MAL-2026-3302 Malicious code in ally-starter-api (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ac9875cbfe312bac49b96d321664e13d98ff6214d38db1d0b3339500a83204cc The package ally-starter-api was found to contain malicious code. Source: ossf-package-analysis...

MAL-2026-3300 Malicious code in ally-forms (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2a3b62d3c11f608087ea0651eb467ec7e0c9e43258abb6df889f64c8d1a6eb61 The package ally-forms was found to contain malicious code. Source: ossf-package-analysis...

MAL-2026-3298 Malicious code in ally-ccapi (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b70ba9950b3624a3cb0afb844592910fe317569f314fd6681870857d638b1cfc The package ally-ccapi was found to contain malicious code. Source: ghsa-malware c3a850b3a4466c4cc00dee663a54c3bcc8a23c9c74e5e01a9b14f27b616d9934 Any...

MAL-2026-3296 Malicious code in ally-badges (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 628f679ca3d11168a5d0e0930680b72c113158a013369f538a273ce91cb5e5a6 The package ally-badges was found to contain malicious code. Source: ghsa-malware 9c052706f47011272c0f6a24723dc146f15603ac21d81708fa2b91678889df60 An...

Malicious code in nextjs-chat-with-ai-service (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8ff3e52e4957291f626e1225ab3b81194c80cd8c6037f943298f6170f98dbe9b The package nextjs-chat-with-ai-service was found to contain malicious code. Source: ghsa-malware...

Malicious code in apexomni (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a53c153f68abdc118a92f4c3a13c2ad21e0d098bdf5e7cf57e679e467b226c06 The package apexomni was found to contain malicious code. Source: ghsa-malware 8ec8450f87a6c99576d96e1c59179c61ef89603915c8d003af0f5f6992348092 Any...

Malicious code in ams-ssk (npm)

Malicious npm package published by user shetty123 as part of a Telegram account hijacking framework targeting Indian Telegram users. All 31 published versions 1.0.0 through 1.0.33 are malicious. Pairs with common-tg-service, which performs the client-side Telegram account takeover. ams-ssk is the...

Malicious code in codewhisperer-streaming (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f51029062b1172921ad99025d73d75bbf937d2d4c3b111ab8a4d09db2ef91caf The package codewhisperer-streaming was found to contain malicious code. Source: ossf-package-analysis...

MAL-2026-3232 Malicious code in codewhisperer-streaming (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f51029062b1172921ad99025d73d75bbf937d2d4c3b111ab8a4d09db2ef91caf The package codewhisperer-streaming was found to contain malicious code. Source: ossf-package-analysis...

SUSE CVE-2026-31715

In the Linux kernel, the following vulnerability has been resolved: f2fs: fix UAF caused by decrementing sbi-nrpages in f2fswriteendio The xfstests case "generic/107" and syzbot have both reported a NULL pointer dereference. The concurrent scenario that triggers the panic is as follows:...

Exploit for Code Injection in Flowiseai Flowise

CVE-2025-59528 PoC ⚠️ For educational and authorized securit...

CVE-2026-43053

In the Linux kernel, the following vulnerability has been resolved: xfs: close crash window in attr dabtree inactivation When inactivating an inode with node-format extended attributes, xfsattr3nodeinactive invalidates all child leaf/node blocks via xfstransbinval, but intentionally does not remo...

MAL-2026-3215 Malicious code in archetype-style (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8a6fb5b405c9035099932e46f80bb6fe9740d3f727020700cc1e6ad36db2caf8 The package archetype-style was found to contain malicious code. Source: ossf-package-analysis...

Malicious code in update-browserslist (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8c4a878cc9c9ebf1f260c89d735fe37a0a802bdb61300bc93f018d2e3a8af520 The package update-browserslist was found to contain malicious code. Source: ossf-package-analysis...

MAL-2026-3308 Malicious code in common-roles (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f602ee3e4db38c8befaab761a5f06c83f1a48c33822478a3ae25e315fcd337a2 The package common-roles was found to contain malicious code. Source: ossf-package-analysis...

EUVD-2026-26652

In the Linux kernel, the following vulnerability has been resolved: xfs: close crash window in attr dabtree inactivation When inactivating an inode with node-format extended attributes, xfsattr3nodeinactive invalidates all child leaf/node blocks via xfstransbinval, but intentionally does not remo...

CVE-2026-43053 xfs: close crash window in attr dabtree inactivation

In the Linux kernel, the following vulnerability has been resolved: xfs: close crash window in attr dabtree inactivation When inactivating an inode with node-format extended attributes, xfsattr3nodeinactive invalidates all child leaf/node blocks via xfstransbinval, but intentionally does not remo...

CVE-2026-43053

CVE-2026-43053 affects the Linux kernel XFS filesystem. The flaw arises during inode inactivation with node-format extended attributes: xfs_attr3_node_inactive() invalidates child blocks but does not remove their references from the parent, creating a window where the parent can point to cancelle...

EUVD-2026-26640

In the Linux kernel, the following vulnerability has been resolved: net: qrtr: replace qrtrtxflow radixtree with xarray to fix memory leak radixtreecreate allocates and links intermediate nodes into the tree one by one. If a subsequent allocation fails, the already-linked nodes remain in the tree...

CVE-2026-31715

In the Linux kernel, the following vulnerability has been resolved: f2fs: fix UAF caused by decrementing sbi-nrpages in f2fswriteendio The xfstests case "generic/107" and syzbot have both reported a NULL pointer dereference. The concurrent scenario that triggers the panic is as follows:...