CVE-2026-20147 Cisco Identity Services Engine Remote Code Execution Vulnerability

A vulnerability in Cisco ISE and Cisco ISE-PIC could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected device. To exploit this vulnerability, the attacker must have valid administrative credentials. This vulnerability is due to...

CVE-2026-20147

Cisco CVE-2026-20147 affects Cisco Identity Services Engine (ISE) and ISE-PIC. An authenticated, remote attacker with valid administrative credentials can exploit insufficient input validation via a crafted HTTP request to execute arbitrary commands on the device’s underlying OS, potentially gain...

Malicious Package

Overview tensorzero-node is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

Malicious code in fusion-events (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e8c8e696e51251f71e47adebced7b96e693530edba7546edfc180e21202e2048 The package fusion-events was found to contain malicious code. Source: ghsa-malware 88d534717a957da6a2dd2be4f5db4aa652489fa5ac3b30382f4a8e5e06865be2...

Malicious Package

Overview vs-supplier-portal-web is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this packag...

Malicious code in vs-supplier-portal-web (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fd4ce50d0cee946b14aa2dee0c469a73331ff0c63bc65b134b3b50edb5d43c54 The package vs-supplier-portal-web was found to contain malicious code. Source: ghsa-malware...

Malicious code in @pnc-cib/cib-core-lib (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8766c693609e1190061234006c3ba48a9e4f421805daabf59baa712e6d634eee The package @pnc-cib/cib-core-lib was found to contain malicious code. Source: ghsa-malware...

MAL-2026-2688 Malicious code in @pnc-cib/cib-core-lib (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8766c693609e1190061234006c3ba48a9e4f421805daabf59baa712e6d634eee The package @pnc-cib/cib-core-lib was found to contain malicious code. Source: ghsa-malware...

Malicious Package

Overview laserlogsink is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

Malicious code in react-dom-19 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1e6b5a54efd0bd62412ae002a01495b83a035014f59692e4e942aeaf9fd70d0d The package react-dom-19 was found to contain malicious code. Source: ossf-package-analysis...

Exploit for Code Injection in Flowiseai Flowise

CVE-2025-59528 — Flowise AI Authenticated Remote Code Executio...

RLSA-2026:7675 Important: nodejs24 security update

Node.js is a platform built on Chrome's JavaScript runtime for easily building fast, scalable network applications. Node.js uses an event-driven, non-blocking I/O model that makes it lightweight and efficient, perfect for data-intensive real-time applications that run across distributed devices...

Malicious code in tensorzero-node (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 72b66b5b70cb431f4427417df356e75438bfa64c106e3c1762f27c257246e445 The package tensorzero-node was found to contain malicious code. Source: ghsa-malware d152b28b710406f0a3eede30abb61ae9698eca9fc72a46a2b6b59eaf23876dc...

MAL-2026-2684 Malicious code in tensorzero-node (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 72b66b5b70cb431f4427417df356e75438bfa64c106e3c1762f27c257246e445 The package tensorzero-node was found to contain malicious code. Source: ghsa-malware d152b28b710406f0a3eede30abb61ae9698eca9fc72a46a2b6b59eaf23876dc...

MAL-2026-2681 Malicious code in @athena-ui-components/dashboard-widget (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector dde903dbeed027bf706e148f4e85f93dd117d93441dddea76703a801a81a5b2d The package @athena-ui-components/dashboard-widget was found to contain malicious code. Source: ossf-package-analysis...

CVE-2026-41213

creationtimestamp| type| source ---|---|--- 2026-04-15 08:02:45+00:00| published-proof-of-concept| https://github.com/node-oauth/node-oauth2-server/security/advisories/GHSA-jhm7-29pj-4xvf...

MAL-2026-2827 Malicious code in js-logger-pack (npm)

js-logger-pack is a fake npm logger that the attacker developed openly on the registry over 23 versions across two weeks 2026-04-01 to 2026-04-15. Version 1.1.20, published hours after initial detection, is a re-obfuscation of the same payload with a new hash — same C2, same capabilities. Early...

Malicious code in snitz-chief-cloud-config (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 24a91d88d68aae1e6311a7d533b3efc0618206a56025c6a96c1f1024b3ccf9df The package snitz-chief-cloud-config was found to contain malicious code. Source: ghsa-malware...

Malicious code in snitz-chief-cloud (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bbc306ec8452bc2fd831e57407e5c99169c8e2813debf726f99604d8c6e459a4 The package snitz-chief-cloud was found to contain malicious code. Source: ghsa-malware...

MAL-2026-2679 Malicious code in snitz-chief-cloud-config (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 24a91d88d68aae1e6311a7d533b3efc0618206a56025c6a96c1f1024b3ccf9df The package snitz-chief-cloud-config was found to contain malicious code. Source: ghsa-malware...