MAL-2026-1369 Malicious code in kinggupong (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8e715c2381b97a44dc664b3fbb1faf1977b339bc9cc51ad7722b09e24caa2f63 The package kinggupong was found to contain malicious code. Source: ghsa-malware 47fb80c46fcfaba8da9b01d5f99700a8a98a138ce3936b2ed9393db423d5b718 Any...

Malicious code in unibody (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 62433a668da6675dffc03d0b406316c3a612058aed5063d864c1f6a78d94e937 The package unibody was found to contain malicious code. Source: ghsa-malware d5083ea858a18dda094f7d171b57730132d8348f914ae8b2895725447d8f13f0 Any...

Malicious code in libsignal-mod (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 211e000c840d09f14adc470cd83c124e8a4e49249e78c8a759693e3678c63da2 The package libsignal-mod was found to contain malicious code. Source: ghsa-malware bb9ca486dd8fcc83473d13eb8fd8c5f8881d2be2d8301a167de2d40ad8513c51...

Malicious code in react-svg-anchor (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e014ccf1aaf52a0f5ad92a977b2fb987b63be3ae7bdf8fa9b5f8813f68040344 The package react-svg-anchor was found to contain malicious code. Source: ghsa-malware d539493dcc209d4d478ffa4a5893cd5cd01ee1d994700b9492b651c8aeb372...

Magic Wormhole 路径遍历漏洞

Magic Wormhole is a secure cross-computer file transfer tool developed under the open-source Magic-Wormhole project. Versions of Magic Wormhole from 0.21.0 to 0.23.0 contained a path traversal vulnerability. This vulnerability could allow malicious files to overwrite critical local files,...

EUVD-2026-11365

During an internal security assessment, a potential vulnerability was discovered in Lenovo PC Manager that could allow a local authenticated user to terminate privileged processes...

CVE-2026-2640

During an internal security assessment, a potential vulnerability was discovered in Lenovo PC Manager that could allow a local authenticated user to terminate privileged processes...

MAL-2026-1345 Malicious code in npm-builders (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3c63391276857464ec97afe878e9a323907ccb5cc79486e5d11ce3078f2621e1 The package npm-builders was found to contain malicious code. Source: ghsa-malware 83c8c91b9b31b2f06c283e24505777cd3486a18286a6eb6a2f2b29ca2e6462e6 A...

Malicious code in gamma-api-provider (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e0c08011b9300cb8b734d3d0bebc12d47ba78173fd7bb3b676459217b0c2d367 The package gamma-api-provider was found to contain malicious code. Source: ghsa-malware...

Malicious code in vite-chunker (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ff8c2fc92377d678aca4ddaeaf13ff2c9a3fe7da1e436478d49b935131562f58 The package vite-chunker was found to contain malicious code. Source: ghsa-malware 77cc8d4b3c8ab1dac6606515127cb65f5c6738fb43b9d6a7800351162e689059 A...

MAL-2026-1332 Malicious code in mui-path-imports (npm)

The package 'mui-path-imports' is part of the PhantomRaven supply chain attack campaign Wave 4. It uses a Remote Dynamic Dependency RDD technique: the published package appears benign but includes a URL-based dependency in package.json pointing to an attacker-controlled C2 server...

Malicious code in falcologgerinternalstate (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 183181a665c683721a6523db5e15b21f8c20c2b154b2ea57decac425f8ad44e3 The package falcologgerinternalstate was found to contain malicious code. Source: ghsa-malware...

MAL-2026-1305 Malicious code in collab-library (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 827bba21aab2fb6ac088e0ab66d2d6ce16a9edcfb26736c85c5d9c8488019b21 The package collab-library was found to contain malicious code. Source: ghsa-malware aa4043d376077e02719a8d768bb1e2631de6c69525ebd948ed92102f617adc9c...

MAL-2026-1316 Malicious code in xc-input-toggle (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 25bd6a138ac384a0c310614cf8a679db9c7c02f9b4b44fbfb98910514eb2e80e The package xc-input-toggle was found to contain malicious code. Source: ghsa-malware aa8d4ebd389bd00b1f92bc14e6d9e1a2ffc83e2ef239991e0e01c0bb445166c...

MAL-2026-1299 Malicious code in monoping (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3c8fd35713b7e196cf598a8c69f853a4760cc2a2f079ae9e51d3d5d62d33a954 The package monoping was found to contain malicious code. Source: ghsa-malware dac223c01f73149dee79551e85e5265a42c4093a91294545d780f6f86ac1ee9c Any...

Malicious code in monoping (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3c8fd35713b7e196cf598a8c69f853a4760cc2a2f079ae9e51d3d5d62d33a954 The package monoping was found to contain malicious code. Source: ghsa-malware dac223c01f73149dee79551e85e5265a42c4093a91294545d780f6f86ac1ee9c Any...

CVE-2025-13957

creationtimestamp| type| source ---|---|--- 2026-03-10 00:00:00+00:00| seen| https://www.cert.ssi.gouv.fr/avis/CERTFR-2026-AVI-0254/ 2026-03-17 12:00:00+00:00| seen| https://www.cisa.gov/news-events/ics-advisories/icsa-26-076-03...

EUVD-2026-10273

A flaw has been found in SourceCodester Computer Laboratory Management System 1.0. This affects an unknown part. This manipulation causes cross-site request forgery. The attack is possible to be carried out remotely. The exploit has been published and may be used...

CVE-2026-3770

A flaw has been found in SourceCodester Computer Laboratory Management System 1.0. This affects an unknown part. This manipulation causes cross-site request forgery. The attack is possible to be carried out remotely. The exploit has been published and may be used...

CVE-2026-3770

A flaw has been found in SourceCodester Computer Laboratory Management System 1.0. This affects an unknown part. This manipulation causes cross-site request forgery. The attack is possible to be carried out remotely. The exploit has been published and may be used...