Malicious code in po-ops-local-dev (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis ed7a024c524e1a4bc29e2670d7dc00e5aa4c6891650c3c6bf38a2f388f4a3cb9 The OpenSSF Package Analysis project identified 'po-ops-local-dev' @ 99.9.1 npm as malicious. It is considered malicious because: - The package...

MAL-2026-5159 Malicious code in po-ops-local-dev (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis ed7a024c524e1a4bc29e2670d7dc00e5aa4c6891650c3c6bf38a2f388f4a3cb9 The OpenSSF Package Analysis project identified 'po-ops-local-dev' @ 99.9.1 npm as malicious. It is considered malicious because: - The package...

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-004952)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-004952 advisory. In the Linux kernel, the following vulnerability has been resolved: net/packet: fix a race in packetsetring and packetnotifier When packetsetring releases po-bindloc...

EUVD-2025-144723

Malicious code in apasih-ledonf-po npm...

EUVD-2025-144720

Malicious code in apasih-ledong-po npm...

EUVD-2025-144707

Malicious code in apasih-me-po npm...

JLSEC-2025-174 An issue was discovered in GNU gettext 0.19.8

An issue was discovered in GNU gettext 0.19.8. There is a double free in defaultaddmessage in read-catalog.c, related to an invalid free in pogramparse in po-gram-gen.y, as demonstrated by lt-msgfmt...

EUVD-2021-14776

Malware in sbrugna...

EUVD-2018-10467

Malware in sbrugna...

NewStart CGSL MAIN 6.06 : gettext Vulnerability (NS-SA-2025-0218)

The remote NewStart CGSL host, running version MAIN 6.06, has gettext packages installed that are affected by a vulnerability: - An issue was discovered in GNU gettext 0.19.8. There is a double free in defaultaddmessage in read- catalog.c, related to an invalid free in pogramparse in po-gram-gen....

VulnCheck KEV: CVE-2022-37932

A potential security vulnerability has been identified in Hewlett Packard Enterprise OfficeConnect 1820, 1850, and 1920S Network switches. The vulnerability could be remotely exploited to allow authentication bypass. HPE has made the following software updates to resolve the vulnerability in...

SUSE CVE-2025-38617

In the Linux kernel, the following vulnerability has been resolved: net/packet: fix a race in packetsetring and packetnotifier When packetsetring releases po-bindlock, another thread can run packetnotifier and process an NETDEVUP event. This race and the fix are both similar to that of commit...

Malicious code in @zalastax/nolb-react-po (npm)

The package @zalastax/nolb-react-po was found to contain malicious code...

Malicious code in @zalastax/nolb-po- (npm)

The package @zalastax/nolb-po- was found to contain malicious code...

MAL-2025-13201 Malicious code in @zalastax/nolb-po (npm)

The package @zalastax/nolb-po was found to contain malicious code...

MAL-2025-13202 Malicious code in @zalastax/nolb-po- (npm)

The package @zalastax/nolb-po- was found to contain malicious code...

Malicious code in @zalastax/nolb-po (npm)

The package @zalastax/nolb-po was found to contain malicious code...

Cross-Site Scripting

gettext.js is vulnerable to Cross-Site Scripting. The vulnerability is due to improper input sanitization in the parsing of .po dictionary definition files, allowing malicious code injection. Attackers can craft malicious .po files containing JavaScript code, which, when loaded and processed by...

DEBIAN-CVE-2024-43370

gettext.js is a GNU gettext port for node and the browser. There is a cross-site scripting XSS injection if .po dictionary definition files are corrupted. This vulnerability has been patched in version 2.0.3. As a workaround, control the origin of the definition catalog to prevent the use of this...

UBUNTU-CVE-2024-43370

gettext.js is a GNU gettext port for node and the browser. There is a cross-site scripting XSS injection if .po dictionary definition files are corrupted. This vulnerability has been patched in version 2.0.3. As a workaround, control the origin of the definition catalog to prevent the use of this...