5600 matches found
CVE-2026-42574
The CVE-2026-42574 issue affects apko dirFS used to build/publish OCI images. A crafted APK could place a TypeSymlink tar entry whose target points outside the build root, enabling traversal to host paths via subsequent directory creation or write operations within the same or later archive. Root...
CVE-2026-2625 Rust-rpm-sequoia: rust-rpm-sequoia: denial of service via crafted rpm file during signature verification
A flaw was found in rust-rpm-sequoia. An attacker can exploit this vulnerability by providing a specially crafted Red Hat Package Manager RPM file. During the RPM signature verification process, this crafted file can trigger an error in the OpenPGP signature parsing code, leading to an...
CVE-2026-2625
A flaw was found in rust-rpm-sequoia. An attacker can exploit this vulnerability by providing a specially crafted Red Hat Package Manager RPM file. During the RPM signature verification process, this crafted file can trigger an error in the OpenPGP signature parsing code, leading to an...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Sha1-hulud supply chain attack, and its content was removed from the official package manager. The malware functions as a self-replicating worm capable of...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Sha1-hulud supply chain attack, and its content was removed from the official package manager. The malware functions as a self-replicating worm capable of...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Sha1-hulud supply chain attack, and its content was removed from the official package manager. The malware functions as a self-replicating worm capable of...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Sha1-hulud supply chain attack, and its content was removed from the official package manager. The malware functions as a self-replicating worm capable of...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Sha1-hulud supply chain attack, and its content was removed from the official package manager. The malware functions as a self-replicating worm capable of...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Sha1-hulud supply chain attack, and its content was removed from the official package manager. The malware functions as a self-replicating worm capable of...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Sha1-hulud supply chain attack, and its content was removed from the official package manager. The malware functions as a self-replicating worm capable of...
Malicious code in quick-serialize-small-bash-delta (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 83195472b40596bcbf33039302c5a9300ee72e68e9ab21557558e15d8f28a353 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in integer-optimize-alpha-byte-authenticate (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c3cc0597617c50b1abbdb88a4a1f29177a51dd4efc9e1e4472762f2d4125f247 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in user-double-signal-node-upsilon (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 331f615747fa4552139398bd5bd8ab96fb56c9ffdc6d81e14eaece427b08e5f8 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in stop-prompts-fusion-private (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a369d5bd92a84f0b2a7db8c2040c883f375e842eb37e42b4aeac8b102ff0f006 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in blaze-transport-genomics-telesto (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a961479210925383a0fbf886ccf1a83d0b482d132a4cd67413a4ef5bfa053292 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in emulate-private-alpha-decompress-view (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1a73cd7def8995cb1c4f464021cd52d52ea06de08bba825ef6747549710d415d This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in json-apollo-rate-limiter-cross-env (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4041eaf381f192fe6b5f0fa41e0d62e7c44bdd9c3dca76d45a758c432e541b9f This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in run-script-sagitta-pulsar-alphard (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 301093ba1f19945b67f4a51c33b12c18edddc6ceb26f3c8bcb80daa80505b50e This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in bellatrix-child-process-playwright-geodynamo (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2930943f9773ed3a8e0e8da3151f56613a8f80e333398f6cd40f7d89ac3f9b05 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in cat-void-bash-cache-bundle (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 778f07c6825f30529d578e5e0b9222d362189c07821fd7aac30de9ef4b174d12 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...