150702 matches found
Astra Linux – Vulnerability in ffmpeg
There is a heap-based Buffer Overflow vulnerability in FFmpeg 4.2, located in libavfilter/vfcolorconstancy.c, specifically in the slicegetderivative function within fadegetderivative. This vulnerability may lead to memory corruption and other potential issues...
CVE-2026-47223
NanaZip is the 7-Zip derivative intended for the modern Windows experience. From version 3.0.1000.0 to before version 6.0.1698.0, a heap out-of-bounds read exists in the Android Verified Boot AVB vbmeta image parser in NanaZip via the upstream 7-Zip AvbHandler. A 32-bit unsigned integer overflow ...
ca.islandora.alpaca:islandora-alpaca-app (>=2.0.0 <=2.2.0), ca.islandora.alpaca:islandora-connector-derivative (>=2.0.0 <=2.2.0) +82 more potentially affected by CVE-2026-40860 via org.apache.camel:camel-jms (>=3.0.0-M1 <=4.14.6)
org.apache.camel:camel-jms MAVEN version =3.0.0-M1, =2.0.0, =2.0.0, =2.0.0, =2.0.0, =2.0.0, =3.0.0, =0.46, =0.3, =0.5, =0.1, =0.1, =1.0, =4.3.7.hyte-4307a, =4.3.7.hyte-4307a, =hyte-mq-4.3.7.hyte-43072 and more Source cves: CVE-2026-40860 Source advisory: SNYK:JAVA-ORGAPACHECAMEL-16321536...
@conglomerate/weaver (>=2.1.1 <=2.6.1), @derivative/derive (>=0.1.0 <=0.1.1) +10 more potentially affected by CVE-2025-69263 via pnpm (>=0.21.0 <=10.18.3)
pnpm NPM version =0.21.0, =2.1.1, =0.1.0, =0.1.0, =3.7.16, =2.3.0, =0.1.0, =0.2.7, =1.0.4, =1.0.7 Source cves: CVE-2025-69263 Source advisory: OSV:GHSA-7VHP-VF5G-R2FW...
Malicious code in webdriver-manager-parcel-innercore-redgiant (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b2f785d53eb57cf7662b6f998c6b059fc8dab31a64d5eb9fe8f614df352667b8 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in callback-xanthus-astrochemistry-quantum-computing (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2e74905ae15aeed1f45edc675826a313007486a970d1f7ff6229b2fcc6ec21d4 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in janus-robotics-optimize-css-assets-webpack-plugin-jovian (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0793378417a72050f4ae70f826a2da21befcf17f43ea0e8d0157e0268e5eedfe This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in nova-quantum-protractor-commitlint (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 42b35d5356afc081638f9e5562655901df31ef1d90eb6c13779454805d9ab8f3 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in less-pavo-restart-start (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 66a129e765e40e8dce28ab9e4ec2c9ad3d9c0771c06a7bc9dbd4186cb47a879e This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in tachyon-mesosphere-spinner-pm2 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c0199d4ad6da5ed57f1010cac95dc16558ece4d84ae6e6c6fb857dc52e6c6370 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in gemini-gravity-xanadu-css-minimizer-webpack-plugin (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2ef8b0e335c02e9e3202c8e0195d3bfd55501baef7ef0af424b6b5b8eb2310c7 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in rocket-fomalhaut-sirius-kronos (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 344f2bc058eebc6954eb5e9126619426a4e49a9670f2df757ea7590314e6af3f This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in fork-crust-filament-kardashevscale (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector eacd2de681ec1c3e693bda71b1a50f3636b7bfc63e53f158913c115b5c5e658e This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in webdriverio-vuetify-antares-wezen (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ec458e52a9b2de78104cd2be4d4519b5b8c449a2cbcc9ea5ba651143ee5dc1e4 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in webdriver-mocha-nightwatch-cosmiconfig-despina (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector de3cfc3b8c341c20b4e8af0757b87d8eb021f0af5c7c338267d8024659a8cd03 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in taurus-mutation-izar-node-sass (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c256602c1f7c8b93be5ed695597c57a40839d4299f5b8b8cbe4a4f17d74ed56c This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in lint-less-loader-jekyll-virgo (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 94f459bf148cb91c899d7aac0403072e50f2ba7547640fe1ac3cebbc1d9607e8 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in native-rate-limiter-uninstall-regulus (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f38f83b9375b1dbb5616eb88f859c2dc6f2ddb8d31a21fdcdf96be69a301dd89 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in webdriver-manager-deneb-nconf-outercore (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d5856dc3105bafd0bd895c339e371e97000f404e871ca844f86c47c579ae39d6 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in transform-robotics-filament-orbit (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 65dfde16dd768ac14d658dcc5d9aefd9d6e5e79e6df9a61fe8202c0c895d6480 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...