1090 matches found
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a credential-stealing payload and worm propagation logic. A malicious actor associated with the "TeamPCP" or "Mini Shai-Hulud" campaign compromised a maintainer's access token; this allowed the...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a credential-stealing payload and worm propagation logic. A malicious actor associated with the "TeamPCP" or "Mini Shai-Hulud" campaign compromised a maintainer's access token; this allowed the...
Malicious code in jenkins-forge-utils (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1752ae807c1ded3c735b8ab75a4119f00de67627fbd4a8802331d487b5e2c229 The package jenkins-forge-utils was found to contain malicious code. Source: ghsa-malware...
MAL-2026-3790 Malicious code in jenkins-forge-utils (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1752ae807c1ded3c735b8ab75a4119f00de67627fbd4a8802331d487b5e2c229 The package jenkins-forge-utils was found to contain malicious code. Source: ghsa-malware...
Malicious code in jenkins-forge-app (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3120a240b8c41b579052ef41d9ced1b143fa654155901c8ac183b99cd99b83e4 The package jenkins-forge-app was found to contain malicious code. Source: ghsa-malware...
MAL-2026-3789 Malicious code in jenkins-forge-app (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3120a240b8c41b579052ef41d9ced1b143fa654155901c8ac183b99cd99b83e4 The package jenkins-forge-app was found to contain malicious code. Source: ghsa-malware...
Malicious Package
Overview jenkins-forge-app is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...
Malicious Package
Overview jenkins-forge-utils is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...
CVE-2026-8596 Cleartext storage of HMAC signing key in Amazon SageMaker Python SDK ModelBuilder/Serve path
Cleartext storage of sensitive information in the ModelBuilder/Serve component in Amazon SageMaker Python SDK before v2.257.2 and v3 before v3.8.0 might allow a remote authenticated actor to extract the HMAC signing key from SageMaker API responses and forge valid integrity signatures for special...
EUVD-2020-31214
Ecommerce Systempay 1.0 contains a weak cryptographic implementation vulnerability that allows attackers to brute force the 16-character production secret key used for payment signature generation. Attackers can extract payment form data and signatures from POST requests to the payment endpoint,...
CVE-2020-37168
Ecommerce Systempay 1.0 contains a weak cryptographic implementation vulnerability that allows attackers to brute force the 16-character production secret key used for payment signature generation. Attackers can extract payment form data and signatures from POST requests to the payment endpoint,...
Command Injection
Overview automagik-genie is a Self-evolving AI agent orchestration framework with Model Context Protocol support Affected versions of this package are vulnerable to Command Injection via the readTranscriptFromCommit function. An attacker can execute arbitrary system commands by supplying crafted...
EUVD-2026-29159
Command injection vulnerability in automagik-genie 2.5.27 MCP Server allows attackers to execute arbitrary commands via the viewtask aka view in the readTranscriptFromCommit function in dist/mcp/server.js when a user reads from an external FORGEBASEURL...
GHSA-64VR-4GR2-M642 automagik-genie has a command injection vulnerability
Command injection vulnerability in automagik-genie 2.5.27 MCP Server allows attackers to execute arbitrary commands via the viewtask aka view in the readTranscriptFromCommit function in dist/mcp/server.js when a user reads from an external FORGEBASEURL...
CVE-2026-30635
Command injection vulnerability in automagik-genie 2.5.27 MCP Server allows attackers to execute arbitrary commands via the viewtask aka view in the readTranscriptFromCommit function in dist/mcp/server.js when a user reads from an external FORGEBASEURL...
@senoldogann/code-companion (>=0.1.38 <=0.1.56), @treeseed/agent (>=0.8.5 <=0.10.0) +6 more potentially affected by CVE-2026-45033 via @github/copilot (>=1.0.27 <=1.0.40)
@github/copilot NPM version =1.0.27, =0.1.38, =0.8.5, =0.6.0, =0.6.1, =0.6.8, =1.0.0, =2.0.0 - @vibe-forge/client =1.0.0 - bitbucket-copilot-pr-review =0.5.1 Source cves: CVE-2026-45033 Source advisory: SNYK:JS-GITHUBCOPILOT-16642141...
CVE-2026-30635
Command injection vulnerability in automagik-genie 2.5.27 MCP Server allows attackers to execute arbitrary commands via the viewtask aka view in the readTranscriptFromCommit function in dist/mcp/server.js when a user reads from an external FORGEBASEURL...
CVE-2026-30635
Command injection vulnerability in automagik-genie 2.5.27 MCP Server allows attackers to execute arbitrary commands via the viewtask aka view in the readTranscriptFromCommit function in dist/mcp/server.js when a user reads from an external FORGEBASEURL...
CVE-2026-30635
Command injection vulnerability in automagik-genie 2.5.27 MCP Server allows attackers to execute arbitrary commands via the viewtask aka view in the readTranscriptFromCommit function in dist/mcp/server.js when a user reads from an external FORGEBASEURL...
CVE-2026-30635
CVE-2026-30635 describes a command-injection vulnerability in the automagik-genie 2.5.27 MCP Server. The issue affects the readTranscriptFromCommit path in dist/mcp/server.js, where an attacker can trigger arbitrary command execution via the view_task (also known as view) when reading from an ext...