Malicious Package

Overview mcp-dashboards-shared is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

CVE-2026-48172

LiteSpeed User-End cPanel Plugin before 2.4.5 allows privilege escalation possibly to root, as exploited in the wild in May 2026. Detection is best done via a command line of grep -rE "cpaneljsonapifunc=redisAble" /var/cpanel/logs /usr/local/cpanel/logs/ 2/dev/null in Bash. If you get no output,...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: drm/vc4: Drop all currently held locks if a deadlock occurs. If vc4hdmiresetlink returns -EDEADLK, it means that a deadlock has occurred in the locking context. This issue should be addressed by dropping all currently held locks...

Malicious code in ethers-wallet-packages (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector beda1480a40189cc8177ace4e3d6fd9773ad81f4cbe5a6c07e3004427846dc8d The package impersonates the legitimate @ethersproject/wallet source files are otherwise verbatim copies, including the internal version string...

Malicious Package

Overview apple-coredata-internal-service is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and th...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: smb: client: fixed a use-after-free in smb2queryinfocompound The following UAF was triggered when running fstests generic/072 with KASAN enabled against Windows Server 2022 and mount options “multichannel, maxChannels=2,...

Astra Linux - уязвимость в linux-5.10, linux, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: Wifi: brcmfmac: A check on the count value of channel specifications is added to prevent out-of-bounds reads. This patch fixes out-of-bounds reads in brcmfconstructchaninfo and brcmfenablebw402g when the count value of channel...

EUVD-2026-26802

A vulnerability was detected in sgl-project SGLang up to 0.5.9. Impacted is the function gettokenizer of the file python/sglang/srt/utils/hftransformersutils.py of the component HuggingFace Transformer Handler. The manipulation results in deserialization. The attack can be executed remotely. A hi...

PT-2026-32285

A vulnerability was detected in code-projects Faculty Management System 1.0. Impacted is an unknown function of the file /subject-print.php. The manipulation of the argument ID results in sql injection. The attack may be launched remotely. The exploit is now public and may be used...

CVE-2026-6129 zhayujie chatgpt-on-wechat CowAgent Agent Mode Service missing authentication

A vulnerability was detected in zhayujie chatgpt-on-wechat CowAgent up to 2.0.4. This affects an unknown function of the component Agent Mode Service. Performing a manipulation results in missing authentication. The attack can be initiated remotely. The exploit is now public and may be used. The...

CVE-2026-5825

A vulnerability was detected in code-projects Simple Laundry System 1.0. This vulnerability affects unknown code of the file /delmemberinfo.php. Performing a manipulation of the argument userid results in cross site scripting. The attack can be initiated remotely. The exploit is now public and ma...

PT-2026-29327

Name of the Vulnerable Software and Affected Versions SourceCodester Leave Application System version 1.0 Description A file inclusion issue exists in SourceCodester Leave Application System. Exploitation involves manipulating the page argument, potentially allowing for remote code execution. The...

GHSA-MF92-479X-3373 vulnerabilities

Vulnerabilities for packages: jenkins, apache-nifi, apache-nifi-registry, thingsboard...

CVE-2026-23358 drm/amdgpu: Fix error handling in slot reset

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Fix error handling in slot reset If the device has not recovered after slot reset is called, it goes to out label for error handling. There it could make decision based on uninitialized hive pointer and could result i...

Malicious Package

Overview n8n-nodes-text-utils is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

MAL-2026-1317 Malicious code in @augmentor/experiences (npm)

Malware detected: Collects and exfiltrates sensitive data to a suspicious webhook via a preinstall script. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4067e28e3de3f031541a3e624d8d21dc75777b65b83ab8aa4fd09bfd52038968 The package @augmentor/experiences was fou...

MAL-2026-1259 Malicious code in pino-sdk-v2 (npm)

Malware detected: Exfiltrates .env file keys to Discord webhook. Impersonates legit pino package with modified malicious package/lib/tools.js. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 093fa98258b33a735216506ea119532a3cc24c92359028b4bb1955d0b712951a The...

Malicious Package

Overview asdasssd-hello-world is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

vantuz (>=3.3.2 <=3.3.7) potentially affected by unknown CVE via openclaw (=0.0.1)

openclaw NPM version =0.0.1 is affected by a known vulnerability. The following packages have a transitive dependency on openclaw and may be impacted: - vantuz =3.3.2, =3.3.7 Source cves: unknown CVE Source advisory: OSV:GHSA-8MF7-VV8W-HJR2...

`polymarket-clients-sdk` was removed from crates.io for malicious code

It appeared to be typosquatting existing crate polymarket-client-sdk clients vs client and attempting to steal credentials from local files. The malicious crate had 6 versions published on 2026-02-05 and had been downloaded only 59 times. There were no crates depending on this crate on crates.io...