16030 matches found
Malicious code in @t-in-one/add_application_service_token (npm)
Wave 2 of a dependency confusion attack campaign C2: oob.moika.tech targeting internal npm scopes. The attacker npm user t-in-one, email [email protected] published packages at inflated versions that resolve ahead of private registry versions via npm's default version resolution. The campaign...
MAL-2026-5043 Malicious code in @t-in-one/prefill_transformers_data_token (npm)
Wave 2 of a dependency confusion attack campaign C2: oob.moika.tech targeting internal npm scopes. The attacker npm user t-in-one, email [email protected] published packages at inflated versions that resolve ahead of private registry versions via npm's default version resolution. The campaign...
MAL-2026-5040 Malicious code in @t-in-one/only_difference_payload (npm)
Wave 2 of a dependency confusion attack campaign C2: oob.moika.tech targeting internal npm scopes. The attacker npm user t-in-one, email [email protected] published packages at inflated versions that resolve ahead of private registry versions via npm's default version resolution. The campaign...
MAL-2026-5045 Malicious code in @t-in-one/safe_local_storage_token (npm)
Wave 2 of a dependency confusion attack campaign C2: oob.moika.tech targeting internal npm scopes. The attacker npm user t-in-one, email [email protected] published packages at inflated versions that resolve ahead of private registry versions via npm's default version resolution. The campaign...
MAL-2026-5046 Malicious code in @t-in-one/send_add_application (npm)
Wave 2 of a dependency confusion attack campaign C2: oob.moika.tech targeting internal npm scopes. The attacker npm user t-in-one, email [email protected] published packages at inflated versions that resolve ahead of private registry versions via npm's default version resolution. The campaign...
MAL-2026-5044 Malicious code in @t-in-one/restore_application_hid_from_storage (npm)
Wave 2 of a dependency confusion attack campaign C2: oob.moika.tech targeting internal npm scopes. The attacker npm user t-in-one, email [email protected] published packages at inflated versions that resolve ahead of private registry versions via npm's default version resolution. The campaign...
MAL-2026-5035 Malicious code in @t-in-one/add_application_service_token (npm)
Wave 2 of a dependency confusion attack campaign C2: oob.moika.tech targeting internal npm scopes. The attacker npm user t-in-one, email [email protected] published packages at inflated versions that resolve ahead of private registry versions via npm's default version resolution. The campaign...
MAL-2026-5038 Malicious code in @t-in-one/form_product_token (npm)
Wave 2 of a dependency confusion attack campaign C2: oob.moika.tech targeting internal npm scopes. The attacker npm user t-in-one, email [email protected] published packages at inflated versions that resolve ahead of private registry versions via npm's default version resolution. The campaign...
aiidalab (>=22.6.0 <=26.5.2), aiidalab-chemshell (>=0.0.1 <=0.1.1) +137 more potentially affected by CVE-2026-42563 via dulwich (>=0.24.1 <=1.0.0)
dulwich PYPI version =0.24.1, =22.6.0, =0.0.1, =0.1.0, =1.3.4, =0.12.0, =0.1.0, =0.2.0, =0.2.0, =0.2.1, =0.2.1, =0.1.0, =0.1.6 - artificial-detection =0.1.0 - attp =0.1.0a0 and more Source cves: CVE-2026-42563 Source advisory: OSV:GHSA-9277-MP7X-85JF...
aiidalab (>=22.6.0 <=26.5.2), aiidalab-chemshell (>=0.0.1 <=0.1.1) +137 more potentially affected by CVE-2026-42563 via dulwich (>=0.24.1 <=1.0.0)
dulwich PYPI version =0.24.1, =22.6.0, =0.0.1, =0.1.0, =1.3.4, =0.12.0, =0.1.0, =0.2.0, =0.2.0, =0.2.1, =0.2.1, =0.1.0, =0.1.6 - artificial-detection =0.1.0 - attp =0.1.0a0 and more Source cves: CVE-2026-42563 Source advisory: SNYK:PYTHON-DULWICH-17054926...
raiden (>=0.100.2 <=0.100.3rc1) potentially affected by CVE-2026-45078 via matrix-synapse (=0.33.9)
matrix-synapse PYPI version =0.33.9 is affected by a known vulnerability. The following packages have a transitive dependency on matrix-synapse and may be impacted: - raiden =0.100.2, =0.100.3rc1 Source cves: CVE-2026-45078 Source advisory: OSV:PYSEC-2026-191...
raiden (>=0.100.2 <=0.100.3rc1) potentially affected by CVE-2026-45076 via matrix-synapse (=0.33.9)
matrix-synapse PYPI version =0.33.9 is affected by a known vulnerability. The following packages have a transitive dependency on matrix-synapse and may be impacted: - raiden =0.100.2, =0.100.3rc1 Source cves: CVE-2026-45076 Source advisory: OSV:PYSEC-2026-194...
bsign-ui (>=0.0.3 <=0.0.5), gc-nimbus-ui (>=3.0.0 <=3.0.12) potentially affected by CVE-2026-47759 via tinymce (>=8.0.2 <=8.2.2)
tinymce NPM version =8.0.2, =0.0.3, =3.0.0, =3.0.12 Source cves: CVE-2026-47759 Source advisory: SNYK:JS-TINYMCE-17056166...
@ifanrx/dashboard (>=0.1.1 <=1.3.0-alpha-20240730001), @ithinkdt/editor (>=3.4.11 <=3.5.0) +6 more potentially affected by CVE-2026-47761 via tinymce (>=7.0.1 <=7.5.1)
tinymce NPM version =7.0.1, =0.1.1, =3.4.11, =3.0.7, =3.0.0, =4.0.0, =0.2.10, =0.2.19 Source cves: CVE-2026-47761 Source advisory: SNYK:JS-TINYMCE-17056137...
io.github.ezadmin126:ezadmin-common (>=3.0.0 <=3.1.1), io.github.ezadmin126:ezadmin-core (>=2.9.12 <=2.11.5) +6 more potentially affected by CVE-2026-47761 via org.webjars.npm:tinymce (>=5.10.7 <=6.8.6)
org.webjars.npm:tinymce MAVEN version =5.10.7, =3.0.0, =2.9.12, =3.0.3, =3.0.0, =5.1.0, =10.0.0, =1.0.2, =2.9.7, =2.9.9 Source cves: CVE-2026-47761 Source advisory: SNYK:JAVA-ORGWEBJARSNPM-17056140...
@ifanrx/dashboard (>=0.1.1 <=1.3.0-alpha-20240730001), @ithinkdt/editor (>=3.4.11 <=3.5.0) +6 more potentially affected by CVE-2026-47762 via tinymce (>=7.0.1 <=7.5.1)
tinymce NPM version =7.0.1, =0.1.1, =3.4.11, =3.0.7, =3.0.0, =4.0.0, =0.2.10, =0.2.19 Source cves: CVE-2026-47762 Source advisory: SNYK:JS-TINYMCE-17056141...
io.github.ezadmin126:ezadmin-common (>=3.0.0 <=3.1.1), io.github.ezadmin126:ezadmin-core (>=2.9.12 <=2.11.5) +6 more potentially affected by CVE-2026-47762 via org.webjars.npm:tinymce (>=5.10.7 <=6.8.6)
org.webjars.npm:tinymce MAVEN version =5.10.7, =3.0.0, =2.9.12, =3.0.3, =3.0.0, =5.1.0, =10.0.0, =1.0.2, =2.9.7, =2.9.9 Source cves: CVE-2026-47762 Source advisory: SNYK:JAVA-ORGWEBJARSNPM-17056144...
5mghost-rover (>=0.0.1 <=0.0.3), ace-framework (>=0.6.0 <=0.7.3) +94 more potentially affected by CVE-2026-48735 via pypdf (>=6.0.0 <=6.11.0)
pypdf PYPI version =6.0.0, =0.0.1, =0.6.0, =0.1.0, =0.0.2, =0.1.0, =0.0.24, =1.45.0, =0.1.2, =0.0.1.dev0, =0.0.1, =0.0.2, =0.0.5 - autopattern =0.2.0 and more Source cves: CVE-2026-48735 Source advisory: SNYK:PYTHON-PYPDF-17054918...
360solutions-bc-mcp (>=0.5.3 <=0.5.6), 3di-cmd-client (>=0.0.1a0 <=0.0.3) +1507 more potentially affected by CVE-2026-48522 via pyjwt (>=0.2.1 <=2.12.1)
pyjwt PYPI version =0.2.1, =0.5.3, =0.0.1a0, =0.1.1, =1.0.0, =2.0.0, =1.1.1, =0.8.44.4, =0.1.0, =0.1.1, =0.1.1, =0.1.5 - affo-user-service =1.0.4 and more Source cves: CVE-2026-48522 Source advisory: OSV:PYSEC-2026-175...
org.apache.artemis:apache-artemis (>=2.50.0 <=2.53.0), org.apache.artemis:artemis-features (>=2.50.0 <=2.53.0) +1 more potentially affected by CVE-2026-40914 via org.apache.artemis:artemis-stomp-protocol (>=2.50.0 <=2.53.0)
org.apache.artemis:artemis-stomp-protocol MAVEN version =2.50.0, =2.50.0, =2.50.0, =2.50.0, =2.53.0 Source cves: CVE-2026-40914 Source advisory: SNYK:JAVA-ORGAPACHEARTEMIS-17116516...