978 matches found
CVE-2014-3608 vulnerabilities
Vulnerabilities for packages: openstack-nova-2025.2...
OPENSUSE-SU-2026:11163-1 libxreaderdocument3-4.6.5-1.1 on GA media
These are all security issues fixed in the libxreaderdocument3-4.6.5-1.1 package on the GA media of openSUSE Tumbleweed...
Malicious code in dtxto1ols (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 926fc822a2a507fafa6d2e1bb02a9b2bada7d89d3042bd3f0cac0ba2fd7c1991 package.json declares a postinstall script that runs automatically on npm install. The script performs filesystem reconnaissance find / -type f...
CVE-2026-48522 vulnerabilities
Vulnerabilities for packages: netbox, openstack-placement-2025.2-fips, openstack-horizon-2025.2-fips, openstack-glance-2025.1-fips, openstack-placement-2025.1-fips, openstack-placement-2026.1, openstack-horizon-2026.1-fips, openstack-horizon-2025.1-fips, airflow-postgres-fips,...
OPENSUSE-SU-2026:11043-1 python313-distributed-2026.6.0-1.1 on GA media
These are all security issues fixed in the python313-distributed-2026.6.0-1.1 package on the GA media of openSUSE Tumbleweed...
OPENSUSE-SU-2026:10996-1 git-bug-0.10.1-6.1 on GA media
These are all security issues fixed in the git-bug-0.10.1-6.1 package on the GA media of openSUSE Tumbleweed...
Malicious code in gethandler-api (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0b6925d4c07df297f8cb573df4d85a396794d8793179e7a97f2cfde3aadfcfbc On npm install, postinstall.js unconditionally sends an HTTPS GET to https://webhook.site/18dc4281-d366-438a-9186-76fbcd56ade5 carrying the installer...
Malicious code in getui-library (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bf281a31a53827497d9a24ff0602f277b568f495a00c14603c3e9bf11a30327a On npm install, postinstall.js issues an HTTPS GET to https://webhook.site/18dc4281-d366-438a-9186-76fbcd56ade5 with query parameters containing the...
OPENSUSE-SU-2026:10979-1 agama-web-ui-21+360.16caae772-44.1 on GA media
These are all security issues fixed in the agama-web-ui-21+360.16caae772-44.1 package on the GA media of openSUSE Tumbleweed...
OPENSUSE-SU-2026:10982-1 graphite2-1.3.15-1.1 on GA media
These are all security issues fixed in the graphite2-1.3.15-1.1 package on the GA media of openSUSE Tumbleweed...
OPENSUSE-SU-2026:10969-1 perl-IO-Compress-2.220.0-2.1 on GA media
These are all security issues fixed in the perl-IO-Compress-2.220.0-2.1 package on the GA media of openSUSE Tumbleweed...
MAL-2026-5297 Malicious code in consumerweb-authflow (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector acbd81f78a40f87b410799545f06c929bc7e7c3f552eeea06254416b3b9e0977 On npm install, the package's postinstall.js collects host identifiers via os.hostname, os.userInfo.username, os.platform, and the current working...
PT-2026-44786
These are all security issues fixed in the libsuricata8 0 5-8.0.5-1.1 package on the GA media of openSUSE Tumbleweed...
Malicious code in @polka-ui/config (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 662c2a1b8ad5d264ec01b078f95c130c96398305ba009a2c2de33cc9d7db7486 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
CLSA-2026-1779465287 Update of tomcat
Bump leading release to maintain monotonic rpm-version ordering in the AlmaLinux 9.2 ESU update stream...
GO-2026-5001 SiYuan Bazaar marketplace renders unescaped package `name` and `version` metadata, allowing stored XSS and Electron code execution in github.com/siyuan-note/siyuan/kernel
SiYuan Bazaar marketplace renders unescaped package name and version metadata, allowing stored XSS and Electron code execution in github.com/siyuan-note/siyuan/kernel...
PT-2026-42383
SiYuan Bazaar marketplace renders unescaped package name and version metadata, allowing stored XSS and Electron code execution in github.com/siyuan-note/siyuan/kernel...
CVE-2026-45375 SiYuan: Bazaar marketplace renders unescaped package `name` and `version` metadata, allowing stored XSS and Electron code execution
SiYuan is an open-source personal knowledge management system. Prior to 3.7.0, SiYuan's Bazaar community marketplace renders the name and version fields of a package's plugin.json and the equivalent theme.json / template.json / widget.json / icon.json into the Settings → Marketplace UI without HT...
CVE-2026-45375 SiYuan: Bazaar marketplace renders unescaped package `name` and `version` metadata, allowing stored XSS and Electron code execution
SiYuan is an open-source personal knowledge management system. Prior to 3.7.0, SiYuan's Bazaar community marketplace renders the name and version fields of a package's plugin.json and the equivalent theme.json / template.json / widget.json / icon.json into the Settings → Marketplace UI without HT...
Malicious code in npmjs_solc-helper (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b789c7234e3c391e6e2f6359d87f873205fb341c1bf186194815b16d53c7fa71 The package.json defines a postinstall lifecycle hook that invokes childprocess.exec to run curl -s...