Malicious code in index-ulid (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5acad250c58c9c27804a14b640d17438998fbaabd43b77c69008c7180014f361 index-ulid impersonates the legitimate ulid/ulidx ULID generator reuses ulid's description and links its homepage to github.com/ulid/javascript but i...

CVE-2025-7003 Avira antivirus engine heap buffer OOB read when scanning a malformed PDF file (variant 1)

Heap buffer out-of-bounds read vulnerability in Avira Antivirus engine when scanning a malformed PDF file may allow Local Execution of Code or Denial-of-Service of the antivirus engine process. This issue affects Avira Antivirus on Windows, macOS, and Linux for engine builds before 8.3.70.56...

PT-2026-49046

Name of the Vulnerable Software and Affected Versions Avira Antivirus versions prior to 8.3.70.104 Description A heap buffer out-of-bounds write occurs due to an integer overflow in the antivirus engine when scanning a malformed MS-DOS executable file. This can lead to local execution of code or ...

Malicious code in @cloudplatform-single-spa/smk (npm)

Part of a dependency confusion attack campaign targeting the @cloudplatform-single-spa and @mlspace npm scopes. The attacker npm user mr.4nd3r50n published 139 scoped packages at the inflated version 99.99.99, which resolves ahead of any private registry version via npm's default version...

MAL-2026-4865 Malicious code in @car-loans/close-flow-module (npm)

Part of a dependency confusion attack campaign targeting the @car-loans, @fb-deposit, and @debit-ib npm scopes. The attacker npm user pik-libs published 25 scoped packages at the inflated version 99.99.99, which resolves ahead of any private registry version via npm's default version resolution,...

Stable Channel Update for Desktop

The Stable channel has been updated to 148.0.7778.167/168 for Windows/Mac and 148.0.7778.167 for Linux, which will roll out over the coming days/weeks. A full list of changes in this build is available in the Log Security Fixes and Rewards Note: Access to bug details and links may be kept...

Multi-OS Cyberattacks: How SOCs Close a Critical Risk in 3 Steps

Your attack surface no longer lives on one operating system, and neither do the campaigns targeting it. In enterprise environments, attackers move across Windows endpoints, executive MacBooks, Linux infrastructure, and mobile devices, taking advantage of the fact that many SOC workflows are still...

Stable Channel Update for Desktop

The Stable channel has been updated to 146.0.7680.164/165 for Windows/Mac and 146.0.7680.164 for Linux, which will roll out over the coming days/weeks. A full list of changes in this build is available in the Log Security Fixes and Rewards Note: Access to bug details and links may be kept...

Stable Channel Update for Desktop

The Stable channel has been updated to 146.0.7680.80 for Windows/Mac and 146.0.7680.80 for Linux, which will roll out over the coming days/weeks. A full list of changes in this build is available in the Log Security Fixes and Rewards Note: Access to bug details and links may be kept restricted...

Stable Channel Update for Desktop

The Stable channel has been updated to 146.0.7680.75/76 for Windows/Mac and 146.0.7680.75 for Linux, which will roll out over the coming days/weeks. A full list of changes in this build is available in the Log Security Fixes and Rewards Updated 2026-03-13: The previous version of these notes...

CVE-2026-30796 RustDesk Client Transmits Preset Address Book Password Verbatim in Heartbeat Sync

Cleartext Transmission of Sensitive Information, Insufficiently Protected Credentials vulnerability in rustdesk-client RustDesk Client rustdesk-client on Windows, MacOS, Linux, iOS, Android Address book sync, Heartbeat sync loop modules allows Sniffing Attacks. The client places the preset...

Stable Channel Update for Desktop

The Chrome team is delighted to announce the promotion of Chrome 145 to the stable channel for Windows, Mac and Linux. This will roll out over the coming days/weeks. Chrome 145.0.7632.45 Linux 145.0.7632.45/46 Windows/Mac contains a number of fixes and improvements -- a list of changes is availab...

CVE-2026-24687

Umbraco Forms is a form builder that integrates with the Umbraco content management system. It's possible for an authenticated backoffice-user to enumerate and traverse paths/files on the systems filesystem and read their contents, on Mac/Linux Umbraco installations using Forms. As Umbraco Cloud...

EUVD-2026-4966

Umbraco.Forms has Path Traversal and File Enumeration Vulnerabilities in Linux/Mac...

Directory Traversal

Overview Umbraco.Forms is an a form creator that's as easy to use. Affected versions of this package are vulnerable to Directory Traversal via the fileName parameter of the export endpoint. An attacker can access and read arbitrary files on the filesystem by submitting specially crafted requests...

CVE-2026-24687

Umbraco Forms is a form builder that integrates with the Umbraco content management system. It's possible for an authenticated backoffice-user to enumerate and traverse paths/files on the systems filesystem and read their contents, on Mac/Linux Umbraco installations using Forms. As Umbraco Cloud...

CVE-2026-24687

Umbraco Forms is a form builder that integrates with the Umbraco content management system. It's possible for an authenticated backoffice-user to enumerate and traverse paths/files on the systems filesystem and read their contents, on Mac/Linux Umbraco installations using Forms. As Umbraco Cloud...

PT-2026-5347

Umbraco Forms is a form builder that integrates with the Umbraco content management system. It's possible for an authenticated backoffice-user to enumerate and traverse paths/files on the systems filesystem and read their contents, on Mac/Linux Umbraco installations using Forms. As Umbraco Cloud...

Stable Channel Update for Desktop

The Stable channel has been updated to 143.0.7499.146/.147 for Windows/Mac and 143.0.7499.146 for Linux, which will roll out over the coming days/weeks. A full list of changes in this build is available in the Log. 2025-12-12: Updated to include more details for bug number 466192044 Security Fixe...

CVE-2025-12385 Improper validation of <img> tag size in Text component parser

Allocation of Resources Without Limits or Throttling, Improper Validation of Specified Quantity in Input vulnerability in The Qt Company Qt on Windows, MacOS, Linux, iOS, Android, x86, ARM, 64 bit, 32 bit allows Excessive Allocation. This issue affects users of the Text component in Qt Quick...