Malicious code in @antv/event-emitter (npm)

Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...

1byte-react-design (>=1.7.1 <=1.14.0), 1g6table (=0.1.0) +1587 more potentially affected by unknown CVE via @antv/event-emitter (=0.1.3)

@antv/event-emitter NPM version =0.1.3 is affected by a known vulnerability. The following packages have a transitive dependency on @antv/event-emitter and may be impacted: - 1byte-react-design =1.7.1, =1.1.0, =0.1.1, =0.1.1, =0.1.0, =0.0.2, =0.0.9, =0.1.2, =1.1.43, =0.9.1, =5.0.48, =1.0.1, =1.1....

MAL-2026-3879 Malicious code in @antv/event-emitter (npm)

Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...

Alibaba Cloud Linux 3 : 0073: perl-YAML-Syck (ALINUX3-SA-2026:0073)

The remote Alibaba Cloud Linux 3 host has a package installed that is affected by a vulnerability as referenced in the ALINUX3-SA-2026:0073 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2026-4177: YAML::Syck versions through 1.36 for...

MAL-2026-2914 Malicious code in modern-events (npm)

modern-events is a malicious npm package that when imported and using the function EventEmitter.emit... in file events.js exfiltrates local system information via telegram and slack and downloads a backdoor Win64/FaxedCook to C:/ProgramData/Policy/PublisherPolicy.tms. --- -= Per source details. D...

RLSA-2026:6470 Important: perl-YAML-Syck security update

This module provides a Perl interface to the libsyck data serialization library. It exports the Dump and Load functions for converting Perl data structures to YAML strings, and the other way around. Security Fixes: perl-YAML-Syck: YAML::Syck versions through 1.36 for Perl has several potential...

perl-YAML-Syck security update

An update is available for perl-YAML-Syck. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list This module provides a Perl interface to the libsyck data serializatio...

RockyLinux 8 : perl-YAML-Syck (RLSA-2026:6470)

The remote RockyLinux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2026:6470 advisory. perl-YAML-Syck: YAML::Syck versions through 1.36 for Perl has several potential security vulnerabilities including a high-severity heap buffer overflow in the YAM...

MiracleLinux 8 : perl-YAML-Syck-1.30-6.el8_10 (AXSA:2026-405:01)

The remote MiracleLinux 8 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2026-405:01 advisory. perl-YAML-Syck: YAML::Syck versions through 1.36 for Perl has several potential security vulnerabilities including a high-severity heap buffer overflow in the...

perl-YAML-Syck: YAML::Syck versions through 1.36 for Perl has several potential security vulnerabilities including a high-severity heap buffer overflow in the YAML emitter

Multiple security issues have been discovered in the perl YAML::Syck module. A heap overflow occurs when class names exceed the initial 512-byte allocation, a base64 decoder could read past the buffer end on trailing newlines. strtok mutated n-typeid in place, corrupting shared node data, and a...

Important: Red Hat Security Advisory: perl-YAML-Syck security update

An update for perl-YAML-Syck is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...

Fedora: Security Advisory (FEDORA-2026-3572f7e01c)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Updated perl-YAML-Syck packages fix security vulnerabilities

YAML::Syck versions through 1.36 for Perl has several potential security vulnerabilities including a high-severity heap buffer overflow in the YAML emitter. CVE-2026-4177...

CVE-2026-4177

YAML::Syck versions through 1.36 for Perl has several potential security vulnerabilities including a high-severity heap buffer overflow in the YAML emitter. The heap overflow occurs when class names exceed the initial 512-byte allocation. The base64 decoder could read past the buffer end on...

CVE-2026-4177 YAML::Syck versions through 1.36 for Perl has several potential security vulnerabilities including a high-severity heap buffer overflow in the YAML emitter

YAML::Syck versions through 1.36 for Perl has several potential security vulnerabilities including a high-severity heap buffer overflow in the YAML emitter. The heap overflow occurs when class names exceed the initial 512-byte allocation. The base64 decoder could read past the buffer end on...

YAML::Syck 安全漏洞

YAML::Syck is a Perl library open sourced by CPAN authors. Versions of YAML::Syck prior to 1.36 contained security vulnerabilities. These vulnerabilities were due to issues with the YAML emitter, such as heap buffer overflows, which could lead to memory corruption or information leaks...

CVE-2026-3392

FascinatedBox lily up to 2.3 is affected by CVE-2026-3392. The flaw lies in the eval_tree function of src/lily_emitter.c, where manipulation leads to a null pointer dereference. Exploitation is restricted to local execution, and a public exploit has been made available. The project was informed v...

CVE-2026-3392

A weakness has been identified in FascinatedBox lily up to 2.3. The affected element is the function evaltree of the file src/lilyemitter.c. This manipulation causes null pointer dereference. The attack is restricted to local execution. The exploit has been made available to the public and could ...

CVE-2026-3392 FascinatedBox lily lily_emitter.c eval_tree null pointer dereference

A weakness has been identified in FascinatedBox lily up to 2.3. The affected element is the function evaltree of the file src/lilyemitter.c. This manipulation causes null pointer dereference. The attack is restricted to local execution. The exploit has been made available to the public and could ...

CVE-2026-3391

CVE-2026-3391 affects FascinatedBox lily up to version 2.3. The vulnerability is in the function clear_storages in src/lily_emitter.c and results in an out-of-bounds read. Exploitation requires local access, and public proof-of-concept/exploit code exists. The issue was disclosed via an issue rep...