CVE-2026-0775

npm cli Incorrect Permission Assignment Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of npm cli. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploi...

CVE-2026-0775

npm cli Incorrect Permission Assignment Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of npm cli. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploi...

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the /api/v1/index/retrieve endpoint. An attacker can scan internal network resources by sending GET requests to retrieve a public key. Since only GET requests are allowed for this endpoint, it is not...

Azure Linux 3.0 Security Update: dcos-cli (CVE-2020-26160)

The version of dcos-cli installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2020-26160 advisory. - jwt-go before 4.0.0-preview1 allows attackers to bypass intended access restrictions in situations with...

Azure Linux 3.0 Security Update: gh (CVE-2025-48938)

The version of gh installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-48938 advisory. - go-gh is a collection of Go modules to make authoring GitHub CLI extensions easier. A security vulnerability has...

CVE-2025-33228

A flaw was found in NVIDIA Nsight Systems. This vulnerability allows a local attacker to achieve arbitrary code execution by manually invoking the processnsysrepcli.py script with a malicious string. This OS command injection can lead to privilege escalation, data tampering, denial of service, an...

Malicious Package

Overview kc-fe-cli is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...

@alephium/cli (>=0.38.0 <=0.45.0), @alephium/get-extension-wallet (>=0.38.0 <=0.45.0) +19 more potentially affected by CVE-2026-1245 via binary-parser (>=2.0.3 <=2.2.1)

binary-parser NPM version =2.0.3, =0.38.0, =0.38.0, =0.38.0, =0.30.0-beta.1, =0.38.0, =0.38.0, =0.38.0, =0.22.0, =0.0.2, =1.4.1, =0.8.0, =1.13.0, =1.0.0, =2.1.1 and more Source cves: CVE-2026-1245 Source advisory: SNYK:JS-BINARYPARSER-15046328...

CVE-2025-33228

NVIDIA Nsight Systems contains a vulnerability in the gfxhotspot recipe, where an attacker could cause an OS command injection by supplying a malicious string to the processnsysrepcli.py script if the script is invoked manually. A successful exploit of this vulnerability might lead to code...

CVE-2025-33228

NVIDIA Nsight Systems contains a vulnerability in the gfxhotspot recipe, where an attacker could cause an OS command injection by supplying a malicious string to the processnsysrepcli.py script if the script is invoked manually. A successful exploit of this vulnerability might lead to code...

CVE-2025-33228

CVE-2025-33228 affects NVIDIA Nsight Systems, specifically a vulnerability in the gfx_hotspot recipe that allows an OS command injection by feeding a malicious string to the process_nsys_rep_cli.py script when invoked manually. A successful exploit could lead to code execution, privilege escalati...

actpdf (>=0.1.0 <=0.12.0), agenticmem (>=0.1.4.1 <=0.1.5.0) +212 more potentially affected by CVE-2025-68616 via weasyprint (>=0.28.0 <=67.0.0)

weasyprint PYPI version =0.28.0, =0.1.0, =0.1.4.1, =0.5.0, =0.1.1, =0.1.1, =0.1.0, =0.5.0, =0.3.18, =1.1.0, =0.1.0, =0.1.5 and more Source cves: CVE-2025-68616 Source advisory: SNYK:PYTHON-WEASYPRINT-15035957...

@blockchain-lab-um/ssi-snap (>=1.0.3 <=1.0.7), @i3m/base-wallet (>=1.1.0 <=2.6.1) +50 more potentially affected by unknown CVE via @veramo/data-store (>=0.0.42 <=5.6.0)

@veramo/data-store NPM version =0.0.42, =1.0.3, =1.1.0, =1.1.0, =1.2.0, =1.1.0, =0.2.0, =1.0.0, =1.5.0, =1.5.1, =0.0.1, =0.11.1-next.4, =0.2.1-next.13, =0.8.1-next.272, =0.11.0 and more Source cves: unknown CVE Source advisory: OSV:GHSA-38CW-85XC-XR9X...

deno_cli (>=0.18.0-preview4 <=0.23.0), deno_cli_snapshots (>=0.0.3 <=0.19.0) +2 more potentially affected by CVE-2026-22864 via deno (>=0.15.0 <=0.6.0)

deno CARGO version =0.15.0, =0.18.0-preview4, =0.0.3, =0.0.1, =0.23.0 Source cves: CVE-2026-22864 Source advisory: OSV:GHSA-M3C4-PRHW-MRX6...

Malicious code in kc-fe-cli (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b4347dd194760b4442f9bb1feab4f7133c2413af7958a4081f8cdea8367241da The package kc-fe-cli was found to contain malicious code. Source: ghsa-malware 42b0817927a50dccc81b965c476f842127ddf7f97445006910ebc9f6fa9e8026 Any...

EUVD-2026-3099

Malicious code in kc-fe-cli npm...

MAL-2026-290 Malicious code in kc-fe-cli (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b4347dd194760b4442f9bb1feab4f7133c2413af7958a4081f8cdea8367241da The package kc-fe-cli was found to contain malicious code. Source: ghsa-malware 42b0817927a50dccc81b965c476f842127ddf7f97445006910ebc9f6fa9e8026 Any...

0xkit (=0.0.1), 0xpass (>=0.0.11 <=0.1.26) +7817 more potentially affected by CVE-2026-23527 via h3 (>=1.0.1 <=1.15.4)

h3 NPM version =1.0.1, =0.0.11, =0.0.0-canary-3a59770274bcb6f3bebd5d1b93a2c92d1fc4edbd, =0.0.2, =0.1.0, =1.1.0, =0.1.0, =0.1.0, =1.0.21, =2.0.0, =0.1.4, =0.1.0, =1.0.10, =1.0.11 and more Source cves: CVE-2026-23527 Source advisory: SNYK:JS-H3-15010914...

CVE-2026-22820 Outray cli is vulnerable to race conditions in tunnels creation

Outray openSource ngrok alternative. Prior to 0.1.5, a TOCTOU race condition vulnerability allows a user to exceed the set number of active tunnels in their subscription plan. This vulnerability is fixed in 0.1.5...

CVE-2026-22820 Outray cli is vulnerable to race conditions in tunnels creation

Outray openSource ngrok alternative. Prior to 0.1.5, a TOCTOU race condition vulnerability allows a user to exceed the set number of active tunnels in their subscription plan. This vulnerability is fixed in 0.1.5...