Malicious Package

Overview iron-overlay-behavior is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

MAL-2026-1311 Malicious code in iron-menu-behavior (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4c995f11c44e1f5cd41f7a3c63d4070a2d738168a7fcc5a61f8f9e8ddbd6f00c The package iron-menu-behavior was found to contain malicious code. Source: ghsa-malware...

Malicious code in iron-fit-behavior (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 67d3440b6e1d8f6bfca21cf53c207a766d966cc2ba5033d8557c044c91a8b950 The package iron-fit-behavior was found to contain malicious code. Source: ghsa-malware...

Malicious code in iron-overlay-behavior (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1f1c6c5a0c7da957deff9af5f6e981a6d5cf588394ad85aaaa9456657d49604e The package iron-overlay-behavior was found to contain malicious code. Source: ghsa-malware...

MAL-2026-1307 Malicious code in iron-fit-behavior (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 67d3440b6e1d8f6bfca21cf53c207a766d966cc2ba5033d8557c044c91a8b950 The package iron-fit-behavior was found to contain malicious code. Source: ghsa-malware...

MAL-2026-1312 Malicious code in iron-overlay-behavior (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1f1c6c5a0c7da957deff9af5f6e981a6d5cf588394ad85aaaa9456657d49604e The package iron-overlay-behavior was found to contain malicious code. Source: ghsa-malware...

PT-2026-24611

Apache Maven will follow repositories that are defined in a dependency’s Project Object Model pom which may be surprising to some users, resulting in potential risk if a malicious actor takes over that repository or is able to insert themselves into a position to pretend to be that repository...

PT-2026-24617

Summary An off-by-one write in Envoy::JsonEscaper::escapeString can corrupt std::string null-termination, causing undefined behavior and potentially leading to crashes or out-of-bounds reads when the resulting string is later treated as a C-string. Details The bug is in the control-character...

PT-2026-24378

Name of the Vulnerable Software and Affected Versions Envoy versions prior to 1.34.13 Envoy versions prior to 1.35.8 Envoy versions prior to 1.36.5 Envoy versions prior to 1.37.1 Description Envoy is a high-performance edge/middle/service proxy. An off-by-one write in the...

ProvAgent: Threat Detection Based on Identity-Behavior Binding and Multi-Agent Collaborative Attack Investigation

Advanced Persistent Threats APTs pose critical challenges to modern cybersecurity due to their multi-stage and stealthy nature. While provenance-based detection approaches show promise in capturing causal attack semantics, current threat provenance practices face two paradoxical issues: 1 expert...

SAP Customer Checkout 安全漏洞

SAP Customer Checkout is a sales terminal management system for retail and catering scenarios developed by the German company SAP. There is a security vulnerability in SAP Customer Checkout. This vulnerability stems from the use of a reversible protection mechanism to locally store operation data...

EulerOS 2.0 SP13 : python-requests (EulerOS-SA-2026-1294)

According to the versions of the python-requests package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Requests is a HTTP library. Prior to 2.32.0, when making requests through a Requests Session, if the first request is made with verify=Fal...

firefox: thunderbird: Undefined behavior in the DOM: Core & HTML component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Undefined behavior in the DOM: Core & HTML component...

firefox: thunderbird: Undefined behavior in the DOM: Core & HTML component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Undefined behavior in the DOM: Core & HTML component...

CLSA-2026-1773048865 kernel: Fix of 53 CVEs

xhci: Remove device endpoints from bandwidth list when freeing the device CVE-2022-50470 - HID: multitouch: Add NULL check in mtinputconfigured CVE-2024-58020 - netfilter: nftsetpipapo: clamp maximum map bucket size to INTMAX CVE-2025-38201 - fs: writeback: fix use-after-free in markinodedirty...

firefox: thunderbird: Undefined behavior in the DOM: Core & HTML component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Undefined behavior in the DOM: Core & HTML component...

firefox: thunderbird: Undefined behavior in the DOM: Core & HTML component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Undefined behavior in the DOM: Core & HTML component...

firefox: thunderbird: Undefined behavior in the DOM: Core & HTML component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Undefined behavior in the DOM: Core & HTML component...

firefox: thunderbird: Undefined behavior in the DOM: Core & HTML component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Undefined behavior in the DOM: Core & HTML component...

firefox: thunderbird: Undefined behavior in the DOM: Core & HTML component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Undefined behavior in the DOM: Core & HTML component...