CVE-2026-53876

RadiX AX6600 WiFi 6 Tri-Band Gaming Router contains an OS command injection vulnerability, which may lead to arbitrary command execution with the root privilege by a user who logs in to the web console as an administrator...

Malicious code in metrics-probe-dc85 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector aaa3316d23c1a348fb5c68a36eb775ca51f90d0e44973508dd5a8ba5a139e932 On install, package.json declares postinstall: node run.js, which auto-executes run.js when the package is installed. run.js imports os, fs, http,...

Malicious code in pkg-telemetry-r4f9 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector decf727db779a7cc4017b0bd8000f9fb40bcc5c6d93b016144a94e245886ea4e On install, package.json's postinstall hook runs node run.js, which loads beacon scripts that combine childprocess, os, and http modules to collect...

MAL-2026-5990 Malicious code in pkg-telemetry-r4f9 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector decf727db779a7cc4017b0bd8000f9fb40bcc5c6d93b016144a94e245886ea4e On install, package.json's postinstall hook runs node run.js, which loads beacon scripts that combine childprocess, os, and http modules to collect...

Malicious code in params-valid-js (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 397af72237ba3626ac4727497662530f602c2ce6ec71406f48b508055687366c The package presents itself as 'Simplified HTTP request client' and copies identity metadata from Mikeal Rogers' legitimate request package bugs URL...

MAL-2026-5988 Malicious code in params-valid-js (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 397af72237ba3626ac4727497662530f602c2ce6ec71406f48b508055687366c The package presents itself as 'Simplified HTTP request client' and copies identity metadata from Mikeal Rogers' legitimate request package bugs URL...

Malicious code in tobihook (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2c093ec7049ebbe26ca860033bc1fd81ad98f4f586b66fc68170e1ff81ae90bb The package masquerades as an HTTP helper functions named post/get/fetch, module comment ' request/init.py', and an unused requests dependency but ea...

MAL-2026-5989 Malicious code in pathfix (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f2527fa3618f01b694722f2a50297c248053dcdabf1b471ee9bdbdc6522bb838 pathfix presents itself as a Stylus port of normalize.css but ships a copy of the unrelated normalize-path module with an appended...

Malicious code in pathfix (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f2527fa3618f01b694722f2a50297c248053dcdabf1b471ee9bdbdc6522bb838 pathfix presents itself as a Stylus port of normalize.css but ships a copy of the unrelated normalize-path module with an appended...

MAL-2026-5973 Malicious code in classbreeze-utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e19daf4f946816f5ba3c6e592eacc980861b281c6752b738de57fdd31f49279d The package masquerades as a Tailwind plugin: README and the top of src/index.js are a verbatim clone of @tailwindcss/typography...

SUSE CVE-2026-6893

A flaw was found in dracut. A remote attacker on the adjacent network can exploit this vulnerability by providing specially crafted DHCP Dynamic Host Configuration Protocol options, such as a malicious hostname, to a system using dracut's legacy DHCP path. These options are improperly handled and...

CVE-2026-12466

Heap buffer overflow in WebRTC in Google Chrome on Windows prior to 149.0.7827.155 allowed a remote attacker to execute arbitrary code via a crafted HTML page. Chromium security severity: High...

CVE-2026-12466

Summary (CVE-2026-12466) : A heap buffer overflow in WebRTC within Google Chrome on Windows before version 149.0.7827.155 allows remote code execution via a crafted HTML page. Multiple connected sources corroborate the Windows/WebRTC/chrome vector and fixed version, signaling a high-severity Chro...

CVE-2026-12466

Heap buffer overflow in WebRTC in Google Chrome on Windows prior to 149.0.7827.155 allowed a remote attacker to execute arbitrary code via a crafted HTML page. Chromium security severity: High...

CVE-2026-12462

CVE-2026-12462 is a use-after-free in the Media component of Google Chrome before 149.0.7827.155. An attacker who has compromised the renderer process could trigger a crafted HTML page to execute arbitrary code inside Chrome’s sandbox. The vulnerability is tied to the Chromium-based Media stack a...

CVE-2026-12447

CVE-2026-12447 affects Google Chrome/WebRTC (Chromium). The issue is a heap buffer overflow in WebRTC that allows remote code execution via a crafted HTML page, affecting builds prior to 149.0.7827.155. Impact is a sandbox escape/total compromise of the browser process, per the cited descriptions...

CVE-2026-12447

Heap buffer overflow in WebRTC in Google Chrome prior to 149.0.7827.155 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...

CVE-2026-12443

CVE-2026-12443 is a use-after-free in Chrome’s Web Authentication implementation that could allow a remote attacker to execute arbitrary code via a crafted HTML page. Affected software: Google Chrome (Chromium). Underlying issue is in Web Authentication handling that leads to memory misuse. Impac...

CVE-2026-12443

Use after free in Web Authentication in Google Chrome prior to 149.0.7827.155 allowed a remote attacker to execute arbitrary code via a crafted HTML page. Chromium security severity: Critical...

CVE-2026-12442

The CVE-2026-12442 entry describes a use-after-free in Passwords in Google Chrome on Android before version 149.0.7827.155, allowing a remote attacker to execute arbitrary code via a crafted HTML page (Chromium security severity: Critical). Connected sources confirm this vulnerability affects Chr...