MAL-2026-4340 Malicious code in wm-plugin-open-teach-me-after-deployable-played (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 655533b31e25a157ee83f60bf9745992f585b321861539de7e40a9a7549dd38d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in flow-parser-oxidized (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 656e2f1d3b8c65b9726bb52918453404799c461b0db5ae89061e6b740aa4862d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in token-usage-tracker (npm)

Ten packages published by npm user asdxzxc at version 1.0.10 target developers working on AI and LLM tooling. Each package masquerades as a developer utility while executing a two-stage payload triggered via postinstall: package.json → lib/setup.js → lib/worker.js. Credential harvesting:...

MAL-2026-4282 Malicious code in prompt-engineering-toolkit (npm)

Ten packages published by npm user asdxzxc at version 1.0.10 target developers working on AI and LLM tooling. Each package masquerades as a developer utility while executing a two-stage payload triggered via postinstall: package.json → lib/setup.js → lib/worker.js. Credential harvesting:...

CVE-2026-41104

Deserialization of untrusted data in Microsoft Planetary Computer Pro allows an unauthorized attacker to disclose information over a network...

CVE-2026-41104

Microsoft Planetary Computer Pro is affected by a information-disclosure vulnerability due to deserialization of untrusted data. The issue permits network-based disclosure of information without authentication, with high impact on confidentiality, and requires no privileges. The CVSS 3.1 vector i...

CVE-2026-41104

Deserialization of untrusted data in Microsoft Planetary Computer Pro allows an unauthorized attacker to disclose information over a network...

EUVD-2026-31517

Deserialization of untrusted data in Microsoft Planetary Computer Pro allows an unauthorized attacker to disclose information over a network...

CVE-2026-41104 Microsoft Planetary Computer Pro Information Disclosure Vulnerability

...

CVE-2026-41104 Microsoft Planetary Computer Pro Information Disclosure Vulnerability

...

CVE-2026-25608

creationtimestamp| type| source ---|---|--- 2026-05-22 03:55:00+00:00| seen| https://cert.pl/en/posts/2026/05/CVE-2026-25606 2026-05-22 13:23:37+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mmgzrv4iaa2e...

Malicious code in pypi-build-verifier (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 43a9aa0e00091b0758de27e4e5708a572d91bcada3757f4ce7bc1a0b17cb2965 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2026-4245 Malicious code in pypi-build-verifier (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 43a9aa0e00091b0758de27e4e5708a572d91bcada3757f4ce7bc1a0b17cb2965 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Microsoft Planetary Computer Pro 代码问题漏洞

Microsoft Planetary Computer Pro is an enterprise-level geospatial data management and environmental analysis platform developed by Microsoft Corporation. There is a code vulnerability in Microsoft Planetary Computer Pro, which stems from deserializing unreliable data. This vulnerability could...

PT-2026-42847

Name of the Vulnerable Software and Affected Versions Microsoft Planetary Computer Pro affected versions not specified Description Deserialization of untrusted data allows an unauthorized attacker to disclose information over a network. Deserialization is the process of converting a data stream...

CVE-2026-41104

creationtimestamp| type| source ---|---|--- 2026-05-21 21:00:00+00:00| seen| https://www.govcert.gov.hk/en/alertsdetail.php?id=1886 2026-05-23 03:34:28+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mmijdcsc7g2r 2026-05-29 21:37:06+00:00| seen|...

MAL-2026-4225 Malicious code in tailwindcss-theme-custom (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 018631578c90dccfae7d22483708ce7ddd497f68e0d1f4cd03c862b47801b59d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2026-4224 Malicious code in json-spectaculation (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 5666b784c76bbb0ecb504b52a7e70d17bfe910ad374f223e53deca3b57021278 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Microsoft Planetary Computer Pro Information Disclosure Vulnerability

Deserialization of untrusted data in Microsoft Planetary Computer Pro allows an unauthorized attacker to disclose information over a network...

Malicious code in webservices.rest-utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5c9c78a4d0c87def69bbc5337e41a730e7ca6ae898426759915f053dc584581c package.json declares both preinstall and postinstall hooks that execute index.js, which exfiltrates installer data to a base64-encoded Cloudflare...