Linux Distros Unpatched Vulnerability : CVE-2026-54056

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Kitty is a cross-platform GPU based terminal. In versions 0.47.0 and 0.47.1, kitten dnd can allow a malicious remote drag-and-drop source to overwrite or trunca...

DEBIAN-CVE-2026-54056

Kitty is a cross-platform GPU based terminal. In versions 0.47.0 and 0.47.1, kitten dnd can allow a malicious remote drag-and-drop source to overwrite or truncate arbitrary files writable by the local kitty user. Remote text/uri-list drops are staged in a temporary directory, but on case-sensitiv...

CVE-2026-54056 Kitty has an arbitrary file overwrite via symlink following in `kitten dnd` remote drop staging

Kitty is a cross-platform GPU based terminal. In versions 0.47.0 and 0.47.1, kitten dnd can allow a malicious remote drag-and-drop source to overwrite or truncate arbitrary files writable by the local kitty user. Remote text/uri-list drops are staged in a temporary directory, but on case-sensitiv...

CVE-2026-54056 Kitty has an arbitrary file overwrite via symlink following in `kitten dnd` remote drop staging

Kitty is a cross-platform GPU based terminal. In versions 0.47.0 and 0.47.1, kitten dnd can allow a malicious remote drag-and-drop source to overwrite or truncate arbitrary files writable by the local kitty user. Remote text/uri-list drops are staged in a temporary directory, but on case-sensitiv...

CVE-2026-54056

Kitty (GPU-based terminal) vulnerability CVE-2026-54056 affects versions 0.47.0–0.47.1 where a remote drag-and-drop via kitten dnd staging can overwrite or truncate arbitrary files writable by the local user. The attack chains a staged remote text/uri-list, exploiting a race in staging where a st...

CVE-2026-54056

Kitty is a cross-platform GPU based terminal. In versions 0.47.0 and 0.47.1, kitten dnd can allow a malicious remote drag-and-drop source to overwrite or truncate arbitrary files writable by the local kitty user. Remote text/uri-list drops are staged in a temporary directory, but on case-sensitiv...

Malicious code in @antv/x6-plugin-dnd (npm)

Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...

@aidps/canvas-flow (>=1.0.0 <=1.0.1), @antv/x6-plugin-stencil (>=2.1.4 <=2.1.5) +104 more potentially affected by unknown CVE via @antv/x6-plugin-dnd (>=2.0.4 <=2.1.1)

@antv/x6-plugin-dnd NPM version =2.0.4, =1.0.0, =2.1.4, =2.0.1, =0.0.1, =0.0.2, =0.0.4, =0.7.0, =0.0.3, =2.0.4, =0.0.27, =0.0.3, =0.3.24 and more Source cves: unknown CVE Source advisory: SNYK:JS-ANTVX6PLUGINDND-16754385...

Malicious code in react-dnd-14 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3fa1ee45bae09f53b3ad9f05448438098f0561c4b694a22360be9d4fa4e86b3d The package react-dnd-14 was found to contain malicious code. Source: ossf-package-analysis...

MAL-2026-3196 Malicious code in react-dnd-14 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3fa1ee45bae09f53b3ad9f05448438098f0561c4b694a22360be9d4fa4e86b3d The package react-dnd-14 was found to contain malicious code. Source: ossf-package-analysis...

Malicious code in react-dnd-legacy-html5-backend (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d549162491e3ef2900daafc0bb49291caef1538d4406a75ec4b80e12ac18fc26 The package react-dnd-legacy-html5-backend was found to contain malicious code. Source: ghsa-malware...

Malicious Package

Overview react-dnd-legacy-html5-backend is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and thi...

MAL-2026-657 Malicious code in react-dnd-legacy-html5-backend (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d549162491e3ef2900daafc0bb49291caef1538d4406a75ec4b80e12ac18fc26 The package react-dnd-legacy-html5-backend was found to contain malicious code. Source: ghsa-malware...

CVE-2022-0595

The Drag and Drop Multiple File Upload WordPress plugin before 1.3.6.3 allows SVG files to be uploaded by default via the dndcodedropzupload AJAX action, which could lead to Stored Cross-Site Scripting issue...

Malicious Package

Overview react-dnd-html5-backend-14 is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...

MAL-2025-48394 Malicious code in react-dnd-html5-backend-14 (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware af5cd4573cfbc13b9582d1e56e4560f4e7582760f20173d068752a8d25b97c91 Any computer that has this package installed or running should be considered...

Malicious code in react-dnd-examples-hooks (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f27f948b94d42e5b3e647bbd7de8b0de5848226545b127edd6d08740ec8384aa Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2022-5639 Malicious code in react-dnd-examples-decorators (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b335bf9dc6443f555a9a3ebeeadd7bebecedee805e6bf3c7d0eb551895a34647 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in react-dnd-examples-decorators (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b335bf9dc6443f555a9a3ebeeadd7bebecedee805e6bf3c7d0eb551895a34647 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in cross.project.dnd (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware dff9d9c3f7ecfa58a798c74faa13cee022940ba6fa48a4aa293b870efe8de57c Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...