MAL-2026-6068 Malicious code in swift-parse-stream (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8ab8561c6c561b045d817d4fab3aa0754ce7cd767a3c5ec07b95151dda6b92c8 swift-parse-stream advertises itself as an SVG sanitizer/minifier but ships an undocumented getPlugin export in index.js that, when invoked, performs...

Malicious code in quirky-token (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b263413912feb72882ee0b52e7025c636ed98472ba90e6db4714b3b111b4e2e8 The package is advertised as an SVG sanitizer but exposes an undocumented getPlugin export whose returned function fetches JSON from...

MAL-2026-6066 Malicious code in quirky-token (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b263413912feb72882ee0b52e7025c636ed98472ba90e6db4714b3b111b4e2e8 The package is advertised as an SVG sanitizer but exposes an undocumented getPlugin export whose returned function fetches JSON from...

MAL-2026-5740 Malicious code in 2fa-exe (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector df3ad6044ca4d17d594aa3aa0d1a75d1dbf3ebf483d0dd1b04d502277674a8cc Package advertises itself as an SVG fetcher/sanitizer but ships an undocumented exported factory getPlugin in index.js that performs an HTTPS GET to...

Malicious code in react-ui-polyfills (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 63c43460df1ee670b8a5982d77e7028aef7df25fa38922f743489fd52b41b5ea Package advertises itself as React polyfills / UI compatibility helpers but ships no React or polyfill code. The exported getPlugin function returns ...

Malicious code in fe-utils-core (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6181b15ad071542a35154cffc71bc4771db039f548eabfe4100271000e4e3116 The package's default-exported getPlugin function fetches https://svganchordev.net/icons/110 and passes the response's data.credits field to new...

MAL-2026-4561 Malicious code in fe-utils-core (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6181b15ad071542a35154cffc71bc4771db039f548eabfe4100271000e4e3116 The package's default-exported getPlugin function fetches https://svganchordev.net/icons/110 and passes the response's data.credits field to new...

Malicious code in tsliverhome (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0855b4d02a0d276e8a6cf97b7c62d457b8ef4d851e243d758c2308d451e0876e Package name 'tsliverhome' impersonates the widely-used 'tslib' package 300M weekly downloads. The shipped README.md is a verbatim copy of...

CVE-2024-54192

An issue inTcpreplay v4.5.1 allows a local attacker to cause a denial of service via a crafted file to the tcpeditdltgetplugin function at src/tcpedit/plugins/dltutils.c...

CVE-2024-54192

An issue inTcpreplay v4.5.1 allows a local attacker to cause a denial of service via a crafted file to the tcpeditdltgetplugin function at src/tcpedit/plugins/dltutils.c...

Appneta Tcpreplay 安全漏洞

Appneta Tcpreplay is an open-source utility developed by the American company Appneta, designed for editing and replaying network traffic on UNIX operating systems. Version 4.4.1 of Appneta Tcpreplay contains a security vulnerability. This vulnerability stems from improper handling of specially...

PT-2026-7271

An issue inTcpreplay v4.5.1 allows a local attacker to cause a denial of service via a crafted file to the tcpedit dlt getplugin function at src/tcpedit/plugins/dlt utils.c...