251989 matches found
RLSA-2026:7080 Important: nodejs22 security update
Node.js is a platform built on Chrome's JavaScript runtime \ for easily building fast, scalable network applications. \ Node.js uses an event-driven, non-blocking I/O model that \ makes it lightweight and efficient, perfect for data-intensive \ real-time applications that run across distributed...
MAL-2026-2564 Malicious code in gp-auth-lib (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a24cae80696867d7d7b835ee70e1ef1e85373092f31cd93e2a35508ae3d2afb3 The package gp-auth-lib was found to contain malicious code. Source: ghsa-malware 73c001ebe2675cd78ef852bc2e78ff6fb837fd64b9b490dbea61c4ff1ca6d146 An...
CVE-2026-6108
A vulnerability was found in 1Panel-dev MaxKB up to 2.6.1. The affected element is the function execute of the file apps/application/flow/stepnode/mcpnode/impl/basemcpnode.py of the component Model Context Protocol Node. Performing a manipulation results in os command injection. The attack is...
Malicious code in ts-schema-helpers (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector aa35c0f1b632f24027499340dfbe35df1f1d57bed2a5ad8327d688a7b23507a3 The package ts-schema-helpers was found to contain malicious code. Source: ossf-package-analysis...
CVE-2026-6108
A vulnerability was found in 1Panel-dev MaxKB up to 2.6.1. The affected element is the function execute of the file apps/application/flow/stepnode/mcpnode/impl/basemcpnode.py of the component Model Context Protocol Node. Performing a manipulation results in os command injection. The attack is...
CVE-2026-6108 1Panel-dev MaxKB Model Context Protocol Node base_mcp_node.py execute os command injection
A vulnerability was found in 1Panel-dev MaxKB up to 2.6.1. The affected element is the function execute of the file apps/application/flow/stepnode/mcpnode/impl/basemcpnode.py of the component Model Context Protocol Node. Performing a manipulation results in os command injection. The attack is...
CVE-2026-6108
1Panel-dev MaxKB up to 2.6.1 is affected in the Model Context Protocol Node, specifically the execute function in apps/application/flow/step_node/mcp_node/impl/base_mcp_node.py. The vulnerability allows remote OS command injection via manipulation of the node, with exploitation described as publi...
EUVD-2026-21690
A vulnerability was found in 1Panel-dev MaxKB up to 2.6.1. The affected element is the function execute of the file apps/application/flow/stepnode/mcpnode/impl/basemcpnode.py of the component Model Context Protocol Node. Performing a manipulation results in os command injection. The attack is...
CVE-2026-6108 1Panel-dev MaxKB Model Context Protocol Node base_mcp_node.py execute os command injection
A vulnerability was found in 1Panel-dev MaxKB up to 2.6.1. The affected element is the function execute of the file apps/application/flow/stepnode/mcpnode/impl/basemcpnode.py of the component Model Context Protocol Node. Performing a manipulation results in os command injection. The attack is...
RockyLinux 10 : nodejs22 (RLSA-2026:7080)
The remote RockyLinux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:7080 advisory. brace-expansion: brace-expansion: Denial of Service via unbounded brace range expansion CVE-2026-25547 minimatch: minimatch: Denial of Service via...
Malicious code in unisys-uka (npm)
Package is malware. Collects sensitive info, reads files, executes commands, and exfiltrates data to a remote server via postinstall script. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 25745bb1be4d673e8e465091f55bfdad6ad5cd5740583fd9a9f38fd7dd3e5d57 The...
MAL-2026-2876 Malicious code in unisys-common (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2f0369680ea400c89b8ab01dfc75f7a7df45c8a26bfc5631a636770ccf32c9ed The package unisys-common was found to contain malicious code. Source: ossf-package-analysis...
Malicious code in unisys-core (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c759e3a9b4c256239f0ec3be5b97424efc8191d317d82feb632b84e77d6c46eb The package unisys-core was found to contain malicious code. Source: ossf-package-analysis...
MAL-2026-2875 Malicious code in unisys-auth (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 89bc257f69dca8cec54b15b47533c97f9b6b47f16aae5f2dc868ff7faaf0c93b The package unisys-auth was found to contain malicious code. Source: ossf-package-analysis...
MAL-2026-2869 Malicious code in arlo-meeting-assistant-rtms (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8f5f17c482aef8ac270cf630fe452dacc79acbeb0b473ffd0ac640769e1a0fb6 The package arlo-meeting-assistant-rtms was found to contain malicious code. Source: ossf-package-analysis...
Malicious code in arlo-meeting-assistant-backend (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 842ae675e3d076ecc89e2697ee378f503945bae268487584277cd92a93ec44fe The package arlo-meeting-assistant-backend was found to contain malicious code. Source: ossf-package-analysis...
MAL-2026-2560 Malicious code in @b2b-portal/uch (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 89eb419e1f7beb102007973e2d226cb2cb5f534096cbc2be8dc538324f3f19db The package @b2b-portal/uch was found to contain malicious code. Source: ghsa-malware e559f0d2d934ad98bda8c11ca6613644ecf3f2584bee7e75c7edf59ecda35d3...
Malicious code in @b2b-portal/uch (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 89eb419e1f7beb102007973e2d226cb2cb5f534096cbc2be8dc538324f3f19db The package @b2b-portal/uch was found to contain malicious code. Source: ghsa-malware e559f0d2d934ad98bda8c11ca6613644ecf3f2584bee7e75c7edf59ecda35d3...
MAL-2026-2872 Malicious code in ts-form-helpers (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8f2ff1bf87164fdeb2ca9c37d578f7156164a344ffd11bcdb84ce34880358fea The package ts-form-helpers was found to contain malicious code. Source: ossf-package-analysis...
File Inclusion node-tar Dependency in Confluence Data Center
This High severity File Inclusion vulnerability was introduced in versions 8.9.0, 9.0.1, 9.0.3, 9.1.0, 9.2.5, 9.5.1, 10.1.2 and 10.2.0 of Confluence Data Center. This File Inclusion vulnerability, with a CVSS Score of 8.2 and a CVSS Vector of...