144 matches found
GPAC MP4Box security vulnerability
GPAC MP4Box is a multimedia packager. It is primarily used for processing ISOBMF files such as MP4 and 3GP, but it can also be used for importing/exporting media from container files like AVI, MPG, MKV, and MPEG-2 TS. Versions of GPAC MP4Box prior to 26.02.0 contained a security vulnerability...
@uipath/project-packager (>=1.1.10 <=1.1.15), @uipath/solution-packager (>=0.0.30 <=0.0.34) potentially affected by unknown CVE via @uipath/solutionpackager-tool-core (>=0.0.31 <=0.0.33)
@uipath/solutionpackager-tool-core NPM version =0.0.31, =1.1.10, =0.0.30, =0.0.34 Source cves: unknown CVE Source advisory: OSV:MAL-2026-3577...
MAL-2026-3574 Malicious code in @uipath/solution-packager (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 6487ed6520bb356b10f79e676ab8025235c19230de13836f08cf630171420426 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
@uipath/solution-packager (>=0.0.30 <=0.0.34) potentially affected by unknown CVE via @uipath/project-packager (>=1.1.10 <=1.1.15)
@uipath/project-packager NPM version =1.1.10, =0.0.30, =0.0.34 Source cves: unknown CVE Source advisory: OSV:MAL-2026-3567...
Malicious code in @uipath/project-packager (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware fdd50cfa0aae7619d6766f47b468fca17a04673407486d5c747f860c0c2e22b7 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2026-3567 Malicious code in @uipath/project-packager (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware fdd50cfa0aae7619d6766f47b468fca17a04673407486d5c747f860c0c2e22b7 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in @uipath/packager-tool-workflowcompiler-browser (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 1592fda84153cb5e8d6559b95a932b4187fb3e4fe3d39f0bc0490547d72e3c5e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in @uipath/packager-tool-webapp (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware c76aeb1a6159cbf098abccd70c3d3006fb763c2ef580545a64d87267a79705ae Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2026-3563 Malicious code in @uipath/packager-tool-webapp (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware c76aeb1a6159cbf098abccd70c3d3006fb763c2ef580545a64d87267a79705ae Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in @uipath/packager-tool-functions (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ecd70af63416c44f0ddb62846ccd313a62afda6fb1664a7cc989789cd983a6cf Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2026-3562 Malicious code in @uipath/packager-tool-functions (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ecd70af63416c44f0ddb62846ccd313a62afda6fb1664a7cc989789cd983a6cf Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in @uipath/packager-tool-flow (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 14153c2050bb9ca128e3cc52251f2321826f0e288b065f37d74b5479a29cf70d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in @uipath/packager-tool-connector (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 71f9d2ad382e0688b46186b2090090f9a0e6e67bac2e906f8242e93b60587c90 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2026-3560 Malicious code in @uipath/packager-tool-connector (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 71f9d2ad382e0688b46186b2090090f9a0e6e67bac2e906f8242e93b60587c90 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in @uipath/packager-tool-case (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 9ada59d259c9e6d817c3f2381a537459e5920f1869250c0aa9798c64089fbb8a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2026-3559 Malicious code in @uipath/packager-tool-case (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 9ada59d259c9e6d817c3f2381a537459e5920f1869250c0aa9798c64089fbb8a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2026-3557 Malicious code in @uipath/packager-tool-apiworkflow (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 2532ba4b933b817782f96af980a35816630ae13b035f9c2e4c977517be3e961d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
PT-2026-40423
Name of the Vulnerable Software and Affected Versions Pulpy versions prior to 0.1.1 Description Pulpy injects a pulpy.fs JavaScript API into packaged web applications to provide host filesystem access. The validateFsPath function, intended to sandbox this access, contains an incomplete blocklist...
CVE-2026-29064 Zarf: Symlink targets in archives are not validated against destination directory
Zarf is an Airgap Native Packager Manager for Kubernetes. From version 0.54.0 to before version 0.73.1, a path traversal vulnerability in archive extraction allows a specifically crafted Zarf package to create symlinks pointing outside the destination directory, enabling arbitrary file read or...
EUVD-2019-0326
Malware in sbrugna...