MAL-2026-543 Malicious code in tailwind-components-cli (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a3916984542c5471332406155adc38fde3d254e8748b6e65caa1b9680663602c The package tailwind-components-cli was found to contain malicious code. Source: ghsa-malware...

@saltcorn/cli (>=1.5.0-beta.0 <=1.5.0-beta.18), @saltcorn/mobile-builder (>=1.5.0-beta.0 <=1.5.0-beta.18) potentially affected by unknown CVE via @saltcorn/server (>=1.5.0-beta.0 <=1.5.0-beta.18)

@saltcorn/server NPM version =1.5.0-beta.0, =1.5.0-beta.0, =1.5.0-beta.0, =1.5.0-beta.18 Source cves: unknown CVE Source advisory: SNYK:JS-SALTCORNSERVER-15126139...

@saltcorn/cli (>=1.1.1 <=1.4.1-beta.3), @saltcorn/mobile-builder (>=1.1.1 <=1.4.1-beta.3) potentially affected by unknown CVE via @saltcorn/server (>=1.1.1 <=1.4.1)

@saltcorn/server NPM version =1.1.1, =1.1.1, =1.1.1, =1.4.1-beta.3 Source cves: unknown CVE Source advisory: SNYK:JS-SALTCORNSERVER-15126139...

@saltcorn/cli (>=1.1.1 <=1.4.1-beta.3), @saltcorn/mobile-builder (>=1.1.1 <=1.4.1-beta.3) +1 more potentially affected by unknown CVE via @saltcorn/admin-models (>=1.1.1 <=1.4.1)

@saltcorn/admin-models NPM version =1.1.1, =1.1.1, =1.1.1, =1.1.1, =1.4.1-beta.3 Source cves: unknown CVE Source advisory: SNYK:JS-SALTCORNADMINMODELS-15126138...

@saltcorn/cli (>=1.1.1 <=1.5.0-beta.18), @saltcorn/mobile-builder (>=1.1.1 <=1.5.0-beta.18) potentially affected by unknown CVE via @saltcorn/server (>=1.1.1 <=1.5.0-beta.18)

@saltcorn/server NPM version =1.1.1, =1.1.1, =1.1.1, =1.5.0-beta.18 Source cves: unknown CVE Source advisory: OSV:GHSA-CR3W-CW5W-H3FJ...

@saltcorn/cli (>=1.5.0-beta.0 <=1.5.0-beta.18), @saltcorn/mobile-builder (>=1.5.0-beta.0 <=1.5.0-beta.18) +1 more potentially affected by unknown CVE via @saltcorn/admin-models (>=1.5.0-beta.0 <=1.5.0-beta.18)

@saltcorn/admin-models NPM version =1.5.0-beta.0, =1.5.0-beta.0, =1.5.0-beta.0, =1.5.0-beta.0, =1.5.0-beta.18 Source cves: unknown CVE Source advisory: SNYK:JS-SALTCORNADMINMODELS-15126138...

AZL-75413 CVE-2025-11065 affecting package docker-cli 25.0.7-1

A flaw was found in github.com/go-viper/mapstructure/v2, in the field processing component using mapstructure.WeakDecode. This vulnerability allows information disclosure through detailed error messages that may leak sensitive input values via malformed user-supplied data processed in...

GHSA-8RRH-RW8J-W5FX vulnerabilities

Vulnerabilities for packages: mlflow, pypy-3.10, pypy-3.11, kubeflow-katib, open-webui, py3-setuptools, aws-cli, datadog-agent, kserve, semgrep, superset, emissary, tensorflow-cpu-jupyter, kubeflow-jupyter-web-app, pip-zipapp, dask-kubernetes, airflow...

GHSA-8RRH-RW8J-W5FX vulnerabilities

Vulnerabilities for packages: awx, py3-setuptools, duplicity, localstack, authentik-fips, apache-beam-python-3.11-sdk, pypy-3.11, tensorflow-gpu-jupyter, label-studio, datadog-agent-fips, kubeflow-katib, tritonserver-backend-vllm-cuda-12.9, request-1276, opal, emissary, kserve, aws-cli, authentik...

SUSE SLES12 Security Update : azure-cli-core (SUSE-SU-2026:0273-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2026:0273-1 advisory. - CVE-2025-24049: Fix improper neutralization of special elements used in a command which allows an unauthorized attacker to elevate...

CVE-2026-24117 vulnerabilities

Vulnerabilities for packages: gitsign, goreleaser, slsa-verifier, skaffold, tekton-chains, cosign, kubescape, aactl, crossplane, ratify, vexctl, spire-server, falcoctl, witness, flux-source-controller, teleport, kyverno-notation-aws, gh, trivy, tflint, kyverno, tkn, policy-controller, zarf, zot,...

SUSE-SU-2026:0273-1 Security update for azure-cli-core

This update for azure-cli-core fixes the following issues: - CVE-2025-24049: Fix improper neutralization of special elements used in a command which allows an unauthorized attacker to elevate privileges locally. bsc1239460...

CVE-2026-0775 npm cli Incorrect Permission Assignment Local Privilege Escalation Vulnerability

npm cli Incorrect Permission Assignment Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of npm cli. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploi...

CVE-2026-0775

The CVE-2026-0775 entry concerns npm cli. Affected component: the module-loading path in npm cli, where modules are loaded from an unsecured location. Root cause: incorrect permission assignment that allows a local attacker who can run low-privileged code to escalate privileges and execute arbitr...

CVE-2026-0775

npm cli Incorrect Permission Assignment Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of npm cli. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploi...

CVE-2026-0775

npm cli Incorrect Permission Assignment Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of npm cli. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploi...

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the /api/v1/index/retrieve endpoint. An attacker can scan internal network resources by sending GET requests to retrieve a public key. Since only GET requests are allowed for this endpoint, it is not...

Azure Linux 3.0 Security Update: dcos-cli (CVE-2020-26160)

The version of dcos-cli installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2020-26160 advisory. - jwt-go before 4.0.0-preview1 allows attackers to bypass intended access restrictions in situations with...

Azure Linux 3.0 Security Update: gh (CVE-2025-48938)

The version of gh installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-48938 advisory. - go-gh is a collection of Go modules to make authoring GitHub CLI extensions easier. A security vulnerability has...

CVE-2025-33228

A flaw was found in NVIDIA Nsight Systems. This vulnerability allows a local attacker to achieve arbitrary code execution by manually invoking the processnsysrepcli.py script with a malicious string. This OS command injection can lead to privilege escalation, data tampering, denial of service, an...