MAL-2026-4801 Malicious code in web3.prc (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 6db6feb92bb662bbf24ea3769595c836f3443f8fb33833b094134f294704af70 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2026-2034 Malicious code in @emilgroup/accounting-sdk-node (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 81b18ede5b5fb4b02a83fa00e0ee9bed39f2a9aa04a952734abf0022f00f7bf4 The package @emilgroup/accounting-sdk-node was found to contain malicious code. Source: ghsa-malware...

EUVD-2026-12186

Malformed ATAES132A responses with an oversized length field overflow a 52-byte stack buffer in the Zephyr crypto driver, allowing a compromised device or bus attacker to corrupt kernel memory and potentially hijack execution...

The Role of Learning in Attacking Intrusion Detection Systems

Recent work on network attacks have demonstrated that ML-based network intrusion detection systems NIDS can be evaded with adversarial perturbations. However, these attacks rely on complex optimizations that have large computational overheads, making them impractical in many real-world settings. ...

Malicious code in express-lists-routes (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2c51e8807ad317a804d1d70eac194db27d648b87308eaebf5e7752864c1c03e5 The package express-lists-routes was found to contain malicious code. Source: ghsa-malware...

MAL-2026-428 Malicious code in shroom-kit (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 12ce31b267373b04b6db8fa70688917b146c9cf34f2d548b58890a950af4f32a The package shroom-kit was found to contain malicious code. Source: ghsa-malware df93160efafaee42f3f1c238618282cd6845e4fea4f6b0804f5e759934e60f71 Any...

Malicious code in tailwindcss-animate-tool (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 150bc7ffcbd255578f8dc6e8ce8781a01e97dcdc6a57436976f6b08beb371807 The package tailwindcss-animate-tool was found to contain malicious code. Source: ghsa-malware...

Malicious code in react-native-worklet-functions (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6ed2ae3214c7915580ec4f119fc2fc1ee0e071e2deea48ef419973982180aa9c The package react-native-worklet-functions was found to contain malicious code. Source: ghsa-malware...

CVE-2025-48428

Cleartext Storage of Sensitive Information CWE-312 in the Gallagher Morpho integration could allow an authenticated user with access to the Command Centre Server to export a specific signing key while in use allowing them to deploy a compromised or counterfeit device on that site. This issue...

EUVD-2020-1653

Malware in sbrugna...

EUVD-2020-1647

Malware in sbrugna...

EUVD-2020-1651

Malware in sbrugna...

EUVD-2024-49780

Malicious code in bioql PyPI...

CVE-2025-52988

An Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability in the CLI of Juniper Networks Junos OS and Junos OS Evolved allows a high privileged, local attacker to escalated their privileges to root. When a user provides specifically crafted argument...

CVE-2025-41652

The devices are vulnerable to an authentication bypass due to flaws in the authorization mechanism. An unauthenticated remote attacker could exploit this weakness by performing brute-force attacks to guess valid credentials or by using MD5 collision techniques to forge authentication hashes,...

CVE-2022-29850

Various Lexmark products through 2022-04-27 allow an attacker who has already compromised an affected Lexmark device to maintain persistence across reboots...

CVE-2020-0154

In nciproccorersp of ncihrcv.cc, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure via compromised device firmware with System execution privileges needed. User interaction is not needed for exploitation.Product:...

Malicious code in discordjs-self-v22.3 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 95f2a02084b7cd92df40cf973c163288d499c321e099a11fc8dbb42cec5e402b Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in sling-calendar-sdk (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 9450d991ed470df2b266a03b33a83ee5953186a21b328b837398a8a2af69d421 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2024-9191

The CVE concerns Okta Verify on Windows where the Device Access feature exposes the OktaDeviceAccessPipe, enabling a compromised device user to retrieve passwords for Desktop MFA passwordless logins. Affected component: Okta Verify agent for Windows with Okta Device Access passwordless feature en...