MAL-2026-3265 Malicious code in @bcs-bank/common-constants (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c9c84c16934aaaeda86ed317c33795f796252ac98aaf9f39208575837332b372 The package @bcs-bank/common-constants was found to contain malicious code. Source: ghsa-malware...

Malicious Package

Overview @bcs-react-ui/context-menu is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...

MAL-2026-3266 Malicious code in @bcs-bank/init (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector eb2a526cbf1ef79ebdf6126f699f18ffbb6f4520d46fc66f709da256b903e8e1 The package @bcs-bank/init was found to contain malicious code. Source: ghsa-malware e8831b7c4a8b59f53226813d7d4203e4b28fdc08b8df0d5c60bd1d9e78874786...

MAL-2026-3263 Malicious code in @bcs-adapters/core-adapter (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 03871adba35cfbd98c46538c5e9d0249287bcc583bbf32fe1561eac467b2c5d8 The package @bcs-adapters/core-adapter was found to contain malicious code. Source: ghsa-malware...

Malicious code in @bcs-adapters/core-adapter (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 03871adba35cfbd98c46538c5e9d0249287bcc583bbf32fe1561eac467b2c5d8 The package @bcs-adapters/core-adapter was found to contain malicious code. Source: ghsa-malware...

Malicious code in paypal-payouts-bridge (npm)

Malicious npm package published by the microsop threat actor as part of a dependency-confusion campaign that impersonates internal tooling at Microsoft, Google Cloud, and PayPal using inflated semver values e.g. 99.9.x, 100.1.x to win npm resolution against private internal packages. All packages...

n8n 代码注入漏洞

n8n is an open-source, scalable workflow automation tool developed by n8n. Versions of n8n prior to 1.123.32, 2.17.4, and 2.18.1 contained a code injection vulnerability. This vulnerability stems from workflows that include Python Code Nodes, allowing authenticated users to escape the sandbox and...

RHCOS 2 : rubygem-openshift-origin-node (RHSA-2014:0530)

The remote Red Hat Enterprise Linux CoreOS 2 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2014:0530 advisory. - OpenShift: downloadable cartridge source url file command execution as root CVE-2014-0233 Note that Nessus has not tested for this issue bu...

RHCOS 2 : rubygem-openshift-origin-node (RHSA-2014:0764)

The remote Red Hat Enterprise Linux CoreOS 2 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2014:0764 advisory. - Origin: Command execution as root via downloadable cartridge source-url CVE-2014-3496 Note that Nessus has not tested for this issue but ha...

RHCOS 1 : rubygem-openshift-origin-node (RHSA-2014:0762)

The remote Red Hat Enterprise Linux CoreOS 1 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2014:0762 advisory. - Origin: Command execution as root via downloadable cartridge source-url CVE-2014-3496 Note that Nessus has not tested for this issue but ha...

vm2 代码注入漏洞

vm2 is a high-level virtual machine/sandbox developed by Czech developer Patrik Simek. It runs untrusted code using Node’s built-in modules listed in the allowlist. Versions of vm2 prior to 3.11.0 had a code injection vulnerability; this vulnerability stemmed from the SuppressedError feature, whi...

PT-2026-36920

Name of the Vulnerable Software and Affected Versions Nginx UI versions prior to 2.3.8 Description An authenticated user can access the 'GET /api/settings' endpoint to retrieve sensitive configuration values, such as node.secret. This secret is accepted by the AuthRequired function via the...

HashiCorp Boundary 安全漏洞

HashiCorp Boundary is an open-source solution developed by HashiCorp in the United States. It enables secure, identity-based access for users across different environments to hosts and services. There are security vulnerabilities in versions of HashiCorp Boundary prior to 0.21.3, 0.20.3, and...

RHCOS 6 : openshift-origin-node-util (RHSA-2013:0148)

The remote Red Hat Enterprise Linux CoreOS 6 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2013:0148 advisory. - openshift-origin-node-util: restorer.php pregmatch shell code injection CVE-2012-5646 - openshift-origin-node-util: restorer.php...

RHCOS 2 : rubygem-openshift-origin-node (RHSA-2014:0763)

The remote Red Hat Enterprise Linux CoreOS 2 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2014:0763 advisory. - Origin: Command execution as root via downloadable cartridge source-url CVE-2014-3496 Note that Nessus has not tested for this issue but ha...

PT-2026-36907

Name of the Vulnerable Software and Affected Versions n8n versions prior to 1.123.32 n8n versions prior to 2.17.4 n8n versions prior to 2.18.1 Description An open source workflow automation platform contains an issue where the Snowflake node and the legacy MySQL v1 node construct SQL queries by...

@fastify/accepts-serializer 安全漏洞

@fastify/accepts-serializer is a plugin developed by Fastify, which automatically selects a serialization method based on the Accept header. Versions of @fastify/accepts-serializer up to 6.0.3 contained security vulnerabilities. These vulnerabilities stemmed from the lack of size limits or evicti...

PT-2026-36904

Name of the Vulnerable Software and Affected Versions n8n versions prior to 1.123.32 n8n versions prior to 2.17.4 n8n versions prior to 2.18.1 Description An authenticated user with permissions to create or modify workflows containing a Python Code Node can escape the sandbox to achieve arbitrary...

n8n SQL注入漏洞

n8n is an open-source, scalable workflow automation tool developed by n8n. Versions of n8n prior to 1.123.32, 2.17.4, and 2.18.1 contained SQL injection vulnerabilities. These vulnerabilities stemmed from the use of row:search and row:get operations in the SeaTable node, where user-controlled inp...

Nginx UI 信息泄露漏洞

Nginx UI is a web interface for Nginx developed by Jacky. Versions of Nginx UI prior to 2.3.8 had a vulnerability related to information leakage. This vulnerability stemmed from the ability for authenticated users to call the GET /api/settings request to retrieve sensitive configuration values,...