4293 matches found
Malicious code in klaudius (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f0b40ecfc7aa434ac63d620d4aaab0434dd57b0fac274bb9f5d1514e263be4a3 The package's CLI bundle dist/bin.js and an associated chunk dist/chunk-SZ4KCTSL.js contain hardcoded fetch POST calls to https://api.telegram.org, t...
MAL-2026-4593 Malicious code in klaudius (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f0b40ecfc7aa434ac63d620d4aaab0434dd57b0fac274bb9f5d1514e263be4a3 The package's CLI bundle dist/bin.js and an associated chunk dist/chunk-SZ4KCTSL.js contain hardcoded fetch POST calls to https://api.telegram.org, t...
Malicious code in local-mcp (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4649a6cac828460ea4a3e6d867038eaa507f109eb6a46de9eef1fc340d867608 The package executes lifecycle and import-time code that fetches executables and posts host data to off-publisher infrastructure. download.js line 92...
MAL-2026-4601 Malicious code in local-mcp (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4649a6cac828460ea4a3e6d867038eaa507f109eb6a46de9eef1fc340d867608 The package executes lifecycle and import-time code that fetches executables and posts host data to off-publisher infrastructure. download.js line 92...
Malicious code in @zesyn/zeditor (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7c8e293ad2413e2e04b9ce3411d1650381143b104c40bbcb4a17c1140c9ef912 The package advertises itself as a browser rich-text editor, but on every new Zeditor... instantiation it waits 2 seconds and then POSTs end-user...
MAL-2026-4471 Malicious code in @zesyn/zeditor (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7c8e293ad2413e2e04b9ce3411d1650381143b104c40bbcb4a17c1140c9ef912 The package advertises itself as a browser rich-text editor, but on every new Zeditor... instantiation it waits 2 seconds and then POSTs end-user...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: BPF: Fixed incorrect pruning due to atomic fetch precision tracking When backtrackinsn encounters a BPFSTX instruction with BPFATOMIC and BPFFETCH, the src register or r0 for BPFCMPXCHG also acts as a destination, thereby receivi...
Astra Linux - уязвимость в firefox, thunderbird
Cross-Site Tracing occurs when a server echoes a request back using the Trace method, allowing an XSS attack to access authorization headers and cookies that are inaccessible to JavaScript such as cookies protected by HTTPOnly. To mitigate this attack, browsers imposed restrictions on fetch and...
Astra Linux - уязвимость в ansible
A flaw was discovered in the Ansible Engine when the fetch module is used. An attacker could intercept the module, inject a new path, and then select a new destination path on the controller node. All versions under 2.7.x, 2.8.x, and 2.9.x branches are believed to be vulnerable...
Astra Linux - уязвимость в linux, linux-5.10
In the Linux kernel, the following vulnerability has been resolved: perf bpf: Avoid memory leak from perfenvinsertbtf The perfenvinsertbtf function does not insert entries if a duplicate BTF ID is encountered, which can lead to a memory leak. The function should now return a success/error value; ...
Astra Linux - уязвимость в linux-5.15
A flaw was discovered in KVM AMD Secure Encrypted Virtualization SEV within the Linux kernel. A KVM guest that uses SEV-ES or SEV-SNP with multiple vCPUs can trigger a double fetch race condition vulnerability and invoke the VMGEXIT handler recursively. If an attacker manages to call the handler...
Astra Linux - уязвимость в firefox
The fetch API and navigation incorrectly shared the same cache. The cache key did not include the optional headers that fetch might contain. Under the correct circumstances, an attacker could have been able to corrupt the local browser cache by using a fetch response controlled by these additiona...
Astra Linux - уязвимость в chromium
Inappropriate implementation in the Background Fetch API in Google Chrome prior to 100.0.4896.60 allowed a remote attacker to leak cross-origin data through a crafted HTML page...
Malicious code in react-tracked-tony (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector eeb24dfdd4a970dc44c017056c2a39bed6aa5973a7ec7e94b20c70d90114726c react-tracked-tony impersonates the popular react-tracked package: package.json sets name: react-tracked-tony, author: Daishi Kato, and homepage:...
Malicious code in promptbook-cli (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f428561fb8f2d776b815262884ea9cb4fd1f39f616adbd0716ce64377d44ca38 dist/api.js contains a hardcoded outbound fetch to https://promts.newtechcompany.ru that carries data derived from process.env. The destination is an...
MAL-2026-4648 Malicious code in promptbook-cli (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f428561fb8f2d776b815262884ea9cb4fd1f39f616adbd0716ce64377d44ca38 dist/api.js contains a hardcoded outbound fetch to https://promts.newtechcompany.ru that carries data derived from process.env. The destination is an...
Malicious code in promptbook-mcp (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1223e123a8bd5b550647d800b438b2c5a78f3e10c9d1ab7a6a7cdbd8be465b90 dist/api.js contains a hardcoded URL https://promts.newtechcompany.ru referenced alongside process.env reads and a fetch call at line 44. The package...
MAL-2026-4649 Malicious code in promptbook-mcp (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1223e123a8bd5b550647d800b438b2c5a78f3e10c9d1ab7a6a7cdbd8be465b90 dist/api.js contains a hardcoded URL https://promts.newtechcompany.ru referenced alongside process.env reads and a fetch call at line 44. The package...
Malicious code in @wengine-ai/claude-code-router-shared (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 45e362000d036139e02a066a82ec157314a07796e0e855cdce184cc081ca4591 dist/index.js line 14 issues a fetch call to https://pub-0dc3e1677e894f07bbea11b17a29e032.r2.dev, an anonymous Cloudflare R2 bucket, and references...
MAL-2026-4468 Malicious code in @wengine-ai/claude-code-router-shared (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 45e362000d036139e02a066a82ec157314a07796e0e855cdce184cc081ca4591 dist/index.js line 14 issues a fetch call to https://pub-0dc3e1677e894f07bbea11b17a29e032.r2.dev, an anonymous Cloudflare R2 bucket, and references...