135 matches found
MAL-2026-6143 Malicious code in node-vfs-polyfill (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7fb213e524ed75dcb54961d6d2ee9431ea6a32f4fdcb9d777bc260102920d81b On install, postinstall.js executes automatically and exfiltrates host reconnaissance data to attacker-controlled subdomains on oastify.com Burp...
MAL-2026-5394 Malicious code in @sql-access/nodesql (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2acee7592879b9eab377fb8e97a1fa2949b298f4418d37fb963e157971638c90 @sql-access/[email protected] is a decoy package whose identity, README, and code do not match. The package name and keywords advertise SQL/Node...
CVE-2026-46644
insecure equivalence in symfony/polyfill-intl-idn for ASCII-only xn-- labels...
Linux Distros Unpatched Vulnerability : CVE-2026-46644
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - symfony/polyfill-intl-idn: xn-- labels with ASCII-only Punycode payloads are treated as equivalent to their decoded form CVE-2026-46644 Note that Nessus relies ...
UBUNTU-CVE-2026-46644
insecure equivalence in symfony/polyfill-intl-idn for ASCII-only xn-- labels...
Incorrect Comparison
Overview Affected versions of this package are vulnerable to Incorrect Comparison in the process function in Idn.php, which does not necessarily treat xn-- labeled input as punycode, if it contains only ASCII. This case was overlooked in the specification until UTS 46 revision 33, when it was...
CVE-2026-46644
insecure equivalence in symfony/polyfill-intl-idn for ASCII-only xn-- labels...
CVE-2026-46644: symfony/polyfill-intl-idn accepts xn-- labels whose Punycode payload decodes to ASCII-only: insecure equivalence
More info at https://symfony.com/cve-2026-46644...
PT-2026-43392
Name of the Vulnerable Software and Affected Versions symfony/polyfill-intl-idn versions prior to 1.x Description The Idn::process function fails to enforce the validity criterion defined in UTS 46 revision 33 Section 4 step 4.1.2. Specifically, it does not verify that a label prefixed with xn--...
[SECURITY] Fedora 44 Update: rust-podman-sequoia-0.3.2-2.fc44
A polyfill to use Sequoia as a signing backend for containers...
Malicious code in rollup-plugin-polyfill-route (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ae32c5ba788989f856ede10fa991e6dafa8d9263b0f5fc7384c69fba97e41d4a The package rollup-plugin-polyfill-route was found to contain malicious code. Source: ghsa-malware...
Malicious Package
Overview rollup-plugin-polyfill-route is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...
MAL-2026-3009 Malicious code in rollup-plugin-polyfill-route (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ae32c5ba788989f856ede10fa991e6dafa8d9263b0f5fc7384c69fba97e41d4a The package rollup-plugin-polyfill-route was found to contain malicious code. Source: ghsa-malware...
Malicious Package
Overview rollup-plugin-polyfill-utils is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...
Malicious code in rollup-plugin-polyfill-utils (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 985c6e7bc0975c513137b35a6dca07cf02aa2b87444716244933ca17d56c6bd2 The package rollup-plugin-polyfill-utils was found to contain malicious code. Source: ghsa-malware...
MAL-2026-1979 Malicious code in rollup-plugin-polyfill-utils (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 985c6e7bc0975c513137b35a6dca07cf02aa2b87444716244933ca17d56c6bd2 The package rollup-plugin-polyfill-utils was found to contain malicious code. Source: ghsa-malware...
MAL-2026-1967 Malicious code in rollup-plugin-polyfill-build (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 66951e7a327d1fc859d6225c197895d0366cbe1dcb33f3fcf4879b223211a76a The package rollup-plugin-polyfill-build was found to contain malicious code. Source: ghsa-malware...
Malicious Package
Overview rollup-plugin-polyfill-build is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...
Malicious code in rollup-plugin-polyfill-build (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 66951e7a327d1fc859d6225c197895d0366cbe1dcb33f3fcf4879b223211a76a The package rollup-plugin-polyfill-build was found to contain malicious code. Source: ghsa-malware...
SUSE CVE-2026-32260
Deno is a JavaScript, TypeScript, and WebAssembly runtime. From 2.7.0 to 2.7.1, A command injection vulnerability exists in Deno's node:childprocess polyfill shell: true mode that bypasses the fix for CVE-2026-27190. The two-stage argument sanitization in transformDenoShellCommand...