MAL-2026-5063 Malicious code in customerdigital-service-lib (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware d58926a994bd05ac4db3c984f96186b2d52da1235a3f56f34843c01dd2246408 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious Package

Overview customerdigital-service-lib is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...

Malicious Package

Overview paychex-common-vendor-lib is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...

Malicious Package

Overview customerdigital-ui-containers-lib is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and...

USN-8346-1: Texmaker vulnerabilities

It was discovered that the vendored LibTIFF in Texmaker incorrectly handled memory when parsing malformed TIFF image metadata. An attacker could possibly use this issue to cause a denial of service, obtain sensitive information, or execute arbitrary code...

MAL-2026-4822 Malicious code in loadtest-browser-lib (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 934a61b207f82f8549de09139a73a80f47746bba1dacd21f657d34e6e542324e On npm install, the package's preinstall hook executes index.js, which collects host identifiers hostname, username, platform, arch, cwd, pid,...

Malicious Package

Overview pdf-lib-enhanced is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

MAL-2026-4799 Malicious code in pdf-lib-enhanced (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a4da0334724e86909030ba354dab57e4c522c139a925d3ec06559541179c562e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in pdf-lib-enhanced (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a4da0334724e86909030ba354dab57e4c522c139a925d3ec06559541179c562e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2026-25104

MediaArea MediaInfoLib LXF parsing heap-based buffer overflow vulnerability...

CVE-2026-25104

MediaArea MediaInfoLib LXF parsing heap-based buffer overflow vulnerability...

Malicious Package

Overview ts-big-lib is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...

MAL-2026-4324 Malicious code in ts-big-lib (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f9e88287cb64881d3f8f2e1705d8984d54c0a3147cb3740660afca913064042a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

dovecot: Fix of 2 CVEs

CVE-2026-42006: lib-imap: fix listcountlimit to actually count open '' instead of close '', preventing an imap-login memory-exhaustion DoS that bypassed the CVE-2026-27857 fix...

CVE-2026-22554

MediaArea MediaInfoLib Channel Splitting heap-based buffer overflow vulnerability...

Astra Linux - уязвимость в ntfs-3g

An invalid return code in fusekernmount allows for intercepting the libfuse-lite protocol traffic between NTFS-3G and the kernel in NTFS-3G through 2021.8.22 when using libfuse-lite...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: ALSA: firewire-lib: Avoid division by zero in applyconstrainttosize The step variable is initialized to zero. It is changed during the loop; however, if it isn’t changed, it will remain zero. Add a variable check before the...

Astra Linux - уязвимость в jetty9

In Eclipse Jetty versions 1.0 through 9.4.32.v20200930, 10.0.0alpha1 through 10.0.0.beta2, and 11.0.0alpha1 through 11.0.0.beta2O, on Unix-like systems, the system’s temporary directory is shared among all users on that system. A collocated user can observe the process of creating a temporary...

Astra Linux - уязвимость в linux-5.15, linux, linux-5.10

A issue was discovered in lib/kobject.c in the Linux kernel before version 6.2.3. With root access, an attacker can trigger a race condition that results in an out-of-bounds write of the fillkobjpath variable...

Malicious code in paysafe-gbp-virtual-assistant-lib-fe (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 940faf3ecfa6ee3c09c995a5f124d4a3b53bf2e2e5eaccea8156ce7bd25494eb The package paysafe-gbp-virtual-assistant-lib-fe was found to contain malicious code. Source: ossf-package-analysis...