251672 matches found
MAL-2026-3795 Malicious code in dowload_ebok_como_leer_el_futbol_by_ruud_gullit_8qd97 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 60192fdff4e24c7d8a8a8feebf26b8aa9408dacbc59475649335e0efc03969f6 The package dowloadebokcomoleerelfutbolbyruudgullit8qd97 was found to contain malicious code. Source: ghsa-malware...
MAL-2026-3799 Malicious code in dowload_ebok_the_testament_of_solomon_by_king_solomon_frederick_cornwallis_conybeare_5201c (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b33d6c492e4871ad2384480820ba9bbefb5a987a0675139c6358cc58e645fd95 The package dowloadebokthetestamentofsolomonbykingsolomonfrederickcornwallisconybeare5201c was found to contain malicious code. Source: ghsa-malware...
Malicious code in jenkins-for-jira (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c8cad9f892c0d9dc4daa1424ece0fdaaeb28938252726be668e5880537046533 The package jenkins-for-jira was found to contain malicious code. Source: ghsa-malware 1f7a28558fe9fa734ff5ef86a48965f24b37790a53a4ec35ca344e548d3818...
MAL-2026-3786 Malicious code in browser-interaction-time-utils (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a1f501a0eb27e6959abc3bfd105408bdbd74a0f0e1f97bb22ee881dbd5d9dac6 The package browser-interaction-time-utils was found to contain malicious code. Source: ghsa-malware...
MAL-2026-3782 Malicious code in atlassian-marathon-asset-pipeline (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8d32d9c71cf7460230bdc7da7e9c9cddc9618a5ca53a66adde25fb5a3e588418 The package atlassian-marathon-asset-pipeline was found to contain malicious code. Source: ghsa-malware...
Malicious Package
Overview jenkins-for-jira is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...
Malicious code in browser-interaction-time-demo (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a76de4d97b4cff539b3c8793eae793a10581fc4379395a8d2528ab85eb098bd5 The package browser-interaction-time-demo was found to contain malicious code. Source: ghsa-malware...
MAL-2026-3785 Malicious code in browser-interaction-time-demo (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a76de4d97b4cff539b3c8793eae793a10581fc4379395a8d2528ab85eb098bd5 The package browser-interaction-time-demo was found to contain malicious code. Source: ghsa-malware...
Malicious Package
Overview jenkins-forge-utils is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...
Malicious code in jenkins-forge-utils (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1752ae807c1ded3c735b8ab75a4119f00de67627fbd4a8802331d487b5e2c229 The package jenkins-forge-utils was found to contain malicious code. Source: ghsa-malware...
MAL-2026-3791 Malicious code in json-pretty-logs (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 83ea0ffb681b10da082feb66c76e0db908a8ee31cd9b064edca6c41a90a38a87 The package json-pretty-logs was found to contain malicious code. Source: ghsa-malware b86537d3e254ff943b2ca179cb5501c1a02900d518482640d73d0a9892797a...
Malicious Package
Overview babel-6-compatibility-utils is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...
Malicious code in babel-6-compatibility-utils (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d77f7edebabddc5ea0e09c0b1df9b7277a2645a506618cad4e4ee0340db67efe The package babel-6-compatibility-utils was found to contain malicious code. Source: ghsa-malware...
Malicious code in json-pretty-logs (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 83ea0ffb681b10da082feb66c76e0db908a8ee31cd9b064edca6c41a90a38a87 The package json-pretty-logs was found to contain malicious code. Source: ghsa-malware b86537d3e254ff943b2ca179cb5501c1a02900d518482640d73d0a9892797a...
Malicious code in alicloud-pop-core (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8996db2a99f506044afe3fa7d1776936c419425988ce0adab16938e0b1c72498 The package alicloud-pop-core was found to contain malicious code. Source: ghsa-malware...
Malicious Package
Overview apple-internal-dev-check is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...
Node.js: NULL pointer dereference in node:sqlite DatabaseSync#applyChangeset() via malformed SQLite changeset
Summary: A 19-byte malformed SQLite changeset passed to Node.js node:sqlite DatabaseSyncapplyChangeset causes a native NULL pointer dereference and terminates the Node.js process. Description: The built-in Node.js node:sqlite API exposes DatabaseSyncapplyChangesetchangeset, options, which accepts...
CVE-2026-44498
ZEBRA is a Zcash node written entirely in Rust. Prior to version 4.4.0, Zebra's block validator undercounts transparent signature operations against the 20000-sigop block limit MAXBLOCKSIGOPS, allowing it to accept blocks that zcashd rejects with bad-blk-sigops. A miner who produces such a block...
CVE-2026-44015
Nginx UI is a web user interface for the Nginx web server. In 2.3.4 and earlier, an authenticated user can perform Server-Side Request Forgery SSRF by creating a cluster node pointing to an arbitrary internal URL and then sending API requests with the X-Node-ID header. The Proxy middleware forwar...
PT-2026-41387
Name of the Vulnerable Software and Affected Versions nimiq-blockchain versions prior to 1.4.0 Description A malicious network peer can crash a Nimiq full node by publishing a crafted Kademlia DHT record. The record contains a TaggedSigned with a signature field whose byte length is not exactly 6...