672 matches found
Ivanti EPM Cloud Services Appliance Code Injection
Ivanti EPM Cloud Services Appliance CSA before version 4.6.0-512 is susceptible to a code injection vulnerability because it allows an unauthenticated user to execute arbitrary code with limited permissions nobody. id: CVE-2021-44529 info: name: Ivanti EPM Cloud Services Appliance Code Injection...
Ivanti Cloud Services Appliance - Path Traversal
Path Traversal in the Ivanti CSA before 4.6 Patch 519 allows a remote unauthenticated attacker to access restricted functionality. id: CVE-2024-8963 info: name: Ivanti Cloud Services Appliance - Path Traversal author: johnk3r severity: critical description: | Path Traversal in the Ivanti CSA befo...
CVE-2026-0261
Multiple command injection vulnerabilities in Palo Alto Networks PAN-OS® software enable an authenticated administrator to bypass system restrictions and run arbitrary commands as a root user. To be able to exploit this issue, the user must have access to the PAN-OS CLI or Web UI. The security ri...
MAL-2026-5263 Malicious code in node-env-resolver-aws (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a4d561f58633262592e17233481bba8398f047eb830948370396c51b6d952c90 No concrete installer-harm signals were identified in this version of the package. Coverage of the package contents was partial, so a human reviewer...
Malicious code in eslint-plugin-awaitly (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4dbd803fb072d271da9c655f60d16fa4e33582d1acb075aa6427449c2a417b72 The package was found to contain malicious code or consuming dependency that contains malicious code Source: google-open-source-security...
Malicious code in eslint-plugin-executable-stories-jest (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f57bad4c5897c34b725457a558ebfe9df86ff8092f5bfd36b1568d6dc5e84da8 The package was found to contain malicious code or consuming dependency that contains malicious code Source: google-open-source-security...
MAL-2026-5220 Malicious code in autotel-edge (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 811b38cb7e91f18a899293fc6cd657bdc63f07714d5277920cfc21532b5aca08 No concrete installer-harm signals were identified in this package version. No lifecycle hooks, hardcoded exfiltration endpoints, credential-path...
Malicious code in eslint-plugin-executable-stories-vitest (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 37cda64660196ba2834eebfa1c7c1debc8367bb89d9b953d1c01fa0c5b722e7a The package was found to contain malicious code or consuming dependency that contains malicious code Source: google-open-source-security...
MAL-2026-5202 Malicious code in @ethlete/query (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4d3334de45d8864ad96963e00aa263c3c1b09678abe9317058965a2b6b026abd The package was found to contain malicious code or consuming dependency that contains malicious code Source: google-open-source-security...
Multiple Node.js Modules compromised in npm supply chain attack (Shai-Hulud 'Miasma') (06/01/2026)
The remote host has a version of one or more Node.js modules installed known to be compromised in the Shai-Hulud 'Miasma' npm supply chain attack reported on 06/01/2026. This wave compromised 32 packages 96 versions published under the '@redhat-cloud-services' npm scope. It is tracked separately...
Malicious code in @redhat-cloud-services/tsc-transform-imports (npm)
Part of the "Mini Shai-Hulud" supply chain worm campaign that compromised the GitHub Actions OIDC trusted publisher shared by Red Hat Cloud Services npm packages. The attacker injected a preinstall hook into this and 31 other packages in the @redhat-cloud-services scope. The hook delivers a...
Malicious code in @redhat-cloud-services/hcc-feo-mcp (npm)
Part of the "Mini Shai-Hulud" supply chain worm campaign that compromised the GitHub Actions OIDC trusted publisher shared by Red Hat Cloud Services npm packages. The attacker injected a preinstall hook into this and 31 other packages in the @redhat-cloud-services scope. The hook delivers a...
MAL-2026-5129 Malicious code in @redhat-cloud-services/hcc-feo-mcp (npm)
Part of the "Mini Shai-Hulud" supply chain worm campaign that compromised the GitHub Actions OIDC trusted publisher shared by Red Hat Cloud Services npm packages. The attacker injected a preinstall hook into this and 31 other packages in the @redhat-cloud-services scope. The hook delivers a...
MAL-2026-5139 Malicious code in @redhat-cloud-services/hcc-kessel-mcp (npm)
Part of the "Mini Shai-Hulud" supply chain worm campaign that compromised the GitHub Actions OIDC trusted publisher shared by Red Hat Cloud Services npm packages. The attacker injected a preinstall hook into this and 31 other packages in the @redhat-cloud-services scope. The hook delivers a...
MAL-2026-5147 Malicious code in @redhat-cloud-services/tsc-transform-imports (npm)
Part of the "Mini Shai-Hulud" supply chain worm campaign that compromised the GitHub Actions OIDC trusted publisher shared by Red Hat Cloud Services npm packages. The attacker injected a preinstall hook into this and 31 other packages in the @redhat-cloud-services scope. The hook delivers a...
MAL-2026-5130 Malicious code in @redhat-cloud-services/integrations-client (npm)
Part of the "Mini Shai-Hulud" supply chain worm campaign that compromised the GitHub Actions OIDC trusted publisher shared by Red Hat Cloud Services npm packages. The attacker injected a preinstall hook into this and 31 other packages in the @redhat-cloud-services scope. The hook delivers a...
MAL-2026-5144 Malicious code in @redhat-cloud-services/notifications-client (npm)
Part of the "Mini Shai-Hulud" supply chain worm campaign that compromised the GitHub Actions OIDC trusted publisher shared by Red Hat Cloud Services npm packages. The attacker injected a preinstall hook into this and 31 other packages in the @redhat-cloud-services scope. The hook delivers a...
Malicious code in @redhat-cloud-services/frontend-components-advisor-components (npm)
Part of the "Mini Shai-Hulud" supply chain worm campaign that compromised the GitHub Actions OIDC trusted publisher shared by Red Hat Cloud Services npm packages. The attacker injected a preinstall hook into this and 31 other packages in the @redhat-cloud-services scope. The hook delivers a...
Malicious code in @redhat-cloud-services/remediations-client (npm)
Part of the "Mini Shai-Hulud" supply chain worm campaign that compromised the GitHub Actions OIDC trusted publisher shared by Red Hat Cloud Services npm packages. The attacker injected a preinstall hook into this and 31 other packages in the @redhat-cloud-services scope. The hook delivers a...
Malicious code in @redhat-cloud-services/types (npm)
Part of the "Mini Shai-Hulud" supply chain worm campaign that compromised the GitHub Actions OIDC trusted publisher shared by Red Hat Cloud Services npm packages. The attacker injected a preinstall hook into this and 31 other packages in the @redhat-cloud-services scope. The hook delivers a...