute window on 2026-07-01. All packages in the campaign were published at version 7.0.0 and use...
MAL-2026-5983 Malicious code in metrics-probe-dc85 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector aaa3316d23c1a348fb5c68a36eb775ca51f90d0e44973508dd5a8ba5a139e932 On install, package.json declares postinstall: node run.js, which auto-executes run.js when the package is installed. run.js imports os, fs, http,...
Malicious code in neural-network-scan (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 898c75e5a6ae94d115820736ffd2ca4cb948f72655d5c0175a3432cec835768c The package ships a collect.js script that imports childprocess and performs an HTTP POST carrying host identifiers hostname referenced multiple time...
Malicious code in oa-crm-webapi (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 00cdaf89f7ae5fd12400ea55acd4849e8e5095dfc51188d3339ecdfa5dc0f2a1 [email protected] is a dependency-confusion payload squatting an internal-sounding package name. package.json declares a postinstall hook node...
MAL-2026-5423 Malicious code in @nstrlabs/utils (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 36d8d7c327560bb7a4c08d906db240a2dc146e20f828d9dfc5ab79497b155355 On npm install, the package's preinstall script node index.js || true executes automatically and collects host identifiers from the installer's machi...
MAL-2026-5418 Malicious code in @nstrlabs/api-client (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector de7b47a7f81209dbbaff286599b46f4f030ff992b6d0c25d947cc84739b838d9 @nstrlabs/[email protected] is a hollow package whose only behavior is an install-time exfiltration beacon. package.json declares "preinstall": "node...
MAL-2026-5422 Malicious code in @nstrlabs/shared-components (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector efc72373a5a06d31becb2dd02ced949866c9da14ae6d0bfdb3b4f4c882e40445 On npm install, the package's preinstall script runs index.js, which collects host identifiers os.hostname, os.userInfo.username, dirname, process.cw...
MAL-2026-5419 Malicious code in @nstrlabs/auth (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 608be3457e7c809e60c1b76b9406489652f0ef708bfb97db2b6e0bb92b6836c2 On npm install, the package's preinstall hook node index.js || true, declared in package.json automatically collects host identifiers — os.hostname,...
MAL-2026-5427 Malicious code in @payment-review/store (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2d624eaefbb0245bf0c9a7b598c461a3ba5ec48005cfec223898062741ef8c2e package.json declares preinstall: node index.js || true, so installing the package automatically runs index.js on npm install. The script collects ho...
Malicious code in @klapp-about/routes (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 715f07e0a1984fc9eb7d6432fc2491b08139755426b3c8905ba2d9274e2d4875 On npm install, the package's preinstall hook node index.js collects host and user identity data — os.hostname, os.userInfo.username, dirname,...
Malicious code in @klapp-login-platform/oidc (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6c2b86b9675d4d22e101f4f10f521cc36069ecebd1680d4c3ecfa0c04e8169da On npm install, the package executes node index.js via its preinstall hook. index.js collects the installer's hostname os.hostname, username...
MAL-2026-5414 Malicious code in @klapp-login-platform/oidc (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6c2b86b9675d4d22e101f4f10f521cc36069ecebd1680d4c3ecfa0c04e8169da On npm install, the package executes node index.js via its preinstall hook. index.js collects the installer's hostname os.hostname, username...
CVE-2026-10731
creationtimestamp| type| source ---|---|--- 2026-06-09 11:52:38+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mnu53r2lny2v...
CVE-2018-25422
creationtimestamp| type| source ---|---|--- 2026-05-30 17:07:23+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mn3jzf4v5u2e...
MAL-2026-4629 Malicious code in openmct-couch-plugin (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ce8eff366d17efa64bf8605941d009d01cf7a24aaf011af30faec449fc4a2e28 On npm install, the package's preinstall script runs node index.js and then curls the output of hostname && whoami to...
CVE-2026-7841
A remote code execution vulnerability exists in Notification Settings on GeoVision GV-ASWeb 6.2.0. An authenticated user with System Setting permissions can execute arbitrary commands on the server by sending a crafted HTTP POST request to the ASWebCommon.srf backend endpoint to bypass the fronte...
Gotenberg 代码问题漏洞
Gotenberg is an open-source, developer-friendly API developed by Gotenberg. It is used to convert various document formats into PDF files. Version 8.29.1 of Gotenberg contains a code vulnerability. This vulnerability stems from the FilterDeadline function, which returns nil unconditionally when...