Malicious code in whiteboard-agent (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ae14bab8e5a11636f7a395fccf88119f5294c3639c8f71b6b2e3f199282bb584 On npm install, scripts/postinstall.js fetches a companion-- binary from github.com/palmthree-studio/whiteboard-agent/releases/download/nightly/... —...

dzbanek-langflow-base (>=0.6.0 <=0.6.1), langflow-base (>=0.7.0 <=0.8.0rc2) +1 more potentially affected by CVE-2026-7687 via lfx (>=0.1.13 <=0.3.4)

lfx PYPI version =0.1.13, =0.6.0, =0.7.0, =0.8.0rc2 - langflow-nightly =1.8.0.dev24 Source cves: CVE-2026-7687 Source advisory: SNYK:PYTHON-LFX-16479355...

@13w/local-rag (=2.0.0), @amodalai/cli (>=0.1.0 <=0.1.1) +29 more potentially affected by unknown CVE via @google/gemini-cli (>=0.11.3 <=0.39.0-nightly.20260411.0957f7d3e)

@google/gemini-cli NPM version =0.11.3, =0.1.0, =0.1.5, =0.1.0, =1.0.0, =0.0.17, =0.6.4, =0.0.1, =1.3.0, =1.0.0, =2.0.0 - @vibe-forge/client =1.0.0 and more Source cves: unknown CVE Source advisory: SNYK:JS-GOOGLEGEMINICLI-16301693...

PT-2026-34552

CVE-2026-30623 vulnerability via Anthropic's MCP SDK has been fixed since v1.83.6-nightly. Please refer to our blog post for more details. https://t.co/ImGk2mGYug...

langflow-nightly (=1.8.0.dev24) potentially affected by CVE-2026-6598 via langflow-base (=0.7.2)

langflow-base PYPI version =0.7.2 is affected by a known vulnerability. The following packages have a transitive dependency on langflow-base and may be impacted: - langflow-nightly =1.8.0.dev24 Source cves: CVE-2026-6598 Source advisory: SNYK:PYTHON-LANGFLOWBASE-16110822...

langflow-nightly (=1.8.0.dev24) potentially affected by CVE-2026-6599 via langflow-base (=0.7.2)

langflow-base PYPI version =0.7.2 is affected by a known vulnerability. The following packages have a transitive dependency on langflow-base and may be impacted: - langflow-nightly =1.8.0.dev24 Source cves: CVE-2026-6599 Source advisory: SNYK:PYTHON-LANGFLOWBASE-16110821...

langflow-nightly (=1.8.0.dev24) potentially affected by CVE-2026-6596 via langflow-base (=0.7.2)

langflow-base PYPI version =0.7.2 is affected by a known vulnerability. The following packages have a transitive dependency on langflow-base and may be impacted: - langflow-nightly =1.8.0.dev24 Source cves: CVE-2026-6596 Source advisory: SNYK:PYTHON-LANGFLOWBASE-16110820...

langflow-nightly (=1.8.0.dev24) potentially affected by CVE-2026-6596 via langflow-base (=0.7.2)

langflow-base PYPI version =0.7.2 is affected by a known vulnerability. The following packages have a transitive dependency on langflow-base and may be impacted: - langflow-nightly =1.8.0.dev24 Source cves: CVE-2026-6596 Source advisory: OSV:GHSA-VVFC-FP59-M92G...

Fedora 42 : cef (2026-6188cc51be)

The remote Fedora 42 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-6188cc51be advisory. Update to cef-146.0.9+g3ca6a87 + chromium 146.0.7680.164 High CVE-2026-4673: Heap buffer overflow in WebAudio High CVE-2026-4674: Out of bounds read...

angorapy (>=0.9.1 <=0.10.8), apple-hdr-heic (=0.1.0) +65 more potentially affected by CVE-2026-34589 via openexr (>=3.4.11 <=3.4.4)

openexr PYPI version =3.4.11, =0.9.1, =0.5.0, =0.2.5, =0.1.0rc1, =0.0.1, =0.1.0, =0.2.1, =0.0.4, =0.1.7, =0.0.1, =0.1.1, =0.0.0, =0.0.4 and more Source cves: CVE-2026-34589 Source advisory: SNYK:PYTHON-OPENEXR-15993179...

Exploit for OS Command Injection in Cacti

CVE-2022-46169 Reproduction Template Project Structure -...

langflow-nightly (=1.8.0.dev24) potentially affected by CVE-2026-33873 via langflow-base (=0.7.2)

langflow-base PYPI version =0.7.2 is affected by a known vulnerability. The following packages have a transitive dependency on langflow-base and may be impacted: - langflow-nightly =1.8.0.dev24 Source cves: CVE-2026-33873 Source advisory: SNYK:PYTHON-LANGFLOWBASE-15812241...

langflow-nightly (=1.8.0.dev24) potentially affected by CVE-2026-5027 via langflow-base (=0.7.2)

langflow-base PYPI version =0.7.2 is affected by a known vulnerability. The following packages have a transitive dependency on langflow-base and may be impacted: - langflow-nightly =1.8.0.dev24 Source cves: CVE-2026-5027 Source advisory: SNYK:PYTHON-LANGFLOWBASE-15842030...

langflow-nightly (=1.8.0.dev24) potentially affected by CVE-2026-5022 via langflow-base (=0.7.2)

langflow-base PYPI version =0.7.2 is affected by a known vulnerability. The following packages have a transitive dependency on langflow-base and may be impacted: - langflow-nightly =1.8.0.dev24 Source cves: CVE-2026-5022 Source advisory: SNYK:PYTHON-LANGFLOWBASE-15840036...

langflow-nightly (=1.8.0.dev24) potentially affected by CVE-2026-5026 via langflow-base (=0.7.2)

langflow-base PYPI version =0.7.2 is affected by a known vulnerability. The following packages have a transitive dependency on langflow-base and may be impacted: - langflow-nightly =1.8.0.dev24 Source cves: CVE-2026-5026 Source advisory: SNYK:PYTHON-LANGFLOWBASE-15814086...

langflow-nightly (=1.8.0.dev24) potentially affected by CVE-2026-5025 via langflow-base (=0.7.2)

langflow-base PYPI version =0.7.2 is affected by a known vulnerability. The following packages have a transitive dependency on langflow-base and may be impacted: - langflow-nightly =1.8.0.dev24 Source cves: CVE-2026-5025 Source advisory: SNYK:PYTHON-LANGFLOWBASE-15813866...

CVE-2026-30976

Sonarr is a PVR for Usenet and BitTorrent users. In versions on the 4.x branch prior to 4.0.17.2950, an unauthenticated remote attacker can potentially read any file readable by the Sonarr process. These include application configuration files containing API keys and database credentials, Windows...

EUVD-2026-15992

Sonarr is a PVR for Usenet and BitTorrent users. In versions on the 4.x branch prior to 4.0.17.2950, an unauthenticated remote attacker can potentially read any file readable by the Sonarr process. These include application configuration files containing API keys and database credentials, Windows...

PT-2026-28129

Name of the Vulnerable Software and Affected Versions Sonarr versions prior to 4.0.16.2942 Description Sonarr is a PVR for Usenet and BitTorrent users. A flaw exists where authentication could be bypassed in versions with authentication disabled for local addresses Authentication Required set to:...

langflow-nightly (=1.8.0.dev24) potentially affected by CVE-2026-33484 via langflow-base (=0.7.2)

langflow-base PYPI version =0.7.2 is affected by a known vulnerability. The following packages have a transitive dependency on langflow-base and may be impacted: - langflow-nightly =1.8.0.dev24 Source cves: CVE-2026-33484 Source advisory: SNYK:PYTHON-LANGFLOWBASE-15746998...