591054 matches found
CVE-2026-45758
Guardrails AI is a Python framework that helps build AI applications. On May 11, 2026 at approximately 6:00 PM Pacific, an attacker published a malicious version of guardrails-ai 0.10.1 to PyPI. Aany user who installed guardrails-ai==0.10.1 from PyPI on May 11, 2026 may be affected. Security...
CVE-2026-11420
Two path traversal vulnerabilities in the Network Installation Service NIS of Altium Enterprise Server allow an unauthenticated network attacker to write arbitrary files to any writable location on the server filesystem and to read package archive files from the server. No authentication, session...
Malicious code in unifi-portal (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 8ff224f10cd94268bd5347ea6898f0cb1c54d23b19a6eb02d8efa268a16e15e8 The OpenSSF Package Analysis project identified 'unifi-portal' @ 99.0.0 npm as malicious. It is considered malicious because: - The package...
MAL-2026-5289 Malicious code in unifi-portal (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 8ff224f10cd94268bd5347ea6898f0cb1c54d23b19a6eb02d8efa268a16e15e8 The OpenSSF Package Analysis project identified 'unifi-portal' @ 99.0.0 npm as malicious. It is considered malicious because: - The package...
Malicious code in encrypted-archive (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 13428a6cdcd4736d3f044dd6a580724699318155a1c1e283b586b9a4c3ab6295 The OpenSSF Package Analysis project identified 'encrypted-archive' @ 99.0.0 npm as malicious. It is considered malicious because: - The package...
MAL-2026-5288 Malicious code in uisp-connector (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 7387d5655b4341cd75024769045f64a7a2e6315e948c9b2e9789c9704f48ecc7 The OpenSSF Package Analysis project identified 'uisp-connector' @ 99.0.0 npm as malicious. It is considered malicious because: - The package...
Malicious code in uisp-connector (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 7387d5655b4341cd75024769045f64a7a2e6315e948c9b2e9789c9704f48ecc7 The OpenSSF Package Analysis project identified 'uisp-connector' @ 99.0.0 npm as malicious. It is considered malicious because: - The package...
MAL-2026-5286 Malicious code in encrypted-archive (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 13428a6cdcd4736d3f044dd6a580724699318155a1c1e283b586b9a4c3ab6295 The OpenSSF Package Analysis project identified 'encrypted-archive' @ 99.0.0 npm as malicious. It is considered malicious because: - The package...
Malicious code in uhd-setup (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 358eee34aaba61eaa93e977d35a18f35f59a56527d7c20b6e9a0bdf9c4a0a8da The OpenSSF Package Analysis project identified 'uhd-setup' @ 99.0.0 npm as malicious. It is considered malicious because: - The package...
MAL-2026-5287 Malicious code in uhd-setup (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 358eee34aaba61eaa93e977d35a18f35f59a56527d7c20b6e9a0bdf9c4a0a8da The OpenSSF Package Analysis project identified 'uhd-setup' @ 99.0.0 npm as malicious. It is considered malicious because: - The package...
EUVD-2025-26378
Authorization Bypass Through User-Controlled Key vulnerability in Akinsoft OctoCloud allows Resource Leak Exposure. This issue affects OctoCloud: from s1.09.02 before v1.11.01...
Miasma Worm Hits 73 Microsoft GitHub Repositories in Major Supply Chain Attack
Microsoft's GitHub repositories have become the latest to fall victim to the ongoing Miasma self-replicating supply chain attack campaign. The incident impacted 73 Microsoft repositories across four of its GitHub organizations, including Azure, Azure-Samples, Microsoft, and MicrosoftDocs, per...
EUVD-2025-26377
Improper Restriction of Excessive Authentication Attempts vulnerability in Akinsoft OctoCloud allows Authentication Bypass. This issue affects OctoCloud: from s1.09.03 before v1.11.01...
Malicious code in bramin (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 28d9bf945559e6c3defecd55f9f3af3bb8b6dc073ad2b039f7c4e1eb6947c0f5 Versions 0.0.3, 0.0.4 were compromised. Compromised packages start an obfuscated infostealer. The infostealer is a heavily obfuscated JavaScript code executed...
Malicious code in nucbox (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 e98ac1a9b5840905b608a09e8e66c73b750c0baa17d6b7789adfc94a8fd815e4 Versions 0.1.2, 0.1.3 were compromised. Compromised packages start an obfuscated infostealer. The infostealer is a heavily obfuscated JavaScript code executed...
MAL-2026-5278 Malicious code in spateo-release (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 21400e8510d0663de6c3a4454fe99d9200cb83ae8d1ecdc137c99f3668da4293 Versions 1.1.2 were compromised. Compromised packages start an obfuscated infostealer. The infostealer is a heavily obfuscated JavaScript code executed using B...
MAL-2026-5283 Malicious code in okite (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 ec7e17ca2529781ce61d69b2d7e765c5e3e790d3ae2e2f187b006d710d7f9ed1 Versions 0.0.7, 0.0.8 were compromised. Compromised packages start an obfuscated infostealer. The infostealer is a heavily obfuscated JavaScript code executed...
Malicious code in spateo-release (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 21400e8510d0663de6c3a4454fe99d9200cb83ae8d1ecdc137c99f3668da4293 Versions 1.1.2 were compromised. Compromised packages start an obfuscated infostealer. The infostealer is a heavily obfuscated JavaScript code executed using B...
Malicious code in dynamo-release (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 a4e35bea632f7363e7a1cc6ccbfb9227eca2c4720b0a689edc1bc3ce64c9d85c Versions 1.5.4 were compromised. Compromised packages start an obfuscated infostealer. The infostealer is a heavily obfuscated JavaScript code executed using B...
Malicious code in synago (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 bee487bb185457ca9e9d74e0963e23be3e84241a6bcd7d0bd5ca44855dd7d28b Versions 0.1.1, 0.1.2 were compromised. Compromised packages start an obfuscated infostealer. The infostealer is a heavily obfuscated JavaScript code executed...