Malicious Package

Overview pump-laserstream-parser is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this packa...

Malicious Package

Overview zod-pino is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...

Malicious Package

Overview pino-zod is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...

Malicious Package

Overview pump-stream-logger is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

Malicious Package

Overview ttal2ttml is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...

Malicious Package

Overview kdrive-utils is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

Malicious Package

Overview analysis-chart is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

Malicious Package

Overview theme-color-picker is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

Malicious Package

Overview package-uploader is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

MAL-2026-6511 Malicious code in hydanlabs (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 92288b41a62d25886b2aafe73ced1054249d215d131bb4d7e5e2353e1f1a3b5f The CLI hardcodes its LLM backend to a bare-IP, plain-HTTP endpoint http://151.244.40.74:4000 controlled by the package author. Every request POSTs a...

Malicious code in hydanlabs (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 92288b41a62d25886b2aafe73ced1054249d215d131bb4d7e5e2353e1f1a3b5f The CLI hardcodes its LLM backend to a bare-IP, plain-HTTP endpoint http://151.244.40.74:4000 controlled by the package author. Every request POSTs a...

[SECURITY] [DLA 4649-1] libdbi-perl security update

Debian LTS Advisory DLA-4649-1 [email protected] https://www.debian.org/lts/security/ Guilhem Moulin June 26, 2026 https://wiki.debian.org/LTS Package : libdbi-perl Version : 1.643-3+deb11u1 CVE ID : CVE-2026-9698 CVE-2026-10879 Two vulnerabilities were discovered in libdbi-perl, the Pe...

Malicious code in openblox (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cdd874a78973f84b5373fc03a48472c338ca82ef0a258b7614f81a8359da1201 setup.py invokes GetGitCommitHash unconditionally at module top level, so it runs on pip install openblox and any setuptools invocation. On Windows t...

MAL-2026-6504 Malicious code in openblox (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cdd874a78973f84b5373fc03a48472c338ca82ef0a258b7614f81a8359da1201 setup.py invokes GetGitCommitHash unconditionally at module top level, so it runs on pip install openblox and any setuptools invocation. On Windows t...

Malicious code in js-price-client-node (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 763a44df6481ee1948ff9fda0b3997a93001acb138b7bbcba1787c3f2f8699f2 On npm install, the package's postinstall script invokes prices in dist/index.js, which resolves the consumer's project root via process.env.INITCWD?...

MAL-2026-6503 Malicious code in js-price-client-node (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 763a44df6481ee1948ff9fda0b3997a93001acb138b7bbcba1787c3f2f8699f2 On npm install, the package's postinstall script invokes prices in dist/index.js, which resolves the consumer's project root via process.env.INITCWD?...

CVE-2026-8797

CVE-2026-8797 describes an access control deficiency in the Windows component of ExpressUpdate Agent. If an attacker can gain access to the product, arbitrary code could be executed with SYSTEM privileges. The CVSS 4.0 base score is 8.5 (HIGH), with LOCAL attack vector, low attack complexity, and...

CVE-2026-8797

An access control deficiency vulnerability exists in ExpressUpdate Agent for Windows. If a malicious user gains access to the product, arbitrary code could be executed with SYSTEM privileges...

CVE-2026-8797

An access control deficiency vulnerability exists in ExpressUpdate Agent for Windows. If a malicious user gains access to the product, arbitrary code could be executed with SYSTEM privileges...

CVE-2026-8797

An access control deficiency vulnerability exists in ExpressUpdate Agent for Windows. If a malicious user gains access to the product, arbitrary code could be executed with SYSTEM privileges...