MAL-2026-150 Malicious code in hoppscotch-agent (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ccc9fa1661ed3de2ac221307d7e5cac1aea785ac1d0e2241ecd0001a05fea796 The package hoppscotch-agent was found to contain malicious code. Source: ghsa-malware 7c2ae92a02c69aaa3b5287d2172d0fbc6f8f1e3ae51c69f76c7a07e4dcc7a1...

Malicious code in rt-qa-sampler (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 01d57d7fdf7de875c7da43a03defcfe1df8c66f3a72a0802585f903e5e4e4a19 The package rt-qa-sampler was found to contain malicious code. Source: ghsa-malware 7db994932160920a0a11f0ca0419898a6c0552e1f38b68ccf9bb6b59d72f98fb...

MAL-2026-137 Malicious code in rt-da-classic-card-collection (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 40df14bf87fe4eb4e065fda942f953028db00c5e8148c1c1ccc2f6cf623d3611 The package rt-da-classic-card-collection was found to contain malicious code. Source: ghsa-malware...

CVE-2024-2066

A vulnerability was found in SourceCodester Computer Inventory System 1.0. It has been classified as problematic. This affects an unknown part of the file /endpoint/add-computer.php. The manipulation of the argument model leads to cross site scripting. It is possible to initiate the attack...

Malicious code in klywarn (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector eee572661c3786dd95fb006ea7b4d99026b670f00f8e1999c1d961af6d612a2c The package klywarn was found to contain malicious code. Source: ghsa-malware f8ef3f65d8a5142e8b3a669ecd7f5b3891db0031a16d478f7b220fbb41f8d398 Any...

Malicious code in 1kzr (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1191bf170b21e0c9c0b1904f808522aa27e23736bb05c9c16332fd1a97e52332 The package 1kzr was found to contain malicious code. Source: ghsa-malware 715d44ba7af24784970425367d9e909f00a7b64031c3004b2fe93628232ab95c Any...

MAL-2026-100 Malicious code in eslint-plugin-supertest (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 69e51e22e6032e74b136ec2615b38bd5801cca8f5a4ef8a09747a442b656ec17 The package eslint-plugin-supertest was found to contain malicious code. Source: ghsa-malware...

CVE-2025-47369

The CVE-2025-47369 issue relates to Qualcomm’s CVP driver: a session ID returned to userland is derived from a kernel pointer via hash32_ptr, a non-cryptographic and reversible fold. This leaks kernel addresses and can deterministically reveal the original pointer due to ARM64 address layout, eff...

CVE-2025-47369 Information Exposure in Computer Vision

Information disclosure when a weak hashed value is returned to userland code in response to a IOCTL call to obtain a session ID...

CVE-2025-47369 Information Exposure in Computer Vision

Information disclosure when a weak hashed value is returned to userland code in response to a IOCTL call to obtain a session ID...

Malicious code in pycolorom (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 6babcee81c12759b66be4c0a8ba33c3f0272b052a47fda31227f4a6087ba8e5b The package, distinguished as a speed testing or typosquatted Telegram library, contains a Telegram bot to perform remote control of the computer --- Category:...

MAL-2026-85 Malicious code in elastic-docs-v3-utilities (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector dc3812db2733b6d6bfaba2e5b7b08065e1b07291a2a58a6dfa589b31added3e6 The package elastic-docs-v3-utilities was found to contain malicious code. Source: ghsa-malware...

Malicious code in okta-loginpage-render (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 48116f31c0b827072f94f6157837d2fcb3be3c6a9985584328216403280bd6bb The package okta-loginpage-render was found to contain malicious code. Source: ghsa-malware...

MAL-2026-77 Malicious code in polymarket-clob (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e650fcd9e5cec151122c4e59ee9f829a9f8f3afbc998be35354879cd24f5d8bf The package polymarket-clob was found to contain malicious code. Source: ghsa-malware c6f2692198b832546ebc0a47e287ea8e976cbbacae0f1963545cb4610ddd08b...

Malicious code in upgrade-mobile (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 50fddf8ed26118557ffdca771219746de0194477c83724370ef30b18d858b1d0 The package upgrade-mobile was found to contain malicious code. Source: ghsa-malware a26e290558ffe604a105aa63eb83a2f6aae1e8656e947908c9d29c3c3b7632db...

CVE-2025-15240

QOCA aim AI Medical Cloud Platform developed by Quanta Computer has an Arbitrary File Upload vulnerability, allowing authenticated remote attackers to upload and execute web shell backdoors, thereby enabling arbitrary code execution on the server...

CVE-2025-15239

QOCA aim AI Medical Cloud Platform developed by Quanta Computer has a SQL Injection vulnerability, allowing authenticated remote attackers to inject arbitrary SQL commands to read database contents...

CVE-2025-15237

QOCA aim AI Medical Cloud Platform developed by Quanta Computer has a Path Traversal vulnerability, allowing authenticated remote attackers to read folder names under the specified path by exploiting an Absolute Path Traversal vulnerability...

Malicious code in eslint-supertest (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 06b784b251ddb3666b203fa36b7e7cd4e9101ff8c468c9d32423a398f40a6689 The package eslint-supertest was found to contain malicious code. Source: ghsa-malware 01ffd1e84f1255f84c7876957e188eed9ab1dad03915006b9f463510c22590...

MAL-2026-62 Malicious code in oj-sp-common-strings (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f5466d410ace77d36cbf4ad77f4ff2bec3030d7b19266a78de448ef1517b2679 The package oj-sp-common-strings was found to contain malicious code. Source: ghsa-malware...