MAL-2026-4625 Malicious code in oh-langfuse (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b94251e0353c83033676a5e7b3a5c2b039b3e79914adda00d48aea70750a25bf The package's documented oh-langfuse setup command defaults LANGFUSEBASEURL to the bare-IP plaintext endpoint http://120.46.221.227:3000 bin/cli.js...

MAL-2026-4472 Malicious code in @zhengshuo888/huoke (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6f352f11f7811b28966799c9359f99dbbe9829240066504be17c100981dd45ab On npm install, the package's postinstall hook runs node bin/huoke.js install-skill, which uses execSync to invoke curl -fsSL against...

CVE-2025-55976

Intelbras IWR 3000N 1.9.8 exposes the Wi-Fi password in plaintext via the /api/wireless endpoint. Any unauthenticated user on the local network can directly obtain the Wi-Fi network password by querying this endpoint...

CVE-2025-55976

Intelbras IWR 3000N 1.9.8 exposes the Wi-Fi password in plaintext via the /api/wireless endpoint. Any unauthenticated user on the local network can directly obtain the Wi-Fi network password by querying this endpoint...