Bastillion command injection vulnerability

Bastillion is an open-source key management tool developed by bastillion-io. Versions of Bastillion 4.0.1 and earlier contained a command injection vulnerability. This vulnerability stemmed from incorrect operations on the System Management Module component in the file...

@accounter/server (>=0.0.0 <=0.0.3-alpha-20241114141215-09b7d417e7e139562b2a77a6eb2d990da536e1ec), @aligent/auth-module (=1.0.1) +1 more potentially affected by CVE-2026-23735 via graphql-modules (>=2.3.0 <=2.4.0)

graphql-modules NPM version =2.3.0, =0.0.0, =1.0.7, =1.0.9 Source cves: CVE-2026-23735 Source advisory: OSV:GHSA-53WG-R69P-V3R7...

CVE-2025-48647

In cpmfwtpmsghandler of cpm/google/lib/tracepoint/cpmfwtpipc.c, there is a possible memory overwrite due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2025-24531

In OpenSC pampkcs11 before 0.6.13, pamsmauthenticate wrongly returns PAMIGNORE in many error situations such as an error triggered by a smartcard before login, allowing authentication bypass...

Malicious Package

Overview sd-cip-module-client is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

Malicious Package

Overview sd-conversation-history-module-client is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization...

Malicious Package

Overview sd-pdc-module-client is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

Exploit for CVE-2024-50050

--- 💀 LlamaStack-RCE: CVE-2024-50050 Supply Chain Exploitatio...

OESA-2026-1071 grub2 security update

GNU GRUB is a Multiboot boot loader. It was derived from GRUB, the GRand Unified Bootloader, which was originally designed and implemented by Erich Stefan Boleyn. Security Fixes: A vulnerability has been identified in the GRUB Grand Unified Bootloader component. This flaw occurs because the...

OESA-2026-1069 fluidsynth security update

FluidSynth is a free software synthesizer. Its currently based on the SoundFont 2 specifications and supports real time MIDI effect controls. It can be used as a shared library for embedding in other applications, can play MIDI files and has a command line shell. Many other applications use...

SUSE CVE-2018-3750

The utilities function in all versions = 0.5.0 of the deep-extend node module can be tricked into modifying the prototype of Object when the attacker can control part of the structure passed to this function. This can let an attacker add or modify existing properties that will exist on all object...

MAL-2026-305 Malicious code in sd-ccp-module-client (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 767cf50a9b0a16fd39e9fbbf533657ccbafe4120cb01d2c6da4c9fedc2cb342e The package sd-ccp-module-client was found to contain malicious code. Source: ghsa-malware...

EUVD-2026-3058

Malicious code in sd-agent-toolbar-module-client npm...

Malicious code in sd-pdc-module-client (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bed2d91fb4db4325ed4d7b78f02cb681cc3ce2a9b5de740755a4fb868780d75f The package sd-pdc-module-client was found to contain malicious code. Source: ghsa-malware...

EUVD-2026-3053

Malicious code in sd-pdc-module-client npm...

Malicious code in sd-active-conversation-module-client (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 278082132569830ff8cb8dd522f0e5284296ea09a1eebfbebffd95656cfe9c63 The package sd-active-conversation-module-client was found to contain malicious code. Source: ghsa-malware...

EUVD-2026-3056

Malicious code in sd-cip-module-client npm...

Malicious code in sd-navbar-module-client (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ff5eb5c5baa5e482655961b2dd4ced29ff771428c5870106e0a30cc916913908 The package sd-navbar-module-client was found to contain malicious code. Source: ghsa-malware...

EUVD-2026-3059

Malicious code in sd-active-conversation-module-client npm...

EUVD-2026-3055

Malicious code in sd-conversation-history-module-client npm...