728 matches found
CVE-2026-54232
vLLM is an inference and serving engine for large language models LLMs. Prior to 0.22.1, the vLLM Dockerfile is vulnerable to a dependency confusion attack through the flashinfer-jit-cache package. The package is installed from a custom index flashinfer.ai/whl/ using --extra-index-url, but the...
CVE-2026-48787
gin-vue-admin is an AI-assisted basic development platform. In version 2.9.1, an authenticated attacker with access to the code-generation feature and MCP management interface can exploit this vulnerability by injecting attacker-controlled Go source code through POST /autoCode/addFunc, and then...
Malicious code in enquriers (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 17ff0053c1f18c2d4e2e555119e16463f85cfb7f0c564d64d222a80a84763639 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2026-5380 Malicious code in @doaction/sudo-prompt (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 488a945e315d4824a3cc9dbb099b6eb414d12692164cb2c965626725ff64776a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Securing Code Understanding: Detecting Natural Backdoor Vulnerability in Code Language Models
Code Language Models CodeLMs have become integral to software engineering, significantly advancing code intelligence tasks. However, their widespread adoption has raised critical security concerns, particularly regarding susceptibility to backdoor attacks. Recent studies have uncovered naturally...
CVE-2026-3623
IBM Netezza Performance Server Replication Services 3.0.2.0 through 3.0.5.0 allows an attacker with low‑privileged access to escalate their privileges to root. By exploiting this flaw, the attacker can execute root‑level commands, obtain a root shell, and change the root user’s password. Successf...
MAL-2026-5249 Malicious code in eslint-plugin-executable-stories-vitest (npm)
--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security a6c7977dbc054cdb7fe56da0d2fbd26e2a6fed695deb4263ccbf4adfedd86acb The Miasma malware is a self-propagating worm that spreads across the npm registry by abusing weaponized binding.gyp files to achieve...
Malicious code in awaitly-analyze (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b77cddba130960f19c0c0b71b952811cc8dabd41e848d5305497cd16757ba2e3 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in awaitly (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a2af5864a1d317bcc70096c02229d56d855d608e28196b1ed98c7884be7a2ab6 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in autotel-edge (npm)
--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security a6c7977dbc054cdb7fe56da0d2fbd26e2a6fed695deb4263ccbf4adfedd86acb The Miasma malware is a self-propagating worm that spreads across the npm registry by abusing weaponized binding.gyp files to achieve...
Malicious code in executable-stories-react (npm)
--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security a6c7977dbc054cdb7fe56da0d2fbd26e2a6fed695deb4263ccbf4adfedd86acb The Miasma malware is a self-propagating worm that spreads across the npm registry by abusing weaponized binding.gyp files to achieve...
MAL-2026-5232 Malicious code in autotel-vitest (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a7ed70ee4bddaee59149fdb7664c71d6efcc8c74cbd82bb652ed593b8d6a457d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in @ethlete/theming (npm)
--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security a6c7977dbc054cdb7fe56da0d2fbd26e2a6fed695deb4263ccbf4adfedd86acb The Miasma malware is a self-propagating worm that spreads across the npm registry by abusing weaponized binding.gyp files to achieve...
MAL-2026-5236 Malicious code in awaitly-libsql (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 8640c7faedaba5674fde930cc8cc5b3577ec005ca77d404cc355540feae8a024 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in @ethlete/core (npm)
--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security a6c7977dbc054cdb7fe56da0d2fbd26e2a6fed695deb4263ccbf4adfedd86acb The Miasma malware is a self-propagating worm that spreads across the npm registry by abusing weaponized binding.gyp files to achieve...
Malicious code in autotel-adapters (npm)
--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security a6c7977dbc054cdb7fe56da0d2fbd26e2a6fed695deb4263ccbf4adfedd86acb The Miasma malware is a self-propagating worm that spreads across the npm registry by abusing weaponized binding.gyp files to achieve...
Malicious code in node-env-resolver-nextjs (npm)
--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security a6c7977dbc054cdb7fe56da0d2fbd26e2a6fed695deb4263ccbf4adfedd86acb The Miasma malware is a self-propagating worm that spreads across the npm registry by abusing weaponized binding.gyp files to achieve...
Malicious code in @forjacms/sections-react (npm)
--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security a6c7977dbc054cdb7fe56da0d2fbd26e2a6fed695deb4263ccbf4adfedd86acb The Miasma malware is a self-propagating worm that spreads across the npm registry by abusing weaponized binding.gyp files to achieve...
Malicious code in autotel-backends (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 1cbe11cbd14e7794536aed312f47ea564e12364341248e062540dfa14a49e677 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in executable-stories-vitest (npm)
--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security a6c7977dbc054cdb7fe56da0d2fbd26e2a6fed695deb4263ccbf4adfedd86acb The Miasma malware is a self-propagating worm that spreads across the npm registry by abusing weaponized binding.gyp files to achieve...