MAL-2026-2694 Malicious code in cpu-optimizers (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 f82b75da107c50f4d2f3cf5587e7db58a0dc91b77f8511226ff9219623dc145a Clones of legitimate libraries with malicious modifications intended to download malicious remote code. The remote script allows executing arbitrary files...

GHSA-5879-4FMR-XWF2 WWBN AVideo has an incomplete fix for CVE-2026-33293: Path Traversal

Summary The incomplete fix for AVideo's CloneSite deleteDump parameter does not apply path traversal filtering, allowing unlink of arbitrary files via ../../ sequences in the GET parameter. Affected Package - Ecosystem: Other - Package: AVideo - Affected versions: = commit 941decd6d19e Details At...

Malicious code in kryptex-os (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 034201cad27492b279f5c274a5091b2e617da50f27125c7774db069256b3486e Clones of legitimate libraries with malicious modifications intended to download malicious remote code. The remote script allows executing arbitrary files...

Command Injection

Overview org.webjars.npm:simple-git is an A light weight interface for running git commands in any node.js application. Affected versions of this package are vulnerable to Command Injection through improper option parsing in the clone method. An attacker can execute arbitrary system commands by...

Command Injection

Overview simple-git is a light weight interface for running git commands in any node.js application. Affected versions of this package are vulnerable to Command Injection through improper option parsing in the clone method. An attacker can execute arbitrary system commands by supplying specially...

MAL-2026-2623 Malicious code in hive-setting (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 94c174f9e83b72e5aaafbb1587d41384786cd29b4e9b69d097117d8c7b403771 Clones of legitimate libraries with malicious modifications intended to download malicious remote code. The remote script allows executing arbitrary files...

EUVD-2026-21943

In the Linux kernel, the following vulnerability has been resolved: net: bonding: fix use-after-free in bondxmitbroadcast bondxmitbroadcast reuses the original skb for the last slave determined by bondislastslave and clones it for others. Concurrent slave enslave/release can mutate the slave list...

MAL-2026-2572 Malicious code in hiveos-setting (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 36035629c3bde2cc0e1f5c5531cac6c4ece9ff587cc3c85a5e39bcafbded06d9 Clones of legitimate libraries with malicious modifications intended to download malicious remote code. The remote script allows executing arbitrary files...

CVE-2026-31419

In the Linux kernel, the following vulnerability has been resolved: net: bonding: fix use-after-free in bondxmitbroadcast bondxmitbroadcast reuses the original skb for the last slave determined by bondislastslave and clones it for others. Concurrent slave enslave/release can mutate the slave list...

MAL-2026-2571 Malicious code in hiveos-settings (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 cc412fc6f4c4059bbea28f3aa4ff430b5cc0405b6117995d8b401be1ed514932 Clones of legitimate libraries with malicious modifications intended to download malicious remote code. The remote script allows executing arbitrary files...

Linux Distros Unpatched Vulnerability : CVE-2026-31419

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - net: bonding: fix use-after-free in bondxmitbroadcast bondxmitbroadcast reuses the original skb for the last slave determined by bondislastslave and clones it f...

EUVD-2026-21029

Wasmtime has use-after-free bug after cloning wasmtime::Linker...

GHSA-HFR4-7C6C-48W2 Wasmtime has use-after-free bug after cloning `wasmtime::Linker`

Impact In version 43.0.0 of the wasmtime crate, cloning a wasmtime::Linker is unsound and can result in use-after-free bugs. This bug is not controllable by guest Wasm programs. It can only be triggered by a specific sequence of embedder API calls made by the host. The typical symptom of this...

CVE-2026-34983

Wasmtime is a runtime for WebAssembly. In 43.0.0, cloning a wasmtime::Linker is unsound and can result in use-after-free bugs. This bug is not controllable by guest Wasm programs. It can only be triggered by a specific sequence of embedder API calls made by the host. Specifically, the following...

PYSEC-2026-151

Wasmtime is a runtime for WebAssembly. In 43.0.0, cloning a wasmtime::Linker is unsound and can result in use-after-free bugs. This bug is not controllable by guest Wasm programs. It can only be triggered by a specific sequence of embedder API calls made by the host. Specifically, the following...

CVE-2026-34983

Wasmtime is a runtime for WebAssembly. In 43.0.0, cloning a wasmtime::Linker is unsound and can result in use-after-free bugs. This bug is not controllable by guest Wasm programs. It can only be triggered by a specific sequence of embedder API calls made by the host. Specifically, the following...

PT-2026-31689

Wasmtime is a runtime for WebAssembly. In 43.0.0, cloning a wasmtime::Linker is unsound and can result in use-after-free bugs. This bug is not controllable by guest Wasm programs. It can only be triggered by a specific sequence of embedder API calls made by the host. Specifically, the following...

Malicious code in roboat-utils (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 206186397510c57a9f8cb5e6ca8bdf9d5e1349b99e73f8d06da13e687924feea This package is a malicious clone of a legitimate Roblox API wrapper. The new versions are published simultaneously with publishing malicious dependencies and...

MAL-2026-2512 Malicious code in roboat-utils (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 206186397510c57a9f8cb5e6ca8bdf9d5e1349b99e73f8d06da13e687924feea This package is a malicious clone of a legitimate Roblox API wrapper. The new versions are published simultaneously with publishing malicious dependencies and...

CVE-2026-35452

WWBN AVideo is an open source video platform. In versions 26.0 and prior, the plugin/CloneSite/client.log.php endpoint serves the clone operation log file without any authentication. Every other endpoint in the CloneSite plugin directory enforces User::isAdmin. The log contains internal filesyste...