MAL-2026-1690 Malicious code in chain-promised-cli (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 905259914ab893ce8ca6d455af186ca553bb76d253657ea9f38457798519c708 The package chain-promised-cli was found to contain malicious code...

MAL-2026-1687 Malicious code in chain-cli-promised (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8f7e399daf13fda688fc1a6bb911c0bf7582ef52fff3eb5af58fbd8c0934b88a The package chain-cli-promised was found to contain malicious code...

Malicious code in chain-cli-promised (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8f7e399daf13fda688fc1a6bb911c0bf7582ef52fff3eb5af58fbd8c0934b88a The package chain-cli-promised was found to contain malicious code...

MAL-2026-1681 Malicious code in chai-promised-cli (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 48b1d1fa87c7390aa0257628dfbbff9d4a72745789925a041968bcd789764340 The package chai-promised-cli was found to contain malicious code...

Malicious code in chai-promised-cli (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 48b1d1fa87c7390aa0257628dfbbff9d4a72745789925a041968bcd789764340 The package chai-promised-cli was found to contain malicious code...

Malicious code in chai-cli-async (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1d9f4be84db26d0ce71d5bcfda424b1af08abddc37c23d3a2ef2b4263534fde2 The package chai-cli-async was found to contain malicious code...

MAL-2026-1677 Malicious code in chai-cli-async (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1d9f4be84db26d0ce71d5bcfda424b1af08abddc37c23d3a2ef2b4263534fde2 The package chai-cli-async was found to contain malicious code...

MAL-2026-1674 Malicious code in chai-await-cli (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector eba2ac08d1a163026221030089df15f1e10a15be587c27714e659f4a98ec51bf The package chai-await-cli was found to contain malicious code...

CVE-2026-22321

A stack-based buffer overflow in the device's Telnet/SSH CLI login routine occurs when a unauthenticated attacker send an oversized or unexpected username input. An overflow condition crashes the thread handling the login attempt, forcing the session to close. Because other CLI sessions remain...

CVE-2026-22321 Stack-Based Buffer Overflow in CLI Login Username Handling over CLI

A stack-based buffer overflow in the device's Telnet/SSH CLI login routine occurs when a unauthenticated attacker send an oversized or unexpected username input. An overflow condition crashes the thread handling the login attempt, forcing the session to close. Because other CLI sessions remain...

CVE-2026-22320

A stack-based buffer overflow in the CLI’s TFTP file-transfer command handling can be triggered by a low-privileged attacker with Telnet/SSH access by supplying an unexpected or oversized filename input. This memory corruption affects the internal buffer, rendering the CLI and web dashboard unava...

PT-2026-26315

Name of the Vulnerable Software and Affected Versions Grafana Tempo versions prior to 2.10.3 Description A flaw exists in Grafana Tempo that results in the exposure of the S3 SSE-C encryption key in plaintext. This exposure occurs through the /status/config API endpoint. Successful exploitation...

OPENSUSE-SU-2026:10390-1 tempo-cli-2.10.3-1.1 on GA media

These are all security issues fixed in the tempo-cli-2.10.3-1.1 package on the GA media of openSUSE Tumbleweed...

Exploit for Deserialization of Untrusted Data in Facebook React

CVE-2025-55182RCEExploit REC Exploit is a Python-based secur...

Malicious code in dazaar-cli (npm)

The package 'dazaar-cli' is part of the PhantomRaven supply chain attack campaign Wave 2. It uses a Remote Dynamic Dependency RDD technique: the published package appears benign but includes a URL-based dependency in package.json pointing to an attacker-controlled C2 server npm.jpartifacts.com...

MAL-2026-1545 Malicious code in dazaar-cli (npm)

The package 'dazaar-cli' is part of the PhantomRaven supply chain attack campaign Wave 2. It uses a Remote Dynamic Dependency RDD technique: the published package appears benign but includes a URL-based dependency in package.json pointing to an attacker-controlled C2 server npm.jpartifacts.com...

Cisco IOS XR Software CLI Privilege Escalation (cisco-sa-iosxr-privesc-bF8D5U4W) (CVE-2026-20046)

According to its self-reported version, Cisco IOS XR is affected by a vulnerability. - A vulnerability in task group assignment for a specific CLI command in Cisco IOS XR Software could allow an authenticated, local attacker to elevate privileges and gain full administrative control of an affecte...

Malicious code in cline (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 38d7531f4d4af07fee607e1d2985d0ea5b41dbf28cca5bc16c8457934e372f86 The package cline was found to contain malicious code. Source: google-open-source-security...

TinaCMS CLI has Arbitrary File Read via Disabled Vite Filesystem Restriction

Summary The TinaCMS CLI dev server configures Vite with server.fs.strict: false, which disables Vite's built-in filesystem access restriction. This allows any unauthenticated attacker who can reach the dev server to read arbitrary files on the host system Details When running tinacms dev, the CLI...

GHSA-M48G-4WR2-J2H6 TinaCMS CLI has Arbitrary File Read via Disabled Vite Filesystem Restriction

Summary The TinaCMS CLI dev server configures Vite with server.fs.strict: false, which disables Vite's built-in filesystem access restriction. This allows any unauthenticated attacker who can reach the dev server to read arbitrary files on the host system Details When running tinacms dev, the CLI...