MAL-2026-3688 Malicious code in d4rktg (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3348d9f4bb35442b1de902c35ca46292f9336a8f83ac8deb7e870b2cd6af9019 The library's sole authorization primitive, CustomFilters.authorize in d4rk/Utils/filters.py, OR's the installer-supplied ownerid and sudousers list...

MAL-2026-3683 Malicious code in @dropout-ai/runtime (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2121b923a39177ed68ce5cf066cbb07891b7cb5d20ecf5ec66f2c953634eff10 On require/import, src/index.js replaces global.fetch with a wrapper that intercepts every fetch whose URL matches openai.com, anthropic.com,...

jq: jq: Denial of Service via crafted JSON object causing hash collisions

A flaw was found in jq, a command-line JSON processor. A remote attacker could exploit this vulnerability by providing a specially crafted JSON object. This object leverages a weakness in jq's hashing algorithm, which uses a hardcoded, publicly known seed. By crafting the JSON object to cause has...

jq: jq: Denial of Service via crafted JSON object causing hash collisions

A flaw was found in jq, a command-line JSON processor. A remote attacker could exploit this vulnerability by providing a specially crafted JSON object. This object leverages a weakness in jq's hashing algorithm, which uses a hardcoded, publicly known seed. By crafting the JSON object to cause has...

ELECOM WRC和ELECOM WAB 安全漏洞

ELECOM WRC and ELECOM WAB are products of the Japanese company ELECOM. ELECOM WRC is a home-use network camera. ELECOM WAB is a series of wireless access points. Both ELECOM WRC and ELECOM WAB have security vulnerabilities. These vulnerabilities stem from the use of hardcoded encryption keys to...

Malicious code in txwrap (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 72b4db77d156fffbfdf3253cda39d73180fda419676d356fdbc217130c289549 During importing, the remote code is downloaded. It then exfiltrates cryptocurrency wallet data to a hardcoded location and places a backdoor through a new...

MAL-2026-3685 Malicious code in always-updates (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector dee16a964c16035579f7be2f965a801f87876080603f389e1e75ec3073bd5c2c The package's sole advertised CLI aupd, registered as a consolescripts entry point to alwaysupdates.main:main executes...

Malicious code in @a91082900/test_package (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b8349cd7ce2c9ac2321dce8f80e5a46c0064b382fb7e54e975ff27a2dcab1254 The package's main file index.js executes at module load, with no exports and no user-invoked API. On import it issues...

MAL-2026-3680 Malicious code in @a91082900/test_package (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b8349cd7ce2c9ac2321dce8f80e5a46c0064b382fb7e54e975ff27a2dcab1254 The package's main file index.js executes at module load, with no exports and no user-invoked API. On import it issues...

jq: jq: Denial of Service via crafted JSON object causing hash collisions

A flaw was found in jq, a command-line JSON processor. A remote attacker could exploit this vulnerability by providing a specially crafted JSON object. This object leverages a weakness in jq's hashing algorithm, which uses a hardcoded, publicly known seed. By crafting the JSON object to cause has...

EUVD-2026-29432

A vulnerability has been identified in Teamcenter V2312 All versions V2312.0014, Teamcenter V2406 All versions V2406.0012, Teamcenter V2412 All versions V2412.0009, Teamcenter V2506 All versions V2506.0005, Teamcenter V2512 All versions. The affected application contains hardcoded key which is us...

CVE-2026-33893

A vulnerability has been identified in Teamcenter V2312 All versions V2312.0014, Teamcenter V2406 All versions V2406.0012, Teamcenter V2412 All versions V2412.0009, Teamcenter V2506 All versions V2506.0005, Teamcenter V2512 All versions. The affected application contains hardcoded key which is us...

CVE-2026-33893

A vulnerability has been identified in Teamcenter V2312 All versions V2312.0014, Teamcenter V2406 All versions V2406.0012, Teamcenter V2412 All versions V2412.0009, Teamcenter V2506 All versions V2506.0005, Teamcenter V2512 All versions. The affected application contains hardcoded key which is us...

CVE-2026-33893

A vulnerability has been identified in Teamcenter V2312 All versions V2312.0014, Teamcenter V2406 All versions V2406.0012, Teamcenter V2412 All versions V2412.0009, Teamcenter V2506 All versions V2506.0005, Teamcenter V2512 All versions. The affected application contains hardcoded key which is us...

CVE-2026-33893

CVE-2026-33893 affects Siemens Teamcenter: V2312 < 2312.0014, V2406 < 2406.0012, V2412 < 2412.0009, V2506 < 2506.0005, and V2512

CVE-2026-33893

A vulnerability has been identified in Teamcenter V2312 All versions V2312.0014, Teamcenter V2406 All versions V2406.0012, Teamcenter V2412 All versions V2412.0009, Teamcenter V2506 All versions V2506.0005, Teamcenter V2512 All versions. The affected application contains hardcoded key which is us...

Malicious code in 88q (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cb830829cae1605ff7626653a2470db03cd5a5aab98b3f0a7f5912eaf244561b The main entrypoint index.js runs an IIFE at require time that monkey-patches the global console.warn and console.error methods. After the override,...

MAL-2026-3674 Malicious code in 66o (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c3ba0e9f968d627812a2a4efbb8631d3400b6c19692c7668c8e511e2808aaa62 On require, index.js replaces the global console object with a Proxy index.js:36-73 that intercepts console.error/info/warn calls anywhere in the hos...

MAL-2026-3694 Malicious code in mymaldependency (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 38372ffa2ec19cee68f769508d95ffb4f5c1878aeae058ce3e7a33b947d06cf1 MyMalDependencypackage/init.py executes on every import: it calls os.uname and os.getcwd, writes the results to./trans.txt in the installer's working...

Malicious code in 1mi (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a68ec5fa97918431510ba9ef57d3d601738891094478b5ebf996a3eafa0cb960 This package masquerades as a Cloudflare Worker Telegraf middleware README: 'cfworker-middware-telegraf' but its main module unconditionally forwards...