15464 matches found
MAL-2026-4282 Malicious code in prompt-engineering-toolkit (npm)
Ten packages published by npm user asdxzxc at version 1.0.10 target developers working on AI and LLM tooling. Each package masquerades as a developer utility while executing a two-stage payload triggered via postinstall: package.json → lib/setup.js → lib/worker.js. Credential harvesting:...
CVE-2026-41104
Deserialization of untrusted data in Microsoft Planetary Computer Pro allows an unauthorized attacker to disclose information over a network...
CVE-2026-41104
Microsoft Planetary Computer Pro is affected by a information-disclosure vulnerability due to deserialization of untrusted data. The issue permits network-based disclosure of information without authentication, with high impact on confidentiality, and requires no privileges. The CVSS 3.1 vector i...
CVE-2026-41104
Deserialization of untrusted data in Microsoft Planetary Computer Pro allows an unauthorized attacker to disclose information over a network...
EUVD-2026-31517
Deserialization of untrusted data in Microsoft Planetary Computer Pro allows an unauthorized attacker to disclose information over a network...
CVE-2026-41104 Microsoft Planetary Computer Pro Information Disclosure Vulnerability
...
CVE-2026-41104 Microsoft Planetary Computer Pro Information Disclosure Vulnerability
...
CVE-2026-25608
creationtimestamp| type| source ---|---|--- 2026-05-22 03:55:00+00:00| seen| https://cert.pl/en/posts/2026/05/CVE-2026-25606 2026-05-22 13:23:37+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mmgzrv4iaa2e...
Malicious code in pypi-build-verifier (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 43a9aa0e00091b0758de27e4e5708a572d91bcada3757f4ce7bc1a0b17cb2965 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2026-4245 Malicious code in pypi-build-verifier (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 43a9aa0e00091b0758de27e4e5708a572d91bcada3757f4ce7bc1a0b17cb2965 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Microsoft Planetary Computer Pro 代码问题漏洞
Microsoft Planetary Computer Pro is an enterprise-level geospatial data management and environmental analysis platform developed by Microsoft Corporation. There is a code vulnerability in Microsoft Planetary Computer Pro, which stems from deserializing unreliable data. This vulnerability could...
PT-2026-42847
Name of the Vulnerable Software and Affected Versions Microsoft Planetary Computer Pro affected versions not specified Description Deserialization of untrusted data allows an unauthorized attacker to disclose information over a network. Deserialization is the process of converting a data stream...
CVE-2026-41104
creationtimestamp| type| source ---|---|--- 2026-05-21 21:00:00+00:00| seen| https://www.govcert.gov.hk/en/alertsdetail.php?id=1886 2026-05-23 03:34:28+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mmijdcsc7g2r 2026-05-29 21:37:06+00:00| seen|...
MAL-2026-4225 Malicious code in tailwindcss-theme-custom (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 018631578c90dccfae7d22483708ce7ddd497f68e0d1f4cd03c862b47801b59d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2026-4224 Malicious code in json-spectaculation (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 5666b784c76bbb0ecb504b52a7e70d17bfe910ad374f223e53deca3b57021278 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Microsoft Planetary Computer Pro Information Disclosure Vulnerability
Deserialization of untrusted data in Microsoft Planetary Computer Pro allows an unauthorized attacker to disclose information over a network...
Malicious code in webservices.rest-utils (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5c9c78a4d0c87def69bbc5337e41a730e7ca6ae898426759915f053dc584581c package.json declares both preinstall and postinstall hooks that execute index.js, which exfiltrates installer data to a base64-encoded Cloudflare...
KLA91071 OSI vulnerability in Microsoft Device
An information disclosure vulnerability was found in Microsoft Planetary Computer Pro. Malicious users can exploit this vulnerability to obtain sensitive information. Original advisories CVE-2026-41104 Exploitation CVE list CVE-2026-41104 critical Solution Install necessary updates from the KB...
CVE-2026-5783 Reflected XSS in Beyaz Computer's CityPLus
Improper neutralization of input during web page generation 'cross-site scripting' vulnerability in Beyaz Computer Software Design Industry and Trade Ltd. Co. CityPLus allows Reflected XSS. This issue affects CityPLus: before V24.29750.1.0...
CVE-2026-5783 Reflected XSS in Beyaz Computer's CityPLus
Improper neutralization of input during web page generation 'cross-site scripting' vulnerability in Beyaz Computer Software Design Industry and Trade Ltd. Co. CityPLus allows Reflected XSS. This issue affects CityPLus: before V24.29750.1.0...