MAL-2026-4577 Malicious code in harness-skil (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e03ab8467953cd2233e07e792a33c7df7be2c99c66da3b814538a169337b93e6 The package's install.js wired to an npm install lifecycle hook requires childprocess, fs, and https, then issues an https.get to a...

Malicious KICS Docker Images and VS Code Extensions Hit Checkmarx Supply Chain

Cybersecurity researchers have warned of malicious images pushed to the official "checkmarx/kics" Docker Hub repository. In an alert published today, software supply chain security company Socket revealed that unknown threat actors managed to have overwritten existing tags, including v2.1.20 and...

CVE-2026-30824

creationtimestamp| type| source ---|---|--- 2026-03-05 21:31:50+00:00| published-proof-of-concept| https://github.com/FlowiseAI/Flowise/security/advisories/GHSA-5f53-522j-j454 2026-04-15 07:09:15+00:00| confirmed|...

CVE-2019-15823

creationtimestamp| type| source ---|---|--- 2026-01-07 10:48:00+00:00| confirmed| https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2019/CVE-2019-15823.yaml 2026-01-08 21:03:11+00:00| seen| https://bsky.app/profile/beikokucyber.bsky.social/post/3mbwuxxqv5h2t...

CVE-2021-33829

creationtimestamp| type| source ---|---|--- 2025-12-17 07:54:34+00:00| confirmed| https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2021/CVE-2021-33829.yaml 2025-12-18 21:03:03+00:00| seen| https://bsky.app/profile/beikokucyber.bsky.social/post/3mac36lna2n2f...

CVE-2025-66401

MCP Watch is a comprehensive security scanner for Model Context Protocol MCP servers. In 0.1.2 and earlier, the MCPScanner class contains a critical Command Injection vulnerability in the cloneRepo method. The application passes the user-supplied githubUrl argument directly to a system shell via...

PT-2025-48575

Name of the Vulnerable Software and Affected Versions MCP Watch versions 0.1.2 and earlier Description MCP Watch, a security scanner for Model Context Protocol MCP servers, contains a Command Injection issue in the cloneRepo method of the MCPScanner class. The application directly passes the...

CVE-2023-3169

creationtimestamp| type| source ---|---|--- 2023-10-10 11:36:55+00:00| exploited| https://t.me/itsecnews/3432 2023-10-11 15:16:39+00:00| exploited| https://t.me/KomunitiSiber/919 2023-10-11 15:30:02+00:00| seen| Telegram/ReJUj7XL5RTCHl48Ln6hOhYIjbpjNlCtusbs47L9aTPiow 2025-09-23 20:09:27+00:00|...

CVE-2022-4223

creationtimestamp| type| source ---|---|--- 2022-12-13 18:27:55+00:00| seen| https://t.me/cibsecurity/54425 2026-01-22 00:26:29+00:00| confirmed| https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2022/CVE-2022-4223.yaml 2026-01-23 21:03:00+00:00| seen|...

java-1.8.0-openjdk security, bug fix, and enhancement update

1.8.0.342.b07-1.0.1 - Replace upstream references Orabug: 34340145 1:1.8.0.342.b07-1 - Update to shenandoah-jdk8u342-b07 - Update release notes for shenandoah-8u342-b07. - Print release file during build, which should now include a correct SOURCE value from .src-rev - Update tarball script with...

java-11-openjdk security, bug fix, and enhancement update

1:11.0.16.0.8-1.0.1 - Replace upstream references Orabug: 34340155 1:11.0.16.0.8-1 - Update to jdk-11.0.16+8 - Update release notes to 11.0.16+8 - Use same tarball naming style as java-17-openjdk and java-latest-openjdk - Drop JDK-8257794 patch now upstreamed - Print release file during build,...

java-11-openjdk security, bug fix, and enhancement update

1:11.0.16.0.8-1 - Update to jdk-11.0.16+8 - Update release notes to 11.0.16+8 - Use same tarball naming style as java-17-openjdk and java-latest-openjdk - Drop JDK-8257794 patch now upstreamed - Print release file during build, which should now include a correct SOURCE value from .src-rev - Updat...

Sifchain: Found a url on source code which was disclosing different juicy informations like ip addresses and available endponts

Summary: I found a link in " https://github.com/Sifchain/sifnode/blob/develop/deploy/rake/cluster.rake" page which was exposing ip adresses and different endpoints which could be missused by hackers. Link Is=https://rpc.sifchain.finance/ Steps To Reproduce: 1. Visit https://rpc.sifchain.finance/...

Mapplic and Mapplic Lite - SSRF to Stored Cross-Site Scripting (XSS)

The Mapplic Lite alert/XSS/...

WordPress Mapplic-Lite 1.0 SSRF / Cross Site Scripting Vulnerability

Title : Mapplic-Lite Wordpress Plugins Stored XSS Injection via SSRF Author : Eagle Eye Download : https://wordpress.org/plugins/mapplic-lite/ Vendor Homepage : https://mapplic.com/ Version Affected : Version 1.0 Tested on : Google Chrome XSS Vuln from add/edit Map and bypass with host...

Regular Expression Denial Of Service (ReDoS)

github-url-to-object is vulnerable to regular expression denial of service ReDoS attacks. The vulnerability is possible because regular expressions used for repoUrl path are not filtering the string inputs. A malicious user could send crafted requests using this flaw that cause the system to cras...

Fedora Update for nodejs-github-url-from-git FEDORA-2013-11780

Check for the Version of nodejs-github-url-from-git OpenVAS Vulnerability Test Fedora Update for nodejs-github-url-from-git FEDORA-2013-11780 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can...

Fedora Update for nodejs-github-url-from-git FEDORA-2013-11780

The remote host is missing an update for the SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...