251891 matches found
Malicious code in kl-b2c-ui-kit (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e32dd1450d1b5670388a4fbf71a7189cff326aa1c7734ee6ea1c89614438c516 The package kl-b2c-ui-kit was found to contain malicious code. Source: ghsa-malware c42673f7cabe65ad288149a7f75426fea7054327c8f73ac59d07e6b60a64b3db...
MAL-2026-3068 Malicious code in @sbt_gitverse/analytics-client (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d2858d6765b337bc72b69faaa1a64e528931e8230756aa8a1d5ab4e58793357a The package @sbtgitverse/analytics-client was found to contain malicious code. Source: ghsa-malware...
MAL-2026-3033 Malicious code in tether-base (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f3a15feaa501454125206345e0e802667759555738db7b1a1ee9ad5dc6b0098a The package tether-base was found to contain malicious code. Source: ossf-package-analysis...
MAL-2026-3079 Malicious code in axis-ui-generator (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 898e7e6953d0a1f5efd906c36d9a6c798f0dce58017ac54df6e1b09bd26dd6d1 The package axis-ui-generator was found to contain malicious code. Source: ossf-package-analysis...
Malicious code in axis-ui-generator (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 898e7e6953d0a1f5efd906c36d9a6c798f0dce58017ac54df6e1b09bd26dd6d1 The package axis-ui-generator was found to contain malicious code. Source: ossf-package-analysis...
Malicious code in axis-abc-search-address (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 12745094744214b57071e8ace8ee7d5ee3f9be6e7d29d338bb4bbd01842f2705 The package axis-abc-search-address was found to contain malicious code. Source: ghsa-malware...
MAL-2026-3076 Malicious code in axis-abc-search-address (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 12745094744214b57071e8ace8ee7d5ee3f9be6e7d29d338bb4bbd01842f2705 The package axis-abc-search-address was found to contain malicious code. Source: ghsa-malware...
MAL-2026-3074 Malicious code in axis-abc-portal-menu (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 84dbd03fbc7970d1f3fc987743f698a9ea6a0af44ea2b89d0f2c1cbaa397f933 The package axis-abc-portal-menu was found to contain malicious code. Source: ossf-package-analysis...
Malicious code in axis-abc-portal-menu (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 84dbd03fbc7970d1f3fc987743f698a9ea6a0af44ea2b89d0f2c1cbaa397f933 The package axis-abc-portal-menu was found to contain malicious code. Source: ossf-package-analysis...
Malicious code in axis-notification (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 341ed22195f4a5533e72c654980bb1eecb5d0fb91c70a5132ca728978d68de54 The package axis-notification was found to contain malicious code. Source: ghsa-malware...
Malicious code in js-component-explorer (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 42b874b4949845eda88ec207be1ff9bedde0eb14b4f8cc12b4f46fd32bd32391 The package js-component-explorer was found to contain malicious code. Source: ossf-package-analysis...
CVE-2026-41270
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, a Server-Side Request Forgery SSRF protection bypass vulnerability exists in the Custom Function feature. While the application implements SSRF protection via HTTPDENYLIST for axios and...
NPM: simple-git is vulnerable to Remote Code Execution
NPM: simple-git is vulnerable to Remote Code Execution vulnerability discovered by ? in WordPress Npm simple-git versions 3.36.0...
SUSE CVE-2026-31542
In the Linux kernel, the following vulnerability has been resolved: x86/platform/uv: Handle deconfigured sockets When a socket is deconfigured, it's mapped to SOCKEMPTY 0xffff. This causes a panic while allocating UV hub info structures. Fix this by using NUMANONODE, allowing UV hub info structur...
MAL-2026-3069 Malicious code in @tochka-ui/foundation (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9575f5fa03036022a473218e67ec437c95aa1e3c0768e1006762695c772705c8 The package @tochka-ui/foundation was found to contain malicious code. Source: ghsa-malware...
Malicious code in @frengki0707/google-cloud-clone (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a278202a1e4a54c185b707e1eeed0b0df0438168bcec4a2a5b5741bcbd8a5e5c The package @frengki0707/google-cloud-clone was found to contain malicious code. Source: ossf-package-analysis...
HTTP Response Splitting
Overview org.webjars.npm:axios is a promise-based HTTP client for the browser and Node.js. Affected versions of this package are vulnerable to HTTP Response Splitting via the isFormData and getHeaders handling in the HTTP request path. An attacker can inject arbitrary request headers by supplying...
CVE-2026-41421
SiYuan is an open-source personal knowledge management system. Prior to 3.6.5, SiYuan desktop renders notification messages as raw HTML inside an Electron renderer. The notification route POST /api/notification/pushMsg accepts a user-controlled msg value, forwards it through the backend broadcast...
CVE-2026-41421
SiYuan is an open-source personal knowledge management system. Prior to 3.6.5, SiYuan desktop renders notification messages as raw HTML inside an Electron renderer. The notification route POST /api/notification/pushMsg accepts a user-controlled msg value, forwards it through the backend broadcast...
CVE-2026-41421 SiYuan Desktop Notification XSS Leads to Electron RCE
SiYuan is an open-source personal knowledge management system. Prior to 3.6.5, SiYuan desktop renders notification messages as raw HTML inside an Electron renderer. The notification route POST /api/notification/pushMsg accepts a user-controlled msg value, forwards it through the backend broadcast...