251891 matches found
MAL-2026-3004 Malicious code in @nklkas/hyperliquid (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ecc648f0f62878455b1b388282a720ca552dad5cf17d8545393cb7f57fdbfdab The package @nklkas/hyperliquid was found to contain malicious code. Source: ghsa-malware...
Malicious Package
Overview @nklkas/hyperliquid is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...
Malicious code in @nklkas/hyperliquid (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ecc648f0f62878455b1b388282a720ca552dad5cf17d8545393cb7f57fdbfdab The package @nklkas/hyperliquid was found to contain malicious code. Source: ghsa-malware...
Malicious code in changelog-utils-structured-logger (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c59b5bb27f7c03b12e70af2a6d86b388cad7c4fdd02e8ee381f947d291ce9acd The package changelog-utils-structured-logger was found to contain malicious code. Source: ghsa-malware...
Malicious code in changelog-cli-logger (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 98a1e229322241da9d146f6aad5c96de566b2707088406fd7de40cbb69445023 The package changelog-cli-logger was found to contain malicious code. Source: ghsa-malware...
Malicious Package
Overview changelog-utils-structured-logger is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and...
Malicious Package
Overview separadordeinfocc is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...
Malicious Package
Overview undicy-http is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorshi...
Malicious code in undicy-http (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3d4da47dd47cb80cf3a7a93cd81c2154b7cd905834b35f89f0703a5a8dab5d1e The package undicy-http was found to contain malicious code. Source: ghsa-malware daa1abf913048406268c31888f8b6defc0e69b49ba85dcbdb966fea8a3caf235 An...
Malicious code in separadordeinfocc (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 90aec77465d7938875e19e8508965f986ac0e81968433307546a40823fa805e6 The package separadordeinfocc was found to contain malicious code. Source: ghsa-malware...
MAL-2026-3010 Malicious code in separadordeinfocc (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 90aec77465d7938875e19e8508965f986ac0e81968433307546a40823fa805e6 The package separadordeinfocc was found to contain malicious code. Source: ghsa-malware...
MAL-2026-3014 Malicious code in vime-azl (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a86b8ee643a9ac9cb7529c19293e56a1ccefe33d616c0459e90c364f529a55d2 The package vime-azl was found to contain malicious code. Source: ghsa-malware d7731c972c51221a2f0a582c0f7d25c9054e45942accb77b36d8a170074c8ade Any...
Malicious Package
Overview ts-moduler is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...
Malicious code in ts-moduler (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2bfa69fb7376ebc308243d78af9402eac9735a83121bbd7cf72a86cc792d10ad The package ts-moduler was found to contain malicious code. Source: ghsa-malware ea28227378d489dcc355b2e56f166d0aadb5c59656ac5033a4090bad165d783c Any...
EUVD-2026-25166
Paperclip is a Node.js server and React UI that orchestrates a team of AI agents to run a business. Prior to version 2026.416.0, an unauthenticated attacker can achieve full remote code execution on any network-accessible Paperclip instance running in authenticated mode with default configuration...
CVE-2026-41180 PsiTransfer: Upload PATCH path traversal can create `config.<NODE_ENV>.js` and lead to code execution on restart
PsiTransfer is an open source, self-hosted file sharing solution. Prior to version 2.4.3, the upload PATCH flow under /files/:uploadId validates the mounted request path using the still-encoded req.path, but the downstream tus handler later writes using the decoded req.params.uploadId. In...
CVE-2026-41180 PsiTransfer: Upload PATCH path traversal can create `config.<NODE_ENV>.js` and lead to code execution on restart
PsiTransfer is an open source, self-hosted file sharing solution. Prior to version 2.4.3, the upload PATCH flow under /files/:uploadId validates the mounted request path using the still-encoded req.path, but the downstream tus handler later writes using the decoded req.params.uploadId. In...
CVE-2026-41180
Summary: PsiTransfer before 2.4.3 is vulnerable to a path traversal in the upload PATCH flow (/files/:uploadId). The attack can abuse a mounted request path vs the downstream tus handler’s decoded uploadId to cause an unauthenticated attacker to create a file named with a pattern like config..js ...
PT-2026-34783
OpenClaw before 2026.3.31 contains a remote code execution vulnerability where a device-paired node can bypass the node scope gate authentication mechanism. Attackers with device pairing credentials can execute arbitrary node commands on the host system without proper node pairing validation...
PT-2026-34733
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, Flowise is vulnerable to a critical unauthenticated remote command execution RCE vulnerability. It can be exploited via a parameter override bypass using the FILE-STORAGE:: keyword combined wi...