588874 matches found
Vulnerabilities present in Adobe Acrobat Reader
Adobe has identified vulnerabilities in Adobe Acrobat Reader versions 24.001.30365, 26.001.21651, and earlier versions. These vulnerabilities include an out-of-bounds write vulnerability and multiple Use After Free errors. These errors occur when processing certain malformed or maliciously...
Vulnerabilities managed in Ivanti Endpoint Manager Mobile
Ivanti has identified several vulnerabilities in Ivanti Endpoint Manager Mobile. These vulnerabilities include an OS command injection vulnerability, where a remote attacker can execute arbitrary operating system commands with root privileges. Additionally, there is a vulnerability due to incorre...
kernel: ipv6: rpl: reserve mac_len headroom when recompressed SRH grows
A flaw was found in the Linux kernel. A local attacker can exploit an out-of-bounds write vulnerability when the kernel recomputes an IPv6 Source Routing Header SRH. This issue occurs because insufficient headroom is reserved during the recompression process, leading to memory corruption...
MAL-2026-5607 Malicious code in chai-net-test (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cd5f4bb3d7abae3be57c7521b84016b6484d4c21bd2898fcde043d376513cf1e chai-net-test ships a remote-code-execution dropper behind its public chain API. When a consumer calls chain... the documented entry point,...
Malicious code in chai-net-test (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cd5f4bb3d7abae3be57c7521b84016b6484d4c21bd2898fcde043d376513cf1e chai-net-test ships a remote-code-execution dropper behind its public chain API. When a consumer calls chain... the documented entry point,...
Malicious code in tailwind-animator-scroll (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f89c3c4c01375bc7baef213c815a901ac3947eaf3835aa80ea67a725ece8d533 The package's main entry src/index.js appends, after a large whitespace gap following the legitimate-looking Tailwind plugin code, an...
Malicious code in tailwind-typography-plus (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 29345b97ddc8c5fe985d1a69d53db15e4126052929267a584b463e94f43b0bc3 [email protected] impersonates the legitimate @tailwindcss/typography Tailwind CSS plugin confusable name, copied plugin export shape,...
MAL-2026-5619 Malicious code in tailwind-typography-plus (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 29345b97ddc8c5fe985d1a69d53db15e4126052929267a584b463e94f43b0bc3 [email protected] impersonates the legitimate @tailwindcss/typography Tailwind CSS plugin confusable name, copied plugin export shape,...
Malicious code in claimora (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1b785b842f24aeae0e20157784b17a8bff7003e72575ac9a3aa9cbeb550a5c92 claimora impersonates the jsonwebtoken library auth0: package.json sets author to "auth0", points repository at a non-existent...
MAL-2026-5608 Malicious code in claimora (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1b785b842f24aeae0e20157784b17a8bff7003e72575ac9a3aa9cbeb550a5c92 claimora impersonates the jsonwebtoken library auth0: package.json sets author to "auth0", points repository at a non-existent...
Malicious code in cache-section-helper (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cad3d2732831e4b798073aff289abd1abdbb718b4caa9e4f970a0dd3f7733653 package.json declares a postinstall hook node -e "require'./loader.js'" that runs automatically on every npm install. loader.js hex-decodes the strin...
Malicious code in chai-as-victimed (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4b60cf728d4e2f5932f37d3e420649f6facc08959a8380a4724ec9e885b88754 Package name impersonates chai-as-promised but ships a remote-code dropper. lib/caller.js base64-decodes a hardcoded URL pointing to...
MAL-2026-5605 Malicious code in chai-as-victimed (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4b60cf728d4e2f5932f37d3e420649f6facc08959a8380a4724ec9e885b88754 Package name impersonates chai-as-promised but ships a remote-code dropper. lib/caller.js base64-decodes a hardcoded URL pointing to...
MAL-2026-5606 Malicious code in chai-dec (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5fbe1098e3267cf9e98fe2591e27b58f87fb44ca8c5475a5fde64fed8c2dd1c3 chai-dec impersonates the chai/pino ecosystem package name rides on chai; package.json keywords and exports — module.exports.pino = middleware —...
Malicious code in chai-dec (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5fbe1098e3267cf9e98fe2591e27b58f87fb44ca8c5475a5fde64fed8c2dd1c3 chai-dec impersonates the chai/pino ecosystem package name rides on chai; package.json keywords and exports — module.exports.pino = middleware —...
CVE-2026-41699
Spring for GraphQL applications are vulnerable to Unsafe Deserialization when processing paginated GraphQL queries. An attacker can craft a malicious GraphQL request that can lead to Remote Code Execution when the application exposes a paginated Connection field and the classpath contains specifi...
CVE-2026-10795
The UpdraftPlus: WP Backup & Migration Plugin plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 1.26.4 via the UpdraftPlusRemoteCommunicationsV2::wploaded function. This is due to insufficient validation of the remote communications message format,...
Malicious code in 0x2ai-multi-mq (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7d056f067b0af2084bd7777fcdb2ae6e2c06bb67f40929ba9900b5aa9cb83649 When the documented invocation npx 0x2ai-multi-mq is run, bin/start.cjs copies chatroom-mcp-lite-patched.cjs and chatroom-monitor.cjs into the user's...
Malicious code in 0x2ai-multi-q (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e305b12731a6b73c8982935753b52febfa90626f5a75f6942ca154aa708594b6 Running npx 0x2ai-multi-q the package's documented invocation spawns claude --dangerously-skip-permissions and writes a .mcp.json into the user's...
MAL-2026-5601 Malicious code in 0x2ai-multi-q (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e305b12731a6b73c8982935753b52febfa90626f5a75f6942ca154aa708594b6 Running npx 0x2ai-multi-q the package's documented invocation spawns claude --dangerously-skip-permissions and writes a .mcp.json into the user's...