Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a credential-stealing payload and worm propagation logic. A malicious actor associated with the "TeamPCP" or "Mini Shai-Hulud" campaign compromised a maintainer's access token; this allowed the...

Malicious code in @uipath/packager-tool-connector (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 71f9d2ad382e0688b46186b2090090f9a0e6e67bac2e906f8242e93b60587c90 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in @uipath/integrationservice-sdk (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 4edd2a2ae1287141aa4d05d85a3bc8510964321fd4e054af3a5f763d6ad30b9c Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

UBUNTU-CVE-2026-43348

In the Linux kernel, the following vulnerability has been resolved: mshvvtl: Fix vmemmapshift exceeding MAXFOLIOORDER When registering VTL0 memory via MSHVADDVTL0MEMORY, the kernel computes pgmap-vmemmapshift as the number of trailing zeros in the OR of startpfn and lastpfn, intending to use the...

Malicious code in @voiceflow/serverless-plugin-typescript (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7250284d7c2e88d5fb38f55fabf16f35b8da97c4e888154f7f275f2bef975251 The package @voiceflow/serverless-plugin-typescript was found to contain malicious code. Source: google-open-source-security...

MAL-2025-191076 Malicious code in blinqio-executions-cli (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d9e5a96fa18543da294b321a481fba9ad03884c6ca9387794f923c84892966be The package blinqio-executions-cli was found to contain malicious code. Source: ghsa-malware...

MAL-2025-190778 Malicious code in posthog-plugin-hello-world (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 411e53a1772704343ddb3da6957e8e0ee4e8167ec93030bf27e2247081fddc61 The package posthog-plugin-hello-world was found to contain malicious code. Source: ghsa-malware...

MAL-2025-190708 Malicious code in @actbase/react-daum-postcode (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3b6730961ddc6bcfd14bc8564e2a8ef3d34d757e1ffae65ed7ff88232e115104 The package @actbase/react-daum-postcode was found to contain malicious code. Source: ghsa-malware...

MAL-2025-190712 Malicious code in @actbase/react-native-tiktok (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e30674f65fae1c8cebcf4d015086a943502402cc93f3559653c406c592a62366 The package @actbase/react-native-tiktok was found to contain malicious code. Source: ghsa-malware...

MAL-2025-190689 Malicious code in @trigo/pathfinder-ui-css (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 17172dc9e8dbb38a33e93a30996ed58f73c89d22d064635c816f92f8697a5013 The package @trigo/pathfinder-ui-css was found to contain malicious code. Source: ghsa-malware...

MAL-2025-190660 Malicious code in @asyncapi/modelina-cli (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c3144264289038cf791432dc902acf2aafe218ea12a11fd986f2690b63531157 The package @asyncapi/modelina-cli was found to contain malicious code. Source: ghsa-malware...

MAL-2025-47137 Malicious code in @ctrl/ngx-rightclick (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 26c981d94dd9e169f05ec3ebc64532f6ff7ce85c16dc391d51ae78b7dd6a43b9 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2022-49085 drbd: Fix five use after free bugs in get_initial_state

In the Linux kernel, the following vulnerability has been resolved: drbd: Fix five use after free bugs in getinitialstate In getinitialstate, it calls notifyinitialstatedoneskb,.. if cb-args5==1. If genlmsgput failed in notifyinitialstatedone, the skb will be freed by nlmsgfreeskb. Then...

CVE-2022-49085

In the Linux kernel, the following vulnerability has been resolved: drbd: Fix five use after free bugs in getinitialstate In getinitialstate, it calls notifyinitialstatedoneskb,.. if cb-args5==1. If genlmsgput failed in notifyinitialstatedone, the skb will be freed by nlmsgfreeskb. Then...

CVE-2023-52593 wifi: wfx: fix possible NULL pointer dereference in wfx_set_mfp_ap()

In the Linux kernel, the following vulnerability has been resolved: wifi: wfx: fix possible NULL pointer dereference in wfxsetmfpap Since 'ieee80211beaconget' can return NULL, 'wfxsetmfpap' should check the return value before examining skb data. So convert the latter to return an appropriate err...

Malicious npm Packages Found Exfiltrating Sensitive Data from Developers

Cybersecurity researchers have discovered a new bunch of malicious packages on the npm package registry that are designed to exfiltrate sensitive developer information. Software supply chain firm Phylum, which first identified the "test" packages on July 31, 2023, said they "demonstrated increasi...

SUSE-SU-2017:2264-1 Security update for libzypp

The Software Update Stack was updated to receive fixes and enhancements. libzypp: - CVE-2017-7435, CVE-2017-7436, CVE-2017-9269: Fix GPG check workflows, mainly for unsigned repositories and packages. bsc1045735, bsc1038984 - Fix gpg-pubkey release creation time computation. bsc1036659 - Update...