Malicious Package

Overview kc-fe-cli is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...

@alephium/cli (>=0.38.0 <=0.45.0), @alephium/get-extension-wallet (>=0.38.0 <=0.45.0) +20 more potentially affected by CVE-2026-1245 via binary-parser (>=2.0.3 <=2.2.1)

binary-parser NPM version =2.0.3, =0.38.0, =0.38.0, =0.38.0, =0.30.0-beta.1, =0.38.0, =0.38.0, =0.38.0, =0.22.0, =0.0.2, =1.4.1, =0.8.0, =1.13.0, =1.0.0, =2.1.1 and more Source cves: CVE-2026-1245 Source advisory: SNYK:JS-BINARYPARSER-15046328...

CVE-2025-33228

NVIDIA Nsight Systems contains a vulnerability in the gfxhotspot recipe, where an attacker could cause an OS command injection by supplying a malicious string to the processnsysrepcli.py script if the script is invoked manually. A successful exploit of this vulnerability might lead to code...

CVE-2025-33228

NVIDIA Nsight Systems contains a vulnerability in the gfxhotspot recipe, where an attacker could cause an OS command injection by supplying a malicious string to the processnsysrepcli.py script if the script is invoked manually. A successful exploit of this vulnerability might lead to code...

CVE-2025-33228

CVE-2025-33228 affects NVIDIA Nsight Systems, specifically a vulnerability in the gfx_hotspot recipe that allows an OS command injection by feeding a malicious string to the process_nsys_rep_cli.py script when invoked manually. A successful exploit could lead to code execution, privilege escalati...

actpdf (>=0.1.0 <=0.12.0), agenticmem (>=0.1.4.1 <=0.1.5.0) +212 more potentially affected by CVE-2025-68616 via weasyprint (>=0.28.0 <=67.0.0)

weasyprint PYPI version =0.28.0, =0.1.0, =0.1.4.1, =0.5.0, =0.1.1, =0.1.1, =0.1.0, =0.5.0, =1.1.0, =0.1.0, =0.7.0, =0.10.0a68 and more Source cves: CVE-2025-68616 Source advisory: SNYK:PYTHON-WEASYPRINT-15035957...

@blockchain-lab-um/ssi-snap (>=1.0.3 <=1.0.7), @i3m/base-wallet (>=1.1.0 <=2.6.1) +50 more potentially affected by unknown CVE via @veramo/data-store (>=0.0.42 <=5.6.0)

@veramo/data-store NPM version =0.0.42, =1.0.3, =1.1.0, =1.1.0, =1.2.0, =1.1.0, =0.2.0, =1.0.0, =1.5.0, =1.5.1, =0.0.1, =0.11.1-next.4, =0.2.1-next.13, =0.8.1-next.272, =0.11.0 and more Source cves: unknown CVE Source advisory: OSV:GHSA-38CW-85XC-XR9X...

deno_cli (>=0.18.0-preview4 <=0.23.0), deno_cli_snapshots (>=0.0.3 <=0.19.0) +2 more potentially affected by CVE-2026-22864 via deno (>=0.15.0 <=0.6.0)

deno CARGO version =0.15.0, =0.18.0-preview4, =0.0.3, =0.0.1, =0.23.0 Source cves: CVE-2026-22864 Source advisory: OSV:GHSA-M3C4-PRHW-MRX6...

MAL-2026-290 Malicious code in kc-fe-cli (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b4347dd194760b4442f9bb1feab4f7133c2413af7958a4081f8cdea8367241da The package kc-fe-cli was found to contain malicious code. Source: ghsa-malware 42b0817927a50dccc81b965c476f842127ddf7f97445006910ebc9f6fa9e8026 Any...

EUVD-2026-3099

Malicious code in kc-fe-cli npm...

Malicious code in kc-fe-cli (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b4347dd194760b4442f9bb1feab4f7133c2413af7958a4081f8cdea8367241da The package kc-fe-cli was found to contain malicious code. Source: ghsa-malware 42b0817927a50dccc81b965c476f842127ddf7f97445006910ebc9f6fa9e8026 Any...

0xkit (=0.0.1), 0xpass (>=0.0.11 <=0.1.26) +7267 more potentially affected by CVE-2026-23527 via h3 (>=1.0.1 <=1.15.4)

h3 NPM version =1.0.1, =0.0.11, =0.0.2, =0.1.0, =1.1.0, =0.1.0, =0.1.0, =1.0.21, =2.0.0, =0.1.4, =0.1.0, =1.0.10, =1.0.11 and more Source cves: CVE-2026-23527 Source advisory: SNYK:JS-H3-15010914...

CVE-2026-22820 Outray cli is vulnerable to race conditions in tunnels creation

Outray openSource ngrok alternative. Prior to 0.1.5, a TOCTOU race condition vulnerability allows a user to exceed the set number of active tunnels in their subscription plan. This vulnerability is fixed in 0.1.5...

CVE-2026-22820 Outray cli is vulnerable to race conditions in tunnels creation

Outray openSource ngrok alternative. Prior to 0.1.5, a TOCTOU race condition vulnerability allows a user to exceed the set number of active tunnels in their subscription plan. This vulnerability is fixed in 0.1.5...

CVE-2026-22718

The VSCode extension for Spring CLI are vulnerable to command injection, resulting in command execution on the users machine...

CVE-2026-22718

The CVE-2026-22718 entry concerns the VSCode extension for Spring CLI, attributed to VMware, with a vulnerability allowing command injection and subsequent command execution on the user’s machine. Connected advisories consistently describe this as a vulnerability in the Spring CLI VSCode extensio...

CVE-2026-22718 Command injection vulnerability

The VSCode extension for Spring CLI are vulnerable to command injection, resulting in command execution on the users machine...

CVE-2026-22718 Command injection vulnerability

The VSCode extension for Spring CLI are vulnerable to command injection, resulting in command execution on the users machine...

PT-2026-2793

The VSCode extension for Spring CLI are vulnerable to command injection, resulting in command execution on the users machine...

CVE-2022-50911

...