311862 matches found
CVE-2026-42994
Bitwarden CLI 2026.4.0 from 2026-04-22T21:57Z to 2026-04-22T23:30Z, when obtained from npm, had embedded malicious code. This is related to a Checkmarx supply chain incident...
CVE-2026-42994
CVE-2026-42994 concerns Bitwarden CLI 2026.4.0 (released around 2026-04-22) when obtained from npm, which reportedly contained embedded malicious code as part of a Checkmarx supply chain incident. Public documents identify the affected software and the malicious supply chain context, but do not p...
PT-2026-36295
Bitwarden CLI 2026.4.0 from 2026-04-22T21:57Z to 2026-04-22T23:30Z, when obtained from npm, had embedded malicious code. This is related to a Checkmarx supply chain incident...
Bitwarden CLI 操作系统命令注入漏洞
Bitwarden CLI is a command-line password management tool provided by Bitwarden Corporation. Version 2026.4.0 of Bitwarden CLI contains a vulnerability related to operating system command injection, which stems from the embedding of malicious code when retrieving it via npm...
Malicious code in renderctx (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 7c668f58ae62e49c301d2e437e96818f41e221768509cfb4cf80b9800b5adf5a Packages in this campaign are used to exfiltrate data from users installing code from prepared Github repositories. Packages contain code to exfiltrate files...
Malicious code in intercom-client (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 31f6931321619f69c7d1da208b4dffb8162d8ef83b0c9ee16539a8d8620ccbcc The package intercom-client was found to contain malicious code. Source: ghsa-malware 2d01b1077a26ddef79a7421bd98e7e2e9dd6a8d2447f41c2cfe3fb5e35f9631...
MAL-2026-3204 Malicious code in intercom-client (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 31f6931321619f69c7d1da208b4dffb8162d8ef83b0c9ee16539a8d8620ccbcc The package intercom-client was found to contain malicious code. Source: ghsa-malware 2d01b1077a26ddef79a7421bd98e7e2e9dd6a8d2447f41c2cfe3fb5e35f9631...
MAL-2026-3205 Malicious code in doisomgcxog (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 78d6a043bbe150c65e0a3e7e56c69f1ff32171b70a684d512c87a2bfe0baf0b5 During import, the package automatically downloads and executes code that first acts as an infostealer and then starts code acting as a RAT. It connects with a...
MAL-2026-3202 Malicious code in eslint-plugin-skyscanner-dates (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0fa3152c92c23ebec42990f14c77642de971e5a5464b0e7c25ecdea012ac81e4 The package eslint-plugin-skyscanner-dates was found to contain malicious code. Source: ghsa-malware...
MAL-2026-3305 Malicious code in apple-internal-security-audit-v99 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 85c1a320034eadbc47dbe12b147164f4b003babca198b527d6b725a9f891f188 The package apple-internal-security-audit-v99 was found to contain malicious code. Source: ghsa-malware...
Malicious code in tanstack (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7028347dbae61f876b9cca30a5d444da26b4ceab8364f00f8f2be35ff6baa2c4 The package tanstack was found to contain malicious code. Source: ghsa-malware a87082b3e2d555f184ce24de123d5e2d03b84521e22903e21e17d0222ab4b5e9 Any...
Embedded Malicious Code
Overview tanstack is a TanStack Player — A developer-first, universal Video Player SDK built on Video.js with headless hooks, plugin architecture, and React-first DX Affected versions of this package are vulnerable to Embedded Malicious Code that exfiltrates environment variables from developers'...
MAL-2026-3190 Malicious code in tanstack (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7028347dbae61f876b9cca30a5d444da26b4ceab8364f00f8f2be35ff6baa2c4 The package tanstack was found to contain malicious code. Source: ghsa-malware a87082b3e2d555f184ce24de123d5e2d03b84521e22903e21e17d0222ab4b5e9 Any...
MAL-2026-3183 Malicious code in @breezeai-frontend/cargo-ui (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7b36e9fa7e047ca0001c4203829c98d09f750046708527baf2f2a1538a3f5e10 The package @breezeai-frontend/cargo-ui was found to contain malicious code. Source: ghsa-malware...
MAL-2026-3184 Malicious code in @breezeai-frontend/tailwind-config (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 93dd597412bdae22d265ee51f76a40cefa637f09bdf73cb7ede9ac63daf05ac8 The package @breezeai-frontend/tailwind-config was found to contain malicious code. Source: ghsa-malware...
Malicious code in gcp-internal-research-poc (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9241eea1246719d57b428f64fd5138ae386fcf285aadd32a0a2ece3a8926b588 The package gcp-internal-research-poc was found to contain malicious code. Source: ghsa-malware...
Malicious code in apple-infra-escape-audit (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c4ca3e5d6066fa58a9fe52cc968a31569064af5959443ab3b8088f088c72b851 The package apple-infra-escape-audit was found to contain malicious code. Source: ghsa-malware...
Malicious code in frank-newton3-user-hunt (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a3d2188a1bfb704f499669b386b4268ab26fb46de37022d5b91df575521fcf81 The package frank-newton3-user-hunt was found to contain malicious code. Source: ghsa-malware...
MAL-2026-3168 Malicious code in apple-internal-config (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 16ae120f182e305f15d778dfe594aa3f79076b93b5bd4be77f293fdf08c5e12a The package apple-internal-config was found to contain malicious code. Source: ghsa-malware...
MAL-2026-3173 Malicious code in gcp-internal-research-poc (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9241eea1246719d57b428f64fd5138ae386fcf285aadd32a0a2ece3a8926b588 The package gcp-internal-research-poc was found to contain malicious code. Source: ghsa-malware...