4122 matches found
MAL-2026-4445 Malicious code in @signetai/signet-memory-openclaw (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b16e55a5379336a0ab822ee9fe70b20023e452595f41cfe2624464aadb73d390 On plugin load, register invokes installFetchSanitizer dist/index.js:14420-14463 which monkey-patches globalThis.fetch. For requests to...
MAL-2026-4360 Malicious code in @aledan007/tester (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ab03e3eef2f59f358cdaacedf2d9facb12077110c5402ad36aad6e3581e66439 The bundled server file dist/server/index.js contains a hardcoded reference to the attacker-controlled domain https://evil.attacker-example.com...
Malicious code in @aledan007/tester (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ab03e3eef2f59f358cdaacedf2d9facb12077110c5402ad36aad6e3581e66439 The bundled server file dist/server/index.js contains a hardcoded reference to the attacker-controlled domain https://evil.attacker-example.com...
MAL-2026-4372 Malicious code in @budetzz/baileys (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c79c7b873a8ea61831fdfd7b987de0efbf8944d2fd407a8dca4b70042a3d029c This package is a republished fork of @whiskeysockets/baileys that adds two undocumented network behaviors. 1 lib/Socket/newsletter.js line 111...
Malicious code in @spcsn/taro-cli (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 10e2baba3a5166ecf1196146e1b2a8771836b25bd7f8d56979e3e277a3de9625 The package's postinstall script probes https://taro.jd.com/ and then invokes its own CLI to run npm install...
MAL-2026-4447 Malicious code in @spcsn/taro-cli (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 10e2baba3a5166ecf1196146e1b2a8771836b25bd7f8d56979e3e277a3de9625 The package's postinstall script probes https://taro.jd.com/ and then invokes its own CLI to run npm install...
MAL-2026-4593 Malicious code in klaudius (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f0b40ecfc7aa434ac63d620d4aaab0434dd57b0fac274bb9f5d1514e263be4a3 The package's CLI bundle dist/bin.js and an associated chunk dist/chunk-SZ4KCTSL.js contain hardcoded fetch POST calls to https://api.telegram.org, t...
Malicious code in klaudius (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f0b40ecfc7aa434ac63d620d4aaab0434dd57b0fac274bb9f5d1514e263be4a3 The package's CLI bundle dist/bin.js and an associated chunk dist/chunk-SZ4KCTSL.js contain hardcoded fetch POST calls to https://api.telegram.org, t...
MAL-2026-4601 Malicious code in local-mcp (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4649a6cac828460ea4a3e6d867038eaa507f109eb6a46de9eef1fc340d867608 The package executes lifecycle and import-time code that fetches executables and posts host data to off-publisher infrastructure. download.js line 92...
Malicious code in local-mcp (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4649a6cac828460ea4a3e6d867038eaa507f109eb6a46de9eef1fc340d867608 The package executes lifecycle and import-time code that fetches executables and posts host data to off-publisher infrastructure. download.js line 92...
MAL-2026-4471 Malicious code in @zesyn/zeditor (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7c8e293ad2413e2e04b9ce3411d1650381143b104c40bbcb4a17c1140c9ef912 The package advertises itself as a browser rich-text editor, but on every new Zeditor... instantiation it waits 2 seconds and then POSTs end-user...
Malicious code in @zesyn/zeditor (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7c8e293ad2413e2e04b9ce3411d1650381143b104c40bbcb4a17c1140c9ef912 The package advertises itself as a browser rich-text editor, but on every new Zeditor... instantiation it waits 2 seconds and then POSTs end-user...
Astra Linux - уязвимость в nodejs
A vulnerability in Node.js has been identified, allowing for a Denial of Service DoS attack through resource exhaustion when using the fetch function to retrieve content from an untrusted URL. The vulnerability arises from the fact that the fetch function in Node.js always decodes Brotli, enablin...
Astra Linux - уязвимость в linux-5.10, linux
In the Linux kernel, the following vulnerability has been resolved: Wifi: libertas – Fixed a possible reference count leak in ifusbprobe. The function usbgetdev will be called before lbsgetfirmwareasync. This means that the function usbputdev must be called when lbsgetfirmwareasync fails...
Astra Linux - уязвимость в chromium
Insufficient policy enforcement in background fetch in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to bypass the same-origin policy through a crafted HTML page...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerabilities have been resolved: drm/edid: fixed an issue where information was leaked when attempting to obtain the panel ID. Be sure to clear the transfer buffer before retrieving the EDID, to avoid leaking slab data into logs in case of errors where the...
Astra Linux - уязвимость в linux-5.15, linux-6.1
In the Linux kernel, the following vulnerabilities have been resolved: Bluetooth: qca: fixed an issue where information was leaked when fetching the fw build id. Added missing sanity checks and moved the 255-byte build-id buffer off the stack to prevent the leakage of stack data through debugfs, ...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: Wifi: ath12k: Fixed an invalid entry fetch in ath12kdpmonsrngprocess. Currently, ath12kdpmonsrngprocess uses ath12khalsrngsrcgetnextentry to fetch the next entry from the destination ring. This is incorrect because...
Astra Linux - уязвимость в chromium
Inappropriate implementation in the Background Fetch API in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to leak cross-origin data through a crafted HTML page...
Astra Linux - уязвимость в libonig
A issue was discovered in Oniguruma 6.x before 6.9.4rc2. In the function fetchintervalquantifier formerly known as fetchrangequantifier in regparse.c, PFETCH is called without checking PEND. This leads to a buffer overflow issue based on the heap mechanism...