Malicious code in sync-external (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector dc297a0deaba794fdbfccc280a79c7cc895f21fc4e0122b1fba1bc4759b66c3f The package ships an obfuscated JavaScript file at shim/index.js using hex-style identifier mangling 0x391f3f, 0x3eff0a, 0x534564, etc. characteristi...

Malicious code in ts-wross (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 42dae43b7ff77748f10ae5faf6d87b7d63552e5629a37c931ea2c0de3539b469 Package is published under the name ts-wross but its package.json claims authorship by Michael Mclaughlin [email protected] and points its repository...

EUVD-2026-38233

A flaw was found in the Windows Machine Config Operator WMCO for Red Hat OpenShift Container Platform. The WICD CSR auto-approver validates that a Certificate Signing Request contains the organization system:wicd-nodes but does not reject additional organization values such as system:masters. A...

Gogs <= 0.13.3 - Remote Code Execution

Gogs self-hosted Git service versions 0.13.3 and earlier contain a critical symlink bypass vulnerability that circumvents the fix for CVE-2024-55947. Authenticated users can exploit improper symbolic link handling in the PutContents API to overwrite files outside the repository by committing a...

Astra Linux – Vulnerability in python-urllib3

urllib3 is a user-friendly HTTP client library for Python. Previously, urllib3 would not remove the HTTP request body when an HTTP redirect response was received using status 301, 302, or 303 after the request’s method changed from one that could accept a request body such as POST to GET, as...

Astra Linux – Vulnerability in Chromium

A heap buffer overflow in V8 in Google Chrome prior to version 90.0.4430.85 allowed a remote attacker who had compromised the renderer process to bypass site isolation through a crafted HTML page...

Astra Linux – Vulnerability in Chromium

Integer overflow in Mojo in Google Chrome prior to version 90.0.4430.85 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape through a crafted HTML page...

Malicious code in ethereum-gas-reporter (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7303c828115a527d477ea14684b3015e43fdcd36a7fa94041c16ccb3c2fbcfcc index.js line 144 contains require'chai-assert-kit' appended after the module's normal exports, with no other reference to chai-assert-kit anywhere i...

MAL-2026-6202 Malicious code in ethereum-gas-reporter (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7303c828115a527d477ea14684b3015e43fdcd36a7fa94041c16ccb3c2fbcfcc index.js line 144 contains require'chai-assert-kit' appended after the module's normal exports, with no other reference to chai-assert-kit anywhere i...

SUSE CVE-2026-12453

Insufficient validation of untrusted input in Input in Google Chrome prior to 149.0.7827.155 allowed a remote attacker who had compromised the renderer process to bypass same origin policy via a crafted HTML page. Chromium security severity: High...

SUSE CVE-2026-12460

Insufficient policy enforcement in File System Access in Google Chrome prior to 149.0.7827.155 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted PDF file. Chromium security severity: High...

SUSE CVE-2026-12462

Use after free in Media in Google Chrome prior to 149.0.7827.155 allowed a remote attacker who had compromised the renderer process to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...

SUSE CVE-2026-12463

Inappropriate implementation in Views in Google Chrome on Linux prior to 149.0.7827.155 allowed a remote attacker who had compromised the renderer process to inject arbitrary scripts or HTML UXSS via a crafted HTML page. Chromium security severity: High...

SUSE CVE-2026-12464

Use after free in Browser in Google Chrome prior to 149.0.7827.155 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

SUSE CVE-2026-12465

Object lifecycle issue in Metrics in Google Chrome prior to 149.0.7827.155 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

SUSE CVE-2026-12467

Use after free in Extensions in Google Chrome prior to 149.0.7827.155 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

EUVD-2026-37548

Inappropriate implementation in Views in Google Chrome on Linux prior to 149.0.7827.155 allowed a remote attacker who had compromised the renderer process to inject arbitrary scripts or HTML UXSS via a crafted HTML page. Chromium security severity: High...

EUVD-2026-37549

Use after free in Browser in Google Chrome prior to 149.0.7827.155 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

EUVD-2026-37539

Race in Safe Browsing in Google Chrome on Mac prior to 149.0.7827.155 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

CVE-2026-12468

Race in Updater in Google Chrome on Mac prior to 149.0.7827.155 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...