Malicious code in twilio-video.js (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e9e3803147d3c0bc502c876bc9a0c17ab6abb0f35cef279419245d46843a57ee The package twilio-video.js was found to contain malicious code. Source: ghsa-malware cc5348f21258b1a1e011513da698c5544555a2b78063b41540c04c9b0b0bc58...

Malicious code in trade-in-lib (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 282ed834f41ff1362de41082e4502858b54128699bb58026d73f704aafa71035 The package trade-in-lib was found to contain malicious code. Source: ghsa-malware 927f61fc76a553ba10121fbae7bc4961b0d67d52ab41498d9b0b232a4c2362f7 A...

Malicious code in ih-icon (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 29e7f19afb6ffd57012c61c6bef2ce8ad4238f192cac0679e216684a37ec672e The package ih-icon was found to contain malicious code. Source: ghsa-malware c7182707ae8272b3af4376c3dfec66a3b574b8c86217bf3b7c705d94dfb84b63 Any...

MAL-2026-2607 Malicious code in stats-api-js-client (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a84f9d7eef71d2b99a244ec63f5144ad80a0084e6c20fc903a1bbce208ad9777 The package stats-api-js-client was found to contain malicious code. Source: ghsa-malware...

Malicious code in @b2b-portal/core (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a28e67919e3dfef2a8a434caec109791355b6f43d434d22bd9515f348a692c5e The package @b2b-portal/core was found to contain malicious code. Source: ghsa-malware 7a10dd57d5e27c26f36c8207faa6449838827281be33c9ecc99e025cfdea19...

Malicious code in seaport-core-16 (npm)

Package exfiltrates user info to a remote server via wget in test, preinstall, and preupdate scripts. Very few published versions. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector be2cd9e6e61b20566214a0627d5923ec7cbe799e9757d25fd883f46616e5b58b The package...

CVE-2026-36946

Sourcecodester Computer and Mobile Repair Shop Management System v1.0 is vulnerable to SQL injection in the file /rsms/admin/inquiries/viewdetails.php...

CVE-2026-36943

Sourcecodester Computer and Mobile Repair Shop Management System v1.0 is vulnerable to SQL injection in the file /rsms/admin/repairs/managerepair.php...

CVE-2026-36947

Sourcecodester Computer and Mobile Repair Shop Management System v1.0 is vulnerable to SQL Injection in the file /rsms/admin/services/viewservice.php...

MAL-2026-2615 Malicious code in upstartadmindashboard- (npm)

The package is a malware. It exfiltrates system info to a hardcoded domain, collects sensitive data, and executes suspicious commands. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e0760e39fa3fc4d272de9fb78decddc3a25ae673efe12e9bff4e8d9f28ee5c55 The package...

Malicious code in upstart-lending-status (npm)

Package is malware. It steals credentials, collects system info, and exfiltrates data to a remote server via postinstall script. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 627a2802a53ad7eb751fcac4b0a43245c6b0bf9e667db77051758b24d8bc4d96 The package...

MAL-2026-2612 Malicious code in upstart-loan-status (npm)

Malicious package with postinstall script exfiltrating sensitive system data to a remote server. Multiple YARA rules and LLM analysis confirm. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2e7850b2e1fe8a8eeebd2a8593220743deeacbed610ada8e460fcd15bc51c732 The...

MAL-2026-2653 Malicious code in pinlogger (npm)

The package is a malware due to system info exfiltration via DNS/HTTPS to OAST domains and arbitrary code execution during preinstall. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5e78bb72f47ecca78511d87a17bea5f38fb4897dbc117433dfd7667cd97a51d0 The package...

MINI-PC59-389V-CG3W

Bulletin has no description...

EUVD-2026-20767

Hayabusa versions prior to 3.8.0 contain a cross-site scripting XSS vulnerability in its HTML report output that allows an attacker to execute arbitrary JavaScript when a user scans JSON-exported logs containing malicious content in the Computer field. An attacker can inject JavaScript into the...

CVE-2026-40028

Hayabusa versions prior to 3.8.0 contain a cross-site scripting XSS vulnerability in its HTML report output that allows an attacker to execute arbitrary JavaScript when a user scans JSON-exported logs containing malicious content in the Computer field. An attacker can inject JavaScript into the...

CVE-2026-40028

Hayabusa versions prior to 3.8.0 contain a cross-site scripting XSS vulnerability in its HTML report output that allows an attacker to execute arbitrary JavaScript when a user scans JSON-exported logs containing malicious content in the Computer field. An attacker can inject JavaScript into the...

CVE-2026-40028 Hayabusa < 3.8.0 XSS via JSON Log Import

Hayabusa versions prior to 3.8.0 contain a cross-site scripting XSS vulnerability in its HTML report output that allows an attacker to execute arbitrary JavaScript when a user scans JSON-exported logs containing malicious content in the Computer field. An attacker can inject JavaScript into the...

CVE-2026-40028

Hayabusa versions prior to 3.8.0 contain a cross-site scripting (XSS) vulnerability in the HTML report output. An attacker can inject JavaScript into the Computer field of JSON-exported logs, which executes in the forensic examiner’s browser when viewing the generated HTML report, potentially lea...

MAL-2026-2516 Malicious code in sentinel-tool (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 5a2ff07802c4546c40d47d3780971506115297a1e8c177be36ad1e003dd62937 The package installs a remote executable that uses a hardcoded Telegram channel for monitoring the user's activity, including regularly taking screenshots, and...