Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code linked to the "Miasma" supply chain attack targeting the @redhat-cloud-services npm namespace. A malicious actor compromised the publication pipeline and published versions containing malicious code that includes...

@redhat-cloud-services/access-requests-frontend (>=1.2.0 <=1.2.11), @redhat-cloud-services/frontend-components-advisor-components (>=1.0.0 <=3.8.1) +11 more potentially affected by unknown CVE via @redhat-cloud-services/frontend-components (=7.7.1)

@redhat-cloud-services/frontend-components NPM version =7.7.1 is affected by a known vulnerability. The following packages have a transitive dependency on @redhat-cloud-services/frontend-components and may be impacted: - @redhat-cloud-services/access-requests-frontend =1.2.0, =1.0.0, =0.0.1,...

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code linked to the "Miasma" supply chain attack targeting the @redhat-cloud-services npm namespace. A malicious actor compromised the publication pipeline and published versions containing malicious code that includes...

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code linked to the "Miasma" supply chain attack targeting the @redhat-cloud-services npm namespace. A malicious actor compromised the publication pipeline and published versions containing malicious code that includes...

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code linked to the "Miasma" supply chain attack targeting the @redhat-cloud-services npm namespace. A malicious actor compromised the publication pipeline and published versions containing malicious code that includes...

Malicious Package

Overview @cloudplatform-single-spa/agreements is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization a...

@redhat-cloud-services/frontend-components-inventory (>=2.0.0 <=3.4.0), @redhat-cloud-services/frontend-components-inventory-compliance (>=0.0.1 <=3.4.4) +4 more potentially affected by unknown CVE via @redhat-cloud-services/frontend-components-notifications (=6.9.1)

@redhat-cloud-services/frontend-components-notifications NPM version =6.9.1 is affected by a known vulnerability. The following packages have a transitive dependency on @redhat-cloud-services/frontend-components-notifications and may be impacted: -...

CodeAlpha_SQLInjectionSecurity

CodeAlphaSQLInjectionSecur...

CVE-2026-10177

A security vulnerability has been detected in Aider-AI Aider 0.86.3. This affects the function requests.get of the file apidocs.py of the component AWS EC2 Metadata Endpoint. The manipulation leads to server-side request forgery. The attack is possible to be carried out remotely. The exploit has...

CVE-2026-10177 Aider-AI Aider AWS EC2 Metadata Endpoint api_docs.py requests.get server-side request forgery

A security vulnerability has been detected in Aider-AI Aider 0.86.3. This affects the function requests.get of the file apidocs.py of the component AWS EC2 Metadata Endpoint. The manipulation leads to server-side request forgery. The attack is possible to be carried out remotely. The exploit has...

Malicious code in cscc-glass-house (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 20f53888d08d0aa70146b50e8dc761373490363f9081ea0adb9fb93cfd2b6240 Package implements exfiltrating credentials from cloud environments to a hardcoded location. Some code parts suggest it may be part of a CTF. --- Category:...

MAL-2026-5096 Malicious code in cscc-glass-house (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 20f53888d08d0aa70146b50e8dc761373490363f9081ea0adb9fb93cfd2b6240 Package implements exfiltrating credentials from cloud environments to a hardcoded location. Some code parts suggest it may be part of a CTF. --- Category:...

CVE-2026-42506 affecting package kube-vip-cloud-provider for versions less than 0.0.10-6

CVE-2026-42506 affecting package kube-vip-cloud-provider for versions less than 0.0.10-6. A patched version of the package is available...

CVE-2026-42502 affecting package kube-vip-cloud-provider for versions less than 0.0.10-6

CVE-2026-42502 affecting package kube-vip-cloud-provider for versions less than 0.0.10-6. A patched version of the package is available...

CVE-2026-25681 affecting package kube-vip-cloud-provider for versions less than 0.0.10-6

CVE-2026-25681 affecting package kube-vip-cloud-provider for versions less than 0.0.10-6. A patched version of the package is available...

CVE-2026-25680 affecting package kube-vip-cloud-provider for versions less than 0.0.10-6

CVE-2026-25680 affecting package kube-vip-cloud-provider for versions less than 0.0.10-6. A patched version of the package is available...

CVE-2026-39821 affecting package kube-vip-cloud-provider for versions less than 0.0.10-6

CVE-2026-39821 affecting package kube-vip-cloud-provider for versions less than 0.0.10-6. A patched version of the package is available...

CVE-2026-39830 affecting package cf-cli for versions less than 8.7.11-6

CVE-2026-39830 affecting package cf-cli for versions less than 8.7.11-6. A patched version of the package is available...

CVE-2026-39821 affecting package cloud-provider-kubevirt for versions less than 0.5.1-4

CVE-2026-39821 affecting package cloud-provider-kubevirt for versions less than 0.5.1-4. A patched version of the package is available...

CVE-2026-27136 affecting package cloud-provider-kubevirt for versions less than 0.5.1-4

CVE-2026-27136 affecting package cloud-provider-kubevirt for versions less than 0.5.1-4. A patched version of the package is available...