2648 matches found
CVE-2026-10748
An authenticated user with the nx-licensing-create privilege can upload a specially crafted license file to execute arbitrary operating system commands as the Nexus process user in Sonatype Nexus Repository 3 versions before 3.92.0...
Malicious Package
Overview @ntnx/nx-react-components is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...
CVE-2026-20171
A vulnerability in the Border Gateway Protocol BGP enforce-first-as feature of Cisco Nexus 3000 Series Switches and Cisco Nexus 9000 Series Switches in standalone NX-OS mode could allow an unauthenticated, remote attacker to trigger BGP peer flaps, resulting in a denial of service DoS condition...
CVE-2026-48027
Nx Console is the user interface for Nx & Lerna. On 19 May 2026, a malicious version of Nx Console, 18.95.0, was published at 12:30 PM UTC and removed soon after at 12:48 PM UTC, leaving it available for 18 minutes in Visual Studio Marketplace. For OpenVSX, the problem was detected later, and the...
Security Update for Microsoft Visual Studio Code Nx-Console Extension (CVE-2026-48027)
The Microsoft Visual Studio Code Nx-Console Extension is version 18.95.0. It is, therefore, affected by an embedded malicious code vulnerability. The compromised extension fetched an obfuscated payload that could harvest credentials from multiple sources on disk and in memory. Note that Nessus ha...
@astralis-os/vitest (=2.4.1), @aws/nx-plugin (>=0.79.1 <=0.84.2) +75 more potentially affected by CVE-2026-47429 via vitest (>=4.0.13 <=4.0.9)
vitest NPM version =4.0.13, =0.79.1, =2.1.0-alpha.278, =2.1.0-alpha.278, =2.1.0-alpha.278, =2.1.0-alpha.278, =2.1.0-alpha.278, =4.0.0-alpha.31, =1.2.3-preview-a960555.0, =7.2.0, =11.0.33, =21.0.0-alpha.33, =23.0.0-alpha.1 - @forsakringskassan/vitest-config =1.1.0 and more Source cves:...
Malicious code in nrwl.angular-console (VSCode)
--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security 12636eadc931d19fc68ca6d30f5397404c6b782a67537c770c944ed9337a4125 The compromised version of the Nx Console VS Code extension contains malicious code injected into its main execution file. When a develope...
MAL-2026-5161 Malicious code in nrwl.angular-console (VSCode)
--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security 12636eadc931d19fc68ca6d30f5397404c6b782a67537c770c944ed9337a4125 The compromised version of the Nx Console VS Code extension contains malicious code injected into its main execution file. When a develope...
MAL-2026-5162 Malicious code in nrwl.angular-console (VSCode:https://open-vsx.org)
--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security 12636eadc931d19fc68ca6d30f5397404c6b782a67537c770c944ed9337a4125 The compromised version of the Nx Console VS Code extension contains malicious code injected into its main execution file. When a develope...
CVE-2026-10056
CORS misconfiguration in the REST API of Network Optix Nx Witness VMS before version 6.1.2, when running in the default Standard security mode, on Linux and Windows allows an unauthenticated remote attacker to steal the session token of an authenticated user and perform Administrator Account...
CVE-2026-10056
CVE-2026-10056 – Nx Witness VMS : A CORS misconfiguration in the REST API (pre-6.1.2) running in Standard security mode on Linux/Windows allows an unauthenticated attacker to exfiltrate a user session token and perform Administrator Account Takeover via a malicious cross-origin page. The High sec...
EUVD-2026-33262
CORS misconfiguration in the REST API of Network Optix Nx Witness VMS before version 6.1.2, when running in the default Standard security mode, on Linux and Windows allows an unauthenticated remote attacker to steal the session token of an authenticated user and perform Administrator Account...
Network Optix Nx Witness VMS 安全漏洞
Network Optix Nx Witness VMS is a video management system developed by the American company Network Optix. Versions of Network Optix Nx Witness VMS prior to version 6.1.2 contained security vulnerabilities. These vulnerabilities were caused by incorrect CORS configurations in the REST API, which...
PT-2026-44762
CORS misconfiguration in the REST API of Network Optix Nx Witness VMS before version 6.1.2, when running in the default Standard security mode, on Linux and Windows allows an unauthenticated remote attacker to steal the session token of an authenticated user and perform Administrator Account...
Supply Chain Compromises Impact Nx Console and GitHub Repositories
CISA is prioritizing the response to multiple emerging software supply chain intrusion campaigns targeting developer ecosystems Continuous Integration/Continuous Development CI/CD pipelines. These recent incidents, including the GitHub compromise via a malicious Nx Console Visual Studio Code VS...
CVE-2026-46068
A flaw was found in the Linux kernel's crypto:nx component. This vulnerability involves incorrect memory management during the deallocation of bounce buffers, where an improper function is used. This can lead to memory leaks, which may result in system instability or a Denial of Service DoS...
CVE-2026-48027
Nx Console is the user interface for Nx & Lerna. On 19 May 2026, a malicious version of Nx Console, 18.95.0, was published at 12:30 PM UTC and removed soon after at 12:48 PM UTC, leaving it available for 18 minutes in Visual Studio Marketplace. For OpenVSX, the problem was detected later, and the...
CVE-2026-48027
Summary: CVE-2026-48027 affects Nx Console, a UI for Nx & Lerna. A malicious copy of Nx Console version 18.95.0 was published briefly in Visual Studio Marketplace (and OpenVSX) around 12:30–12:48 UTC (≈18 minutes) and 12:33–13:09 UTC (≈36 minutes) respectively. The compromised package allowed cod...
CVE-2026-48027 Compromised Nx Console version 18.95.0
Nx Console is the user interface for Nx & Lerna. On 19 May 2026, a malicious version of Nx Console, 18.95.0, was published at 12:30 PM UTC and removed soon after at 12:48 PM UTC, leaving it available for 18 minutes in Visual Studio Marketplace. For OpenVSX, the problem was detected later, and the...
CVE-2026-48027 Compromised Nx Console version 18.95.0
Nx Console is the user interface for Nx & Lerna. On 19 May 2026, a malicious version of Nx Console, 18.95.0, was published at 12:30 PM UTC and removed soon after at 12:48 PM UTC, leaving it available for 18 minutes in Visual Studio Marketplace. For OpenVSX, the problem was detected later, and the...