Malicious code in @3stripes/core (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector af3a9f22040b78bb5d4973940dff6f5acad0f3a338e26c8f025ca96245acacc9 The package @3stripes/core was found to contain malicious code...

CVE-2026-25219

creationtimestamp| type| source ---|---|--- 2026-04-15 15:32:31+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mjk7qcmrjv2g 2026-04-15 15:50:32+00:00| seen| https://bsky.app/profile/infosec.skyfleet.blue/post/3mjkaqjucrm2t...

tp-xss

TP - Exploitation d'une Faille XSS Enonce du professeur...

CVE-2026-27292

creationtimestamp| type| source ---|---|--- 2026-04-15 01:19:06+00:00| seen| Telegram/dGt1m22sw1SGsA9Eug0OSHT5OJOK3joaNLENVhZetMIBpOs 2026-04-15 11:59:56+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mjjtu5mxyn2k 2026-04-16 00:07:07+00:00| seen|...

CVE-2026-27288

creationtimestamp| type| source ---|---|--- 2026-04-15 00:18:27+00:00| seen| https://bsky.app/profile/adobedigest.bsky.social/post/3mjimntrqsi2i...

PT-2026-33010

🔒 CyberSecurity CVE-2024-44738 & CVE-2024-44337: n8n Workflow Automation Critical Flaws — Detec… "Security Arsenal’s analysis of the recent Pillar Security disclosure regarding n8n…" 🔗 https://t.co/U8qg6uYpWr CyberSecurity ThreatIntel alertfatigue triage alertmonitor...

CVE-2026-22828

creationtimestamp| type| source ---|---|--- 2026-04-14 16:51:22+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mjhtoef7zj2m 2026-04-14 17:28:08+00:00| seen| Telegram/Vdpd7lT308fxiW1s76LVsqR9F6P793RnQqd0qJzf2KghFE 2026-04-14 17:28:30+00:00| seen|...

CVE-2025-65135

creationtimestamp| type| source ---|---|--- 2026-04-14 16:43:34+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mjhtagncml2g 2026-04-14 16:51:37+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mjhtosxxmr2s...

Malicious Package

Overview pinstatsd is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...

CVE-2025-13822

creationtimestamp| type| source ---|---|--- 2026-04-14 03:55:00+00:00| seen| https://cert.pl/en/posts/2026/04/CVE-2025-13822 2026-04-15 09:42:12+00:00| seen| https://infosec.exchange/users/vuldb/statuses/116408066492828654...

CVE-2026-27681

creationtimestamp| type| source ---|---|--- 2026-04-14 01:00:04+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mjg6jaq2s42h 2026-04-14 01:15:38+00:00| published-proof-of-concept| Telegram/j1YKUKFGBq5wmef4QEbA7k-TdRl9f0BaDNzVfGs6U0ZXPS4 2026-04-14 01:30:30+00:00| seen|...

Photon OS 5.0: Sudo PHSA-2026-5.0-0815

An update of the sudo package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2026-5.0-0815. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

EUVD-2025-209417

Nitro PDF Pro for Windows 14.41.1.4 contains a NULL pointer dereference vulnerability in the JavaScript implementation of app.alert. When app.alert is called with more than one argument and the first argument evaluates to null for example, app.alertapp.activeDocs, true when app.activeDocs is null...

CVE-2026-6187

creationtimestamp| type| source ---|---|--- 2026-04-13 18:01:52+00:00| seen| Telegram/TSErhlT2llNPXhNLnZaIvAkEA2gU1lz2cwoIEiu2S6bYw...

CVE-2025-13025

creationtimestamp| type| source ---|---|--- 2026-04-13 17:59:50+00:00| seen| Telegram/v-1AydXySxiNxE6SaFVPXOMgwh9lcyinlmzJXhWqHW4...

CVE-2025-69624

Nitro PDF Pro for Windows 14.41.1.4 contains a NULL pointer dereference vulnerability in the JavaScript implementation of app.alert. When app.alert is called with more than one argument and the first argument evaluates to null for example, app.alertapp.activeDocs, true when app.activeDocs is null...

EUVD-2026-21978

Dag Authors, who normally should not be able to execute code in the webserver context could craft XCom payload causing the webserver to execute arbitrary code. Since Dag Authors are already highly trusted, severity of this issue is Low. Users are recommended to upgrade to Apache Airflow 3.2.0,...

Malicious Package

Overview etsy-advocacy is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

CVE-2026-36872

creationtimestamp| type| source ---|---|--- 2026-04-13 15:05:09+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mjf5bjmcxn2o...

CERTFR-2026-ACT-017

creationtimestamp| type| source ---|---|--- 2026-04-13 13:44:42+00:00| seen| https://bsky.app/profile/cert-fr.bsky.social/post/3mjeyroej5f2c 2026-04-13 13:44:48+00:00| seen| https://social.numerique.gouv.fr/users/certfr/statuses/116397695370532777 2026-04-13 13:57:52+00:00| seen|...