2459978 matches found
MAL-2026-6503 Malicious code in js-price-client-node (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 763a44df6481ee1948ff9fda0b3997a93001acb138b7bbcba1787c3f2f8699f2 On npm install, the package's postinstall script invokes prices in dist/index.js, which resolves the consumer's project root via process.env.INITCWD?...
CVE-2026-8797
CVE-2026-8797 describes an access control deficiency in the Windows component of ExpressUpdate Agent. If an attacker can gain access to the product, arbitrary code could be executed with SYSTEM privileges. The CVSS 4.0 base score is 8.5 (HIGH), with LOCAL attack vector, low attack complexity, and...
CVE-2026-8797
An access control deficiency vulnerability exists in ExpressUpdate Agent for Windows. If a malicious user gains access to the product, arbitrary code could be executed with SYSTEM privileges...
CVE-2026-8797
An access control deficiency vulnerability exists in ExpressUpdate Agent for Windows. If a malicious user gains access to the product, arbitrary code could be executed with SYSTEM privileges...
EUVD-2026-39623
An access control deficiency vulnerability exists in ExpressUpdate Agent for Windows. If a malicious user gains access to the product, arbitrary code could be executed with SYSTEM privileges...
CVE-2026-8797
An access control deficiency vulnerability exists in ExpressUpdate Agent for Windows. If a malicious user gains access to the product, arbitrary code could be executed with SYSTEM privileges...
MAL-2026-6502 Malicious code in js-client-node (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 341a29bc48b39d363662fe66dcf13ca9bc3db921cdae84e53b070fc7b3a935a2 package.json declares a postinstall hook node dist/postinstall.js that runs automatically on npm install. The hook invokes prices in dist/index.js,...
Malicious code in js-client-node (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 341a29bc48b39d363662fe66dcf13ca9bc3db921cdae84e53b070fc7b3a935a2 package.json declares a postinstall hook node dist/postinstall.js that runs automatically on npm install. The hook invokes prices in dist/index.js,...
perl-IO-Compress: perl-IO-Compress: Arbitrary code execution via attacker-controlled output glob
A flaw was found in perl-IO-Compress, a component used for data compression and decompression. A remote attacker could exploit this vulnerability by crafting a malicious input, specifically an output glob, that bypasses the intended security measures. This could lead to the execution of...
Important: Red Hat Security Advisory: perl-IO-Compress security update
An update for perl-IO-Compress is now available for Red Hat Enterprise Linux 9.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...
Malicious Package
Overview ref-slot is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...
Malicious Package
Overview ts-opus is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...
Malicious code in dttfdsdee (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ae565bed85ec0db27f1ff658c7e9491591ce40edc56f423cd8b1122bc209c69c package.json declares a postinstall script that runs automatically on npm install. The script walks the entire filesystem with find to locate databas...
MAL-2026-6498 Malicious code in dttfdsdee (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ae565bed85ec0db27f1ff658c7e9491591ce40edc56f423cd8b1122bc209c69c package.json declares a postinstall script that runs automatically on npm install. The script walks the entire filesystem with find to locate databas...
Malicious code in chai-as-synced (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7bc0ee3e6a8341e046b84880f9faf0a4750f4a261a791b95d1267066d7828071 Package name 'chai-as-synced' impersonates the well-known 'chai-as-promised'. On require, index.js spawns a detached, stdio-ignored Node child runnin...
MAL-2026-6497 Malicious code in chai-as-synced (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7bc0ee3e6a8341e046b84880f9faf0a4750f4a261a791b95d1267066d7828071 Package name 'chai-as-synced' impersonates the well-known 'chai-as-promised'. On require, index.js spawns a detached, stdio-ignored Node child runnin...
SUSE CVE-2026-13201
A flaw was found in KubeVirt's safepath package used by virt-handler. The OpenAtNoFollow function uses OPATH|ONOFOLLOW to obtain a file descriptor to a path leaf, but downstream operations resolve the path via /proc/self/fd/N using link-following syscalls. When the leaf is a symlink, the kernel...
Malicious code in set-cookie-ease (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b2bf656ba38b4d951239ee29799f510de4a8cb93fcf5d8005db4cd679a8631e6 Package masquerades as js-cookie same banner /! js-cookie v3.0.5 | MIT /, README, and repository.url: git://github.com/js-cookie/js-cookie.git but...
MAL-2026-6500 Malicious code in set-cookie-ease (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b2bf656ba38b4d951239ee29799f510de4a8cb93fcf5d8005db4cd679a8631e6 Package masquerades as js-cookie same banner /! js-cookie v3.0.5 | MIT /, README, and repository.url: git://github.com/js-cookie/js-cookie.git but...
Malicious code in mongoose-json-format (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2a3dc63cdceb40d6f0fe338bcdbe589689ab2897f44cbb6b7c3d0192b5bd09c5 On require, helpers.js instantiates a Helper whose constructor invokes createLog. createLog base64-decodes the string assigned to HASHKEY decoding to...