Malicious code in hydanlabs (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 92288b41a62d25886b2aafe73ced1054249d215d131bb4d7e5e2353e1f1a3b5f The CLI hardcodes its LLM backend to a bare-IP, plain-HTTP endpoint http://151.244.40.74:4000 controlled by the package author. Every request POSTs a...

MAL-2026-6511 Malicious code in hydanlabs (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 92288b41a62d25886b2aafe73ced1054249d215d131bb4d7e5e2353e1f1a3b5f The CLI hardcodes its LLM backend to a bare-IP, plain-HTTP endpoint http://151.244.40.74:4000 controlled by the package author. Every request POSTs a...

[SECURITY] [DLA 4649-1] libdbi-perl security update

Debian LTS Advisory DLA-4649-1 [email protected] https://www.debian.org/lts/security/ Guilhem Moulin June 26, 2026 https://wiki.debian.org/LTS Package : libdbi-perl Version : 1.643-3+deb11u1 CVE ID : CVE-2026-9698 CVE-2026-10879 Two vulnerabilities were discovered in libdbi-perl, the Pe...

Malicious code in openblox (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cdd874a78973f84b5373fc03a48472c338ca82ef0a258b7614f81a8359da1201 setup.py invokes GetGitCommitHash unconditionally at module top level, so it runs on pip install openblox and any setuptools invocation. On Windows t...

MAL-2026-6504 Malicious code in openblox (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cdd874a78973f84b5373fc03a48472c338ca82ef0a258b7614f81a8359da1201 setup.py invokes GetGitCommitHash unconditionally at module top level, so it runs on pip install openblox and any setuptools invocation. On Windows t...

Malicious code in js-price-client-node (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 763a44df6481ee1948ff9fda0b3997a93001acb138b7bbcba1787c3f2f8699f2 On npm install, the package's postinstall script invokes prices in dist/index.js, which resolves the consumer's project root via process.env.INITCWD?...

MAL-2026-6503 Malicious code in js-price-client-node (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 763a44df6481ee1948ff9fda0b3997a93001acb138b7bbcba1787c3f2f8699f2 On npm install, the package's postinstall script invokes prices in dist/index.js, which resolves the consumer's project root via process.env.INITCWD?...

CVE-2026-8797

An access control deficiency vulnerability exists in ExpressUpdate Agent for Windows. If a malicious user gains access to the product, arbitrary code could be executed with SYSTEM privileges...

CVE-2026-8797

An access control deficiency vulnerability exists in ExpressUpdate Agent for Windows. If a malicious user gains access to the product, arbitrary code could be executed with SYSTEM privileges...

EUVD-2026-39623

An access control deficiency vulnerability exists in ExpressUpdate Agent for Windows. If a malicious user gains access to the product, arbitrary code could be executed with SYSTEM privileges...

CVE-2026-8797

An access control deficiency vulnerability exists in ExpressUpdate Agent for Windows. If a malicious user gains access to the product, arbitrary code could be executed with SYSTEM privileges...

CVE-2026-8797

CVE-2026-8797 describes an access control deficiency in the Windows component of ExpressUpdate Agent. If an attacker can gain access to the product, arbitrary code could be executed with SYSTEM privileges. The CVSS 4.0 base score is 8.5 (HIGH), with LOCAL attack vector, low attack complexity, and...

Malicious code in js-client-node (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 341a29bc48b39d363662fe66dcf13ca9bc3db921cdae84e53b070fc7b3a935a2 package.json declares a postinstall hook node dist/postinstall.js that runs automatically on npm install. The hook invokes prices in dist/index.js,...

MAL-2026-6502 Malicious code in js-client-node (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 341a29bc48b39d363662fe66dcf13ca9bc3db921cdae84e53b070fc7b3a935a2 package.json declares a postinstall hook node dist/postinstall.js that runs automatically on npm install. The hook invokes prices in dist/index.js,...

perl-IO-Compress: perl-IO-Compress: Arbitrary code execution via attacker-controlled output glob

A flaw was found in perl-IO-Compress, a component used for data compression and decompression. A remote attacker could exploit this vulnerability by crafting a malicious input, specifically an output glob, that bypasses the intended security measures. This could lead to the execution of...

Important: Red Hat Security Advisory: perl-IO-Compress security update

An update for perl-IO-Compress is now available for Red Hat Enterprise Linux 9.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

Malicious Package

Overview ref-slot is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...

Malicious Package

Overview ts-opus is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...

Malicious code in dttfdsdee (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ae565bed85ec0db27f1ff658c7e9491591ce40edc56f423cd8b1122bc209c69c package.json declares a postinstall script that runs automatically on npm install. The script walks the entire filesystem with find to locate databas...

MAL-2026-6498 Malicious code in dttfdsdee (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ae565bed85ec0db27f1ff658c7e9491591ce40edc56f423cd8b1122bc209c69c package.json declares a postinstall script that runs automatically on npm install. The script walks the entire filesystem with find to locate databas...