902 matches found
Malicious code in @gleamkit/engine.io (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 008464ca4d7ba15b4b8c6d3a979586c61bd527aef3a209571d28c0ba912403ae The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...
Malicious code in testdonotredeemit (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b9f9461b13f64b90e569dcc6354708559128c23f4e47e4ac5842b46ce0fb6ed2 The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...
Malicious code in ishowfeet20 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 57470f610cd7e988daef50a3a2587778f3dce2cb1584572d4a1795876f9cf6fe The tarball ships auto-publish.sh, a script that republishes the same payload under 100 distinct npm names ishowfeet1-ishowfeet20, nottuff1-nottuff30...
Malicious code in nottuff30 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f4a979285347756e69976ca9775cf22e923002ec93ede98adc0dccd7999ea087 The tarball ships auto-publish.sh, a script that republishes the same payload under 100 distinct npm names ishowfeet1-ishowfeet20, nottuff1-nottuff30...
Malicious code in nottuff10 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector aec6b68489cb95001c5971ace33533e31169126fb141feea65e198756e66c05c The tarball ships auto-publish.sh, a script that republishes the same payload under 100 distinct npm names ishowfeet1-ishowfeet20, nottuff1-nottuff30...
Malicious code in imillegal1 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 85b8bddd4b8345bfaacf5ad511276da43344de0033bc312123620aa6cc6e4366 The tarball ships auto-publish.sh, a script that republishes the same payload under 100 distinct npm names ishowfeet1-ishowfeet20, nottuff1-nottuff30...
Malicious code in changiairportpromax (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 13ab194f6c4e1d4197856c229f74ebf46e7eb90ff703ff4dc3172379aea96923 The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...
Malicious code in txs-builder-lib (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 55bb13d76ebc74c36f68dd219079500d0bdb60e4bc07f8089eefbcde91bbdeac The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...
Malicious code in na-rony (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 193f3dbfb6073e7b6c5dacb0e79157ccac9c69ac4c23d2c8270cc23d27cab699 package.json declares postinstall: node index.js, causing index.js to execute automatically on npm install. The script collects the installer's OS...
MAL-2026-6952 Malicious code in whs4_npm_test (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 68d797ee3c8111cffee8603aa24625cb71a7f958438e33207b33376b260acc59 The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...
MAL-2026-6934 Malicious code in load-nuxt (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d5e95bb337136d6bfafcd6f21bb8cb1d98da703f7e20b851b3af82876018ffac Package name resembles the Nuxt ecosystem's helper naming 'load-nuxt' and is published at version 99.0.3, a version-number shape frequently used in...
MAL-2026-6902 Malicious code in wime-zle (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a3e5a49f13ac5ae3e92267b63357dc81d37b138ed5981949b12e51a09095e2b0 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2026-6894 Malicious code in tracing-str (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 466143b5f195d4924e2227921a288954ecec9ed34d52af8ff433056f5ff56903 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in metrica-node (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 6a0ee3435b3bf0949e63f6770b91c6bb1e2d7912054dc1cb9382e3eae20c84ac Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in eth-tick (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f96638eb8282b1eccbe4d7c1b1076340ac1b870d325856e2ad5415c2bf2737eb Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2026-6822 Malicious code in fastnodemailer (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 767201ea4bfd4f0c6950f9d6fadf4f9e38c9e72e56abd975ac1b49864ffc04a6 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2026-6825 Malicious code in react-next-dom (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8e7369fd2dd1ba9002d2c693ba08c553c7c6fef54dba372146c11f20b43607aa react-next-dom masquerades as a React/Next.js ecosystem package but ships a pino-like surface concealing a remote code loader. The main export is a...
MAL-2026-6739 Malicious code in @lodash-en/lodash-en (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 3ccf4c6fcb3eb02a4b990660b8a47961f0cd393915787990149de40ee1b201a0 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
CVE-2026-58454
Affected product : JAIOTlink C492A-W6 Wi‑Fi IP cameras running firmware 4.8.30.57701411. Vulnerability : remote code execution via the authenticated /Anyka/config HTTP endpoint. Root cause / vector : attackers with authentication can write to writable persistent JFFS2 storage, stage a malicious s...
Malicious code in confluent-kafka-javascript (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e20f9433c5da4c3ee143c33ec2a876e07ff01aa1188d0efa783858bcd0903d3c Analysis of this package version produced no static indicator and no traced behavioral findings. The tarball does not exhibit lifecycle-script...