MAL-2026-6509 Malicious code in @merceas/anchor (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 86a51319de26245ad91c68a6a6d0713454112443e55f466711e79eb1a23a45b8 Package is published as @merceas/anchor but its README, homepage https://github.com/coral-xyz/anchorreadme, repository, and source are a verbatim cop...

Malicious code in @merceas/anchor (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 86a51319de26245ad91c68a6a6d0713454112443e55f466711e79eb1a23a45b8 Package is published as @merceas/anchor but its README, homepage https://github.com/coral-xyz/anchorreadme, repository, and source are a verbatim cop...

Malicious code in react-context-form-tdsss (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7a53e75a65681ee9ea818634ddee1ed52c6c8398dbd68e2b6abca255b24aaf37 [email protected] is a dependency-confusion payload. package.json declares scripts.preinstall="node index.js", and index.js issues an...

MAL-2026-6512 Malicious code in react-context-form-tdsss (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7a53e75a65681ee9ea818634ddee1ed52c6c8398dbd68e2b6abca255b24aaf37 [email protected] is a dependency-confusion payload. package.json declares scripts.preinstall="node index.js", and index.js issues an...

ExpressUpdate Agent for Windows improper access restriction on its named pipe

Overview ExpressUpdate Agent for Windows provided by NEC Corporation is the software module for NEC server products, to support remote management of installed software. ExpressUpdate Agent for Windows configures its named pipe with an improper access restriction. Exposed IOCTL with Insufficient...

Malicious Package

Overview vxui-react is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...

Malicious code in tw-style-utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 0af16d76f3fa788874c372ddcf606db1ee997f80329274dca8049e9638221318 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2026-6508 Malicious code in tw-style-utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 0af16d76f3fa788874c372ddcf606db1ee997f80329274dca8049e9638221318 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious Package

Overview tw-style-utils is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

CVE-2026-8797

An access control deficiency vulnerability exists in ExpressUpdate Agent for Windows. If a malicious user gains access to the product, arbitrary code could be executed with SYSTEM privileges...

Malicious code in pino-zod (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware d57b4e49a62a8ca174c6c14820e5b101d042e3aea94438df19f9b12286a7cf30 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in pump-stream-logger (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 75034d3c53f657ffc5e0f43c2624e56ae27b9f21c52c17e7d46546223839787c Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in pump-laserstream-parser (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 6fb903c9973dccd215784f31fb196f88a80e863d1de9e3555c1c1ba2b2af09d8 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2026-6505 Malicious code in pino-zod (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware d57b4e49a62a8ca174c6c14820e5b101d042e3aea94438df19f9b12286a7cf30 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2026-6507 Malicious code in pump-stream-logger (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 75034d3c53f657ffc5e0f43c2624e56ae27b9f21c52c17e7d46546223839787c Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2026-6506 Malicious code in pump-laserstream-parser (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 6fb903c9973dccd215784f31fb196f88a80e863d1de9e3555c1c1ba2b2af09d8 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious Package

Overview pump-laserstream-parser is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this packa...

Malicious Package

Overview pino-zod is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...

Malicious Package

Overview zod-pino is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...

Malicious Package

Overview pump-stream-logger is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...