Malicious code in apple-internal-security-poc-frank (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 10f171ab8af350f288bde3dca0a4c5741b840ed376b0022602322fd7b8b6341f The package apple-internal-security-poc-frank was found to contain malicious code. Source: ghsa-malware...

Malicious Package

Overview cktool.core.internal is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

Malicious code in apple-auth-internal (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f287635d5bb4ba311de3a315d8b730e159dd7dee46e68896e94f07d1b4d91860 The package apple-auth-internal was found to contain malicious code. Source: ghsa-malware...

Malicious Package

Overview cktool.config is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

Malicious Package

Overview apple-internal-security-poc-frank is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and...

PT-2026-36920

Name of the Vulnerable Software and Affected Versions Nginx UI versions prior to 2.3.8 Description An authenticated user can access the 'GET /api/settings' endpoint to retrieve sensitive configuration values, such as node.secret. This secret is accepted by the AuthRequired function via the...

Unity Linux 20.1050e / 20.1070e Security Update: kernel (UTSA-2026-010840)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-010840 advisory. In the Linux kernel, the following vulnerability has been resolved: tracing: Fix null pointer dereference in tracingerrlogopen Fix an issue in function...

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-013381)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013381 advisory. In the Linux kernel, the following vulnerability has been resolved: of: unittest: fix null pointer dereferencing in ofunittestfindnodebyname when kmalloc fail to...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-011339)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-011339 advisory. In the Linux kernel, the following vulnerability has been resolved: HSI: omapssi: Fix refcount leak in ssiprobe When returning or breaking early from a...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-011010)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-011010 advisory. In the Linux kernel, the following vulnerability has been resolved: staging: media: tegra-video: fix devicenode use after free At probe time this code path is...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-006971)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006971 advisory. In the Linux kernel, the following vulnerability has been resolved: irqchip: Fix refcount leak in platformirqchipprobe ofirqfindparent returns a node pointer with...

Unity Linux 20.1050e / 20.1070e Security Update: kernel (UTSA-2026-011349)

"The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-011349 advisory. In the Linux kernel, the following vulnerability has been resolved: fs/proc: fix uaf in procreaddirde Pde is erased from subdir rbtree through rberase, but not set...

PT-2026-34236

Name of the Vulnerable Software and Affected Versions Flowise versions prior to 3.1.0 Description A flaw exists in the run method of the CSV Agents class due to improper sandboxing when evaluating Python scripts generated by a Large Language Model LLM. An unauthenticated attacker can use prompt...

Follow Redirects 信息泄露漏洞

Follow Redirects is an open-source Node.js module that automatically follows HTTP redirects. Versions of Follow Redirects prior to 1.16.0 had a vulnerability related to information leakage. This vulnerability occurred when HTTP requests followed cross-domain redirects, and only authorization, pro...

Unity Linux 20.1050e / 20.1070e Security Update: kernel (UTSA-2026-011237)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-011237 advisory. In the Linux kernel, the following vulnerability has been resolved: rcu: Protect rcuprinttaskexpstall -exptasks access For kernels built with CONFIGPREEMPTRCU=y, the...

Unity Linux 20.1050a / 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-006931)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006931 advisory. In the Linux kernel, the following vulnerability has been resolved: memory: pl353-smc: Fix refcount leak bug in pl353smcprobe The break of foreachavailablechildofnod...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-011153)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-011153 advisory. In the Linux kernel, the following vulnerability has been resolved: irqchip: Fix refcount leak in platformirqchipprobe ofirqfindparent returns a node pointer with...

Embedded Malicious Code

Overview pgserve is an Embedded PostgreSQL server with true concurrent connections - zero config, auto-provision databases Affected versions of this package are vulnerable to Embedded Malicious Code that injects a credential-harvesting script that runs via postinstall on every npm install. It...

MAL-2026-2956 Malicious code in @serasa/core (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2a5d7dc70207045632b443597fdca880203a20b38f5999520fe5c437ca65a496 The package @serasa/core was found to contain malicious code. Source: ossf-package-analysis...

Malicious code in @serasa/core (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2a5d7dc70207045632b443597fdca880203a20b38f5999520fe5c437ca65a496 The package @serasa/core was found to contain malicious code. Source: ghsa-malware a4f77a3e4a851be714d9bf54f710ffa9244ea5b12e85a1341a61802b1655acfc A...