Malicious code in mailcraftjs (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 27f66d32585597a7eeaa611a0c5f0fd20ee5a035d98d00ace5c0a333ae36b5be The package mailcraftjs was found to contain malicious code. Source: ghsa-malware bc9eb14094700cd30fbd04c4f4b7e75c8971e1ceb5442320dba55befe0fdccb7 An...

MAL-2026-2943 Malicious code in turbo-he (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1da17bf1f37303e3d91056c1ce674462279861bc896e413f1d262548ff6b3647 The package turbo-he was found to contain malicious code. Source: ghsa-malware 6bd9985ec0cf97c08347814d88b84c1c12cd8f22507a76e2a78cacb06c6840a6 Any...

MAL-2026-2940 Malicious code in mailcraftjs (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 27f66d32585597a7eeaa611a0c5f0fd20ee5a035d98d00ace5c0a333ae36b5be The package mailcraftjs was found to contain malicious code. Source: ghsa-malware bc9eb14094700cd30fbd04c4f4b7e75c8971e1ceb5442320dba55befe0fdccb7 An...

MAL-2026-2944 Malicious code in turbo-leven (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c0903aeeee8de9f8d0b7bae616fb57ef1468d676ff1f319791b54a4c658211b4 The package turbo-leven was found to contain malicious code. Source: ghsa-malware 6a89f53d914eeb23f58756ee338b08701d799e346d6901d2f374bb51e736b2ef An...

CVE-2026-6591

A flaw has been found in ComfyUI up to 0.13.0. Affected is the function folderpaths.getannotatedfilepath of the file folderpaths.py of the component LoadImage Node. This manipulation of the argument Name causes path traversal. Remote exploitation of the attack is possible. The exploit has been...

CVE-2026-6591

ComfyUI up to 0.13.0 is affected by a path traversal in the LoadImage Node’s folder_paths.get_annotated_filepath (folder_paths.py). The vulnerability arises from manipulating the Name argument, enabling remote exploitation. An exploit has been published; vendor was contacted but did not respond. ...

EUVD-2026-23735

A flaw has been found in ComfyUI up to 0.13.0. Affected is the function folderpaths.getannotatedfilepath of the file folderpaths.py of the component LoadImage Node. This manipulation of the argument Name causes path traversal. Remote exploitation of the attack is possible. The exploit has been...

CVE-2026-6591 ComfyUI LoadImage Node folder_paths.py folder_paths.get_annotated_filepath path traversal

A flaw has been found in ComfyUI up to 0.13.0. Affected is the function folderpaths.getannotatedfilepath of the file folderpaths.py of the component LoadImage Node. This manipulation of the argument Name causes path traversal. Remote exploitation of the attack is possible. The exploit has been...

CVE-2026-6591

A flaw has been found in ComfyUI up to 0.13.0. Affected is the function folderpaths.getannotatedfilepath of the file folderpaths.py of the component LoadImage Node. This manipulation of the argument Name causes path traversal. Remote exploitation of the attack is possible. The exploit has been...

CVE-2026-6591 ComfyUI LoadImage Node folder_paths.py folder_paths.get_annotated_filepath path traversal

A flaw has been found in ComfyUI up to 0.13.0. Affected is the function folderpaths.getannotatedfilepath of the file folderpaths.py of the component LoadImage Node. This manipulation of the argument Name causes path traversal. Remote exploitation of the attack is possible. The exploit has been...

PT-2026-33831

Name of the Vulnerable Software and Affected Versions Flowsint affected versions not specified Description Flowsint is an open-source OSINT graph exploration tool used for cybersecurity investigation, transparency, and verification. A remote attacker can create a sketch and trigger the org to asn...

PT-2026-33660

A flaw has been found in ComfyUI up to 0.13.0. Affected is the function folder paths.get annotated filepath of the file folder paths.py of the component LoadImage Node. This manipulation of the argument Name causes path traversal. Remote exploitation of the attack is possible. The exploit has bee...

node-security-poc

No d...

Malicious code in chandan-module-test (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a9b92ee71a8547073a6d21685e6190b1769e93db8cbf2be1a57e7e14e8d0d075 The package chandan-module-test was found to contain malicious code. Source: ossf-package-analysis...

CVE-2026-41242 vulnerabilities

Vulnerabilities for packages: librechat, langfuse, pulumi, langfuse-fips, renovate, vitess, kubeflow-centraldashboard, opentelemetry-auto-instrumentations-node, jitsucom-jitsu, kibana, gemini-cli...

Malicious code in react-spa-shadcn (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7b0a6436d822911c9ab59cb73cdf9c25c0dfa562feb406fcfa450ad964418f89 The package react-spa-shadcn was found to contain malicious code. Source: ghsa-malware da9de249511ac32f8d560921d4da27724c126e29260a8fb7c4acb1da70c6b7...

Malicious code in pa-marked (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3e01d64e50dea2a8be10707dbd49869a6bcea570bf26829a1738ca2237882249 The package pa-marked was found to contain malicious code. Source: ossf-package-analysis...

MAL-2026-2932 Malicious code in sy-editor-v3 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5cbd7c2056a09f76b9e73fbd0dae4370df9df455077146ae85b6b985b0394d4f The package sy-editor-v3 was found to contain malicious code. Source: ossf-package-analysis...

Malicious code in @ataslkit/profilecard (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8efe1bf5f3d6ed3259b1ef3d48d73c3fd6368a50097725968869b551e73f828a The package @ataslkit/profilecard was found to contain malicious code. Source: ghsa-malware...

MAL-2026-2924 Malicious code in cktool.core.internal (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 95da3751f8d8f63d46e480fc465291ffa814ac0294663c1d3d62d6b4b40df73c The package cktool.core.internal was found to contain malicious code. Source: ghsa-malware...