287 matches found
Malicious code in atel-mcp-openclaw (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b1e4255e19fdb4f0352f184f35599be81651badab879e4f39d0f3bb4fda4a58e The package contains multiple structural fingerprints of an active credential-stealer / C2 implant. bin/install.js performs lifecycle-time HTTP POSTs...
Malicious code in authcascade (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8fece3d89e066c6c3452fda608e77747b7d4fa4cbbf6498fd41e5a5a765d57d9 On require'authcascade', the package's main entry pino.js loads lib/writer.js which a builds a data object containing the full process.env, OS...
MAL-2026-4491 Malicious code in authcascade (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8fece3d89e066c6c3452fda608e77747b7d4fa4cbbf6498fd41e5a5a765d57d9 On require'authcascade', the package's main entry pino.js loads lib/writer.js which a builds a data object containing the full process.env, OS...
Malicious code in wallet-agent-ai (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3bb49d047eeab68307095cf3a30ff0d42d745855890f181e4cb53dc2f6903e91 dist/agent.js contains a hardcoded Telegram Bot API endpoint https://api.telegram.org used in a fetch/POST call near references to process.env. The...
Malicious code in pewter-constantstest (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 050b19d8dad7c8c1a626c953493c23b375e434128f38950625f82b0fb244eabe On npm install, the preinstall script callback.js collects the installer's hostname, OS username, current working directory, npm registry...
SUSE CVE-2026-43618
Rsync version 3.4.2 and prior contain an integer overflow vulnerability in the compressed-token decoder where a 32-bit signed counter is not checked for overflow, allowing a malicious sender to trigger an overflow that causes the receiver process to read and return data from outside the intended...
Important: Red Hat Security Advisory: A Subscription Management tool for finding and reporting Red Hat product usage
A Subscription Management tool for finding and reporting Red Hat product usage Red Hat Discovery, also known as Discovery, is an inspection and reporting tool that finds, identifies, and reports environment data, or facts, such as the number of physical and virtual systems on a network, their...
Malicious code in @kyungseopk1m/holidays-kr (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f8538f74ec98ab5287a941ebac99e8624ba40d809edbc5b033da1150254d8215 On import/use, dist/cjs/index.js and dist/mjs/index.js call fetch against the hardcoded endpoint https://kdata.kxxseop.workers.dev with data sourced...
Malicious code in zest-product (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c9081ad708b658c1bd56299e401ca6a764cc9137d99573bc922d38a7381cc30d On npm install, postinstall.js collects host identity and environment data os.hostname, username, process.cwd, process.env values, plus shelled-out...
MAL-2026-4738 Malicious code in zest-product (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c9081ad708b658c1bd56299e401ca6a764cc9137d99573bc922d38a7381cc30d On npm install, postinstall.js collects host identity and environment data os.hostname, username, process.cwd, process.env values, plus shelled-out...
Malicious code in @kedem/okdb (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cfce9a94c70e54caff77645f380418abda1bb1a38ad9cda61f6fbeaa482e2fed The package's CLI entry point at bin/okdb.js is a heavily obfuscated single-line bundle hex-mangled symbols like 0x2a69e2/0x5d02f6 that constructs HT...
MAL-2026-4399 Malicious code in @kedem/okdb (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cfce9a94c70e54caff77645f380418abda1bb1a38ad9cda61f6fbeaa482e2fed The package's CLI entry point at bin/okdb.js is a heavily obfuscated single-line bundle hex-mangled symbols like 0x2a69e2/0x5d02f6 that constructs HT...
Malicious code in @gad360/apothem (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4f5e509ba6aa2f781391f03ff37ea8005440c1d1106391bdfa91abae06336ad3 The package's package.json declares a postinstall hook "postinstall": "node install.js" that runs install.js automatically on npm install. install.js...
Malicious code in @semacode/cli (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 28a3662b8e26593b7bfec35d4d4f02595144885ee738891c4c9e6a89f9e50fbb The bundled CLI dist/index.js contains a hardcoded outbound POST to https://sema.otimitare.online combined with reads of process.env and...
MAL-2026-4434 Malicious code in @semacode/cli (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 28a3662b8e26593b7bfec35d4d4f02595144885ee738891c4c9e6a89f9e50fbb The bundled CLI dist/index.js contains a hardcoded outbound POST to https://sema.otimitare.online combined with reads of process.env and...
Malicious code in use-context-selector-tony (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6dde262b1fecc08fe5853c4ec7ada6c3c3746a6e7afb5bd18c33d5adfa03843c This package is a name-squat of the popular use-context-selector library and ships a postinstall script dist/postinstall.js / src/postinstall.js that...
Malicious code in promptbook-cli (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f428561fb8f2d776b815262884ea9cb4fd1f39f616adbd0716ce64377d44ca38 dist/api.js contains a hardcoded outbound fetch to https://promts.newtechcompany.ru that carries data derived from process.env. The destination is an...
MAL-2026-4648 Malicious code in promptbook-cli (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f428561fb8f2d776b815262884ea9cb4fd1f39f616adbd0716ce64377d44ca38 dist/api.js contains a hardcoded outbound fetch to https://promts.newtechcompany.ru that carries data derived from process.env. The destination is an...
Malicious code in promptbook-mcp (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1223e123a8bd5b550647d800b438b2c5a78f3e10c9d1ab7a6a7cdbd8be465b90 dist/api.js contains a hardcoded URL https://promts.newtechcompany.ru referenced alongside process.env reads and a fetch call at line 44. The package...
MAL-2026-4649 Malicious code in promptbook-mcp (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1223e123a8bd5b550647d800b438b2c5a78f3e10c9d1ab7a6a7cdbd8be465b90 dist/api.js contains a hardcoded URL https://promts.newtechcompany.ru referenced alongside process.env reads and a fetch call at line 44. The package...