Malicious code in nextjs-chat-with-ai-service (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8ff3e52e4957291f626e1225ab3b81194c80cd8c6037f943298f6170f98dbe9b The package nextjs-chat-with-ai-service was found to contain malicious code. Source: ghsa-malware...

Malicious code in apexomni (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a53c153f68abdc118a92f4c3a13c2ad21e0d098bdf5e7cf57e679e467b226c06 The package apexomni was found to contain malicious code. Source: ghsa-malware 8ec8450f87a6c99576d96e1c59179c61ef89603915c8d003af0f5f6992348092 Any...

Malicious code in ams-ssk (npm)

Malicious npm package published by user shetty123 as part of a Telegram account hijacking framework targeting Indian Telegram users. All 31 published versions 1.0.0 through 1.0.33 are malicious. Pairs with common-tg-service, which performs the client-side Telegram account takeover. ams-ssk is the...

MAL-2026-3232 Malicious code in codewhisperer-streaming (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f51029062b1172921ad99025d73d75bbf937d2d4c3b111ab8a4d09db2ef91caf The package codewhisperer-streaming was found to contain malicious code. Source: ossf-package-analysis...

Malicious code in codewhisperer-streaming (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f51029062b1172921ad99025d73d75bbf937d2d4c3b111ab8a4d09db2ef91caf The package codewhisperer-streaming was found to contain malicious code. Source: ossf-package-analysis...

SUSE CVE-2026-31715

In the Linux kernel, the following vulnerability has been resolved: f2fs: fix UAF caused by decrementing sbi-nrpages in f2fswriteendio The xfstests case "generic/107" and syzbot have both reported a NULL pointer dereference. The concurrent scenario that triggers the panic is as follows:...

Exploit for Code Injection in Flowiseai Flowise

CVE-2025-59528 PoC ⚠️ For educational and authorized securit...

CVE-2026-43053

In the Linux kernel, the following vulnerability has been resolved: xfs: close crash window in attr dabtree inactivation When inactivating an inode with node-format extended attributes, xfsattr3nodeinactive invalidates all child leaf/node blocks via xfstransbinval, but intentionally does not remo...

MAL-2026-3215 Malicious code in archetype-style (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8a6fb5b405c9035099932e46f80bb6fe9740d3f727020700cc1e6ad36db2caf8 The package archetype-style was found to contain malicious code. Source: ghsa-malware 1a4167fceb94cc67abfdbf63173e2c469bae6c8a830dfb9c11c3a999d944641...

Malicious code in update-browserslist (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8c4a878cc9c9ebf1f260c89d735fe37a0a802bdb61300bc93f018d2e3a8af520 The package update-browserslist was found to contain malicious code. Source: ossf-package-analysis...

MAL-2026-3308 Malicious code in common-roles (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f602ee3e4db38c8befaab761a5f06c83f1a48c33822478a3ae25e315fcd337a2 The package common-roles was found to contain malicious code. Source: ossf-package-analysis...

CVE-2026-43053

CVE-2026-43053 affects the Linux kernel XFS filesystem. The flaw arises during inode inactivation with node-format extended attributes: xfs_attr3_node_inactive() invalidates child blocks but does not remove their references from the parent, creating a window where the parent can point to cancelle...

CVE-2026-43053 xfs: close crash window in attr dabtree inactivation

In the Linux kernel, the following vulnerability has been resolved: xfs: close crash window in attr dabtree inactivation When inactivating an inode with node-format extended attributes, xfsattr3nodeinactive invalidates all child leaf/node blocks via xfstransbinval, but intentionally does not remo...

EUVD-2026-26652

In the Linux kernel, the following vulnerability has been resolved: xfs: close crash window in attr dabtree inactivation When inactivating an inode with node-format extended attributes, xfsattr3nodeinactive invalidates all child leaf/node blocks via xfstransbinval, but intentionally does not remo...

EUVD-2026-26640

In the Linux kernel, the following vulnerability has been resolved: net: qrtr: replace qrtrtxflow radixtree with xarray to fix memory leak radixtreecreate allocates and links intermediate nodes into the tree one by one. If a subsequent allocation fails, the already-linked nodes remain in the tree...

CVE-2026-31715 f2fs: fix UAF caused by decrementing sbi->nr_pages[] in f2fs_write_end_io()

In the Linux kernel, the following vulnerability has been resolved: f2fs: fix UAF caused by decrementing sbi-nrpages in f2fswriteendio The xfstests case "generic/107" and syzbot have both reported a NULL pointer dereference. The concurrent scenario that triggers the panic is as follows:...

EUVD-2026-26524

In the Linux kernel, the following vulnerability has been resolved: f2fs: fix UAF caused by decrementing sbi-nrpages in f2fswriteendio The xfstests case "generic/107" and syzbot have both reported a NULL pointer dereference. The concurrent scenario that triggers the panic is as follows:...

CVE-2026-31715

In Linux kernel (f2fs), CVE-2026-31715 is a use-after-free triggered by decrementing sbi->nr_pages[] during F2FS_WB_CP_DATA handling. The root cause is that f2fs_put_super() calls iput(sbi->node_inode) and NULLs the node_inode after the counter reaches zero, allowing f2fs_in_warm_node_list(...

CVE-2026-31715

In the Linux kernel, the following vulnerability has been resolved: f2fs: fix UAF caused by decrementing sbi-nrpages in f2fswriteendio The xfstests case "generic/107" and syzbot have both reported a NULL pointer dereference. The concurrent scenario that triggers the panic is as follows:...

Malicious Package

Overview blackbeards-navigator is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...