Malicious code in blanl-pkg (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=-...

Malicious code in blank-pkg (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis e2f49c661af4e850b4d2aa252c5bdfc2d7409efbbae9396ac2901d0e9fc0f910 The OpenSSF Package Analysis project identified 'blank-pkg' @ 10.0.1...

Malicious code in simple-mali-pkg (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 c9629656d765c03a690cd0d32598fac52e66c8f5c82dae9405280ee04e1b0280 Series of packages mostly with an obfuscated infostealer attempting to collect Chrome data. While discord webhook is usually set to an example, there are other...

Malicious code in node-pkg-cache (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 6df8ca0c98ea357d77cecd453a9b679670af19bad2830fd82ee7cc85813b239c Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-5508 Malicious code in node-pkg-cache (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 6df8ca0c98ea357d77cecd453a9b679670af19bad2830fd82ee7cc85813b239c Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-5297 Malicious code in pkg-dev-deps-only (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 485d0ed1b5c95a60c68f04e0d03f68c9cb74cf2f0d2cc2181b99be5b1b8d7dc5 Any computer that has this package installed or running should be considered...

MAL-2025-4647 Malicious code in node-pkg-state (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware c0891ea1584d40cb7d6b9667931aaeee24089a5d7f605727e42f717b4b378682 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

org.webjars.npm:image-thumbnail (=1.0.15), org.webjars.npm:pkg-fetch (=3.4.2) +3 more potentially affected by CVE-2025-48387 via org.webjars.npm:tar-fs (=2.1.1)

org.webjars.npm:tar-fs MAVEN version =2.1.1 is affected by a known vulnerability. The following packages have a transitive dependency on org.webjars.npm:tar-fs and may be impacted: - org.webjars.npm:image-thumbnail =1.0.15 - org.webjars.npm:pkg-fetch =3.4.2 - org.webjars.npm:prebuild-install =7.1...

MAL-2025-4436 Malicious code in fe-second-party-pkg (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 2bcbac1a3c8c63cd47005ab85c88ef2933e702844df4a607f5f54157c0a2881b Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

aglow (>=0.1.0rc3 <=0.1.0rc4), ai-flow (>=0.1.0 <=0.3.1) +5 more potentially affected by CVE-2024-50378 via apache-airflow (>=2.0.0 <=2.0.2)

apache-airflow PYPI version =2.0.0, =0.1.0rc3, =0.1.0, =0.3.12, =11.8.0, =13.7.0 - gps-building-blocks =1.2.2 - neuro-airflow-plugin =0.0.1 Source cves: CVE-2024-50378 Source advisory: SNYK:PYTHON-APACHEAIRFLOW-8366329...

CVE-2024-50190 ice: fix memleak in ice_init_tx_topology()

In the Linux kernel, the following vulnerability has been resolved: ice: fix memleak in iceinittxtopology Fix leak of the FW blob DDP pkg. Make icecfgtxtopo const-correct, so iceinittxtopology can avoid copying whole FW blob. Copy just the topology section, and only when needed. Reuse the buffer...

NuGet Package 'Microsoft.ML.Vision' Detection

The remote host has a 'Microsoft.ML.Vision' with a Verified NuGet package status and is installed on the remote host. Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc'; if...

Veertu Anka Build node agent update privilege escalation vulnerability

Talos Vulnerability Report TALOS-2024-2060 Veertu Anka Build node agent update privilege escalation vulnerability October 3, 2024 CVE Number CVE-2024-39755 SUMMARY A privilege escalation vulnerability exists in the node update functionality of Veertu Anka Build 1.42.0. A specially crafted PKG fil...

CVE-2024-8135

Summary: CVE-2024-8135 affects Go-Tribe gotribe (up to commit cd3ccd32...) with a vulnerability in the Sign function of pkg/token/token.go. The issue arises from manipulation of the config.key argument, which leads to hard-coded credentials. Reported in multiple feeds, the product uses continuous...

Malicious code in evil-pkg (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 366920f1b216795839a0a8533db122155f0c839032a67fdd6a33544179749a2c Packages that might be part of testing for pentesting / malicious activity / joy, with suspicious activity that does not present any real harm. --- Category:...

Malicious code in cli-pkg-test (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 7a7aae8c7f3c482a70cb9cd90ee7c66cdab49f87aea5f39075c02aef180ad54a The OpenSSF Package Analysis project identified 'cli-pkg-test' @ 4.0.0 npm as malicious. It is considered malicious because: - The package...

Malicious code in internal-udfc-pkg (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 25708e4f5f0536339a12c9bf28e659c821359f2733ff51d193cd6d74443c3650 The OpenSSF Package Analysis project identified 'internal-udfc-pkg' @ 5.5.5 npm as malicious. It is considered malicious because: - The package...

MAL-2024-1666 Malicious code in internal-udfc-pkg (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 25708e4f5f0536339a12c9bf28e659c821359f2733ff51d193cd6d74443c3650 The OpenSSF Package Analysis project identified 'internal-udfc-pkg' @ 5.5.5 npm as malicious. It is considered malicious because: - The package...

Malicious code in duck-test-pkg (PyPI)

--- -= Per source details. Do not edit below this line.=-...

MAL-2024-5098 Malicious code in duck-test-pkg (PyPI)

--- -= Per source details. Do not edit below this line.=-...