RHEL 8 : pcs (RHSA-2026:8093)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:8093 advisory. The pcs packages provide a command-line configuration system for the Pacemaker and Corosync utilities. Security Fixes: tornado-python: Tornado: Denia...

Malicious Package

Overview @rexorg/config is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

EUVD-2025-115796

Malicious code in callback-request-server-node-config npm...

EUVD-2025-121982

Malicious code in sirius-config-npm-restart npm...

EUVD-2025-113539

Malicious code in forever-proxima-node-config-leda npm...

Malicious code in @zalastax/nolb-eslint-config-g (npm)

The package @zalastax/nolb-eslint-config-g was found to contain malicious code...

Malicious code in @zalastax/nolb-eslint-config-n (npm)

The package @zalastax/nolb-eslint-config-n was found to contain malicious code...

MAL-2025-9099 Malicious code in @marketing-tech/eslint-config (npm)

The package @marketing-tech/eslint-config was found to contain malicious code...

MAL-2025-7944 Malicious code in @frozen-team/eslint-config-qa (npm)

The package @frozen-team/eslint-config-qa was found to contain malicious code...

Malicious code in @fhnw/angular-app-configuration (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 48cd6f8295f6741b9e52645ffbbb0792c303dc53b7371dbd456a13ea90d952a5 The OpenSSF Package Analysis project identified '@fhnw/angular-app-configuration' @ 1.0.4 npm as malicious. It is considered malicious because: ...

Malicious code in localization-configuration (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 825c642696ea5f30780f48b909d4ab3e393a8e64c037249e775b138a1d2ac838 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

The vulnerability of the I/O Trace Tool (formerly NI-Spy) detection and analysis utility for applications within the System Configuration package allows a hacker to execute arbitrary code by causing an operation to go beyond the buffer boundaries in memory.

The vulnerability of the I/O Trace Tool formerly NI-Spy detection and analysis utility in the System Configuration package is related to the execution of operations outside of the buffer in memory. Exploiting this vulnerability could allow a attacker to execute arbitrary code using a specially...

CVE-2021-22646 Ovarro TBox Code Injection

The “ipk” package containing the configuration created by TWinSoft can be uploaded, extracted, and executed in Ovarro TBox, allowing malicious code execution...

Confinit Input Validation Error Vulnerability

confinit is an application configuration package for Node.Js. Confinit is vulnerable to an input validation error. The vulnerability stems from a network system or product that does not properly validate input data. Detailed vulnerability details are not available at this time...

SD-WAN ERROR: Registry versions are not compatible so the Virtual WAN service cannot run. You must manually update the configuration

Unable to install a configuration package on a brand new branch appliance. Configuration package was created running version 9.3.3 Branch appliance is running version 9.1.1 from factory When installing the configuration package on the branch via LCM Local Change Management, the new configuration ...