CGA-7JVM-68GH-FGFJ

Bulletin has no description...

EUVD-2026-36223

GitLab has remediated an issue in GitLab EE affecting all versions from 17.1 before 18.10.8, 18.11 before 18.11.5, and 19.0 before 19.0.2 that under certain conditions could have allowed an authenticated user with developer-role permissions to execute arbitrary client-side code on behalf of a...

CGA-29GV-96MX-96PG

Bulletin has no description...

Exploit for CVE-2026-10795

CVE-2026-10795 CVE-2026-10795 – UpdraftPlus Authentication Byp...

redis: use-after-free in unblock client flow may allow remote code execution

A flaw was found in Redis. The unblock client flow does not handle an error return from the processCommandAndResetClient when re-executing a blocked command. If a blocked client is evicted during this flow, an authenticated attacker can cause a use-after-free issue. This potentially leads to...

redis: Remote code execution via use-after-free in Lua scripting

A flaw was found in Redis, an in-memory data structure store. An authenticated attacker can exploit a use-after-free vulnerability in redis-server with Lua scripting. This occurs through the master-replica synchronization mechanism on replicas where replica-read-only is disabled or can be disable...

redis: RESTORE invalid memory access may allow remote code execution

A flaw was found in Redis. An authenticated attacker with permission to execute the RESTORE command can send a crafted serialized payload that may lead to an invalid memory access due to an improper validation of the serialized values. This flaw can cause the server to crash and may allow arbitra...

Important: Red Hat Security Advisory: valkey security update

An update for valkey is now available for Red Hat Enterprise Linux 10. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from t...

MAL-2026-5635 Malicious code in routing-controls (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 095efa733141879758b3a97acff66255dd2bc05143649513ab18b6597bf2dedb Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious Package

Overview swagger-express-routes is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this packag...

Malicious Package

Overview routing-controls is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

MAL-2026-5636 Malicious code in swagger-express-routes (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 342bf1e361c6684c276c1afc618d78d82268e93898daddaef74873a49c6111b2 On require'swagger-express-routes', the package's main entry transitively loads src/utils/lib.min.js through src/connector/index.js line 1:...

Malicious code in react-photo-views (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b0a47353c6255d7edb625c7ea890545e106900caeae477f0ebff432ae39c53e5 Package name 'react-photo-views' plural impersonates the popular 'react-photo-view' singular component — README badges, downloads URLs, and...

Malicious code in tw-fluid-type (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5c3bc3497d6c683f52210ca201500d27cf9e2bcccd976883be2ed85d17569b54 The package advertises itself as a Tailwind CSS fluid-type plugin but ships src/utils/lib.min.js, which is loaded as a side effect when the package's...

MAL-2026-5637 Malicious code in tailwindcss-animotion (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 774c1b953da3225f63374a2054512d7715ce872f4a82278fc0954fe3133e7e0b The package's main entry dist/index.cjs, with the same code in src/utils/helper.min.js aliases require to global.r and module to global.m, then...

MAL-2026-5638 Malicious code in tw-fluid-type (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5c3bc3497d6c683f52210ca201500d27cf9e2bcccd976883be2ed85d17569b54 The package advertises itself as a Tailwind CSS fluid-type plugin but ships src/utils/lib.min.js, which is loaded as a side effect when the package's...

MAL-2026-5634 Malicious code in react-photo-views (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b0a47353c6255d7edb625c7ea890545e106900caeae477f0ebff432ae39c53e5 Package name 'react-photo-views' plural impersonates the popular 'react-photo-view' singular component — README badges, downloads URLs, and...

Malicious code in tailwindcss-animotion (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 774c1b953da3225f63374a2054512d7715ce872f4a82278fc0954fe3133e7e0b The package's main entry dist/index.cjs, with the same code in src/utils/helper.min.js aliases require to global.r and module to global.m, then...

Malicious code in clsx-tailwind (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6e1efb9d7593baede89024227d99cc6ca9fc0c86e1f0faf8dd78560174cf1b39 Package advertises a trivial Tailwind class-name merger a 5-line cn helper but its main entry dist/index.js unconditionally requires...

Malicious code in sass-format (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b0068d27fedb58c57dabb36f110b6410a8f422774734cee9ea53e7fdc7f66da5 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...