MAL-2026-4310 Malicious code in explorhub-ai-agent (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 6608fa84304d8e7344518aab88e30f2b2a95aff43b2adbb664126857a14c5b45 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in mobile-international (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 543efd73c4d2860379f7e412db8f3ddb33401c3788a2a18f5ec0648e33b51a33 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2026-4343 Malicious code in wnba-parent (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 61f696f0e2dd839f3a95ac5bfd9e38dd4b3910253ae2d56e79fe088a08519db1 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2026-4340 Malicious code in wm-plugin-open-teach-me-after-deployable-played (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 655533b31e25a157ee83f60bf9745992f585b321861539de7e40a9a7549dd38d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in flow-parser-oxidized (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 656e2f1d3b8c65b9726bb52918453404799c461b0db5ae89061e6b740aa4862d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in token-usage-tracker (npm)

Ten packages published by npm user asdxzxc at version 1.0.10 target developers working on AI and LLM tooling. Each package masquerades as a developer utility while executing a two-stage payload triggered via postinstall: package.json → lib/setup.js → lib/worker.js. Credential harvesting:...

MAL-2026-4282 Malicious code in prompt-engineering-toolkit (npm)

Ten packages published by npm user asdxzxc at version 1.0.10 target developers working on AI and LLM tooling. Each package masquerades as a developer utility while executing a two-stage payload triggered via postinstall: package.json → lib/setup.js → lib/worker.js. Credential harvesting:...

CVE-2026-41104

Deserialization of untrusted data in Microsoft Planetary Computer Pro allows an unauthorized attacker to disclose information over a network...

CVE-2026-41104

Microsoft Planetary Computer Pro is affected by a information-disclosure vulnerability due to deserialization of untrusted data. The issue permits network-based disclosure of information without authentication, with high impact on confidentiality, and requires no privileges. The CVSS 3.1 vector i...

CVE-2026-41104

Deserialization of untrusted data in Microsoft Planetary Computer Pro allows an unauthorized attacker to disclose information over a network...

EUVD-2026-31517

Deserialization of untrusted data in Microsoft Planetary Computer Pro allows an unauthorized attacker to disclose information over a network...

CVE-2026-41104 Microsoft Planetary Computer Pro Information Disclosure Vulnerability

...

CVE-2026-41104 Microsoft Planetary Computer Pro Information Disclosure Vulnerability

...

CVE-2026-25608

creationtimestamp| type| source ---|---|--- 2026-05-22 03:55:00+00:00| seen| https://cert.pl/en/posts/2026/05/CVE-2026-25606 2026-05-22 13:23:37+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mmgzrv4iaa2e...

Malicious code in pypi-build-verifier (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 43a9aa0e00091b0758de27e4e5708a572d91bcada3757f4ce7bc1a0b17cb2965 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2026-4245 Malicious code in pypi-build-verifier (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 43a9aa0e00091b0758de27e4e5708a572d91bcada3757f4ce7bc1a0b17cb2965 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Microsoft Planetary Computer Pro 代码问题漏洞

Microsoft Planetary Computer Pro is an enterprise-level geospatial data management and environmental analysis platform developed by Microsoft Corporation. There is a code vulnerability in Microsoft Planetary Computer Pro, which stems from deserializing unreliable data. This vulnerability could...

PT-2026-42847

Name of the Vulnerable Software and Affected Versions Microsoft Planetary Computer Pro affected versions not specified Description Deserialization of untrusted data allows an unauthorized attacker to disclose information over a network. Deserialization is the process of converting a data stream...

CVE-2026-41104

creationtimestamp| type| source ---|---|--- 2026-05-21 21:00:00+00:00| seen| https://www.govcert.gov.hk/en/alertsdetail.php?id=1886 2026-05-23 03:34:28+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mmijdcsc7g2r 2026-05-29 21:37:06+00:00| seen|...

MAL-2026-4225 Malicious code in tailwindcss-theme-custom (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 018631578c90dccfae7d22483708ce7ddd497f68e0d1f4cd03c862b47801b59d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...