curl: libcurl: HTTP/1.x bare LF byte in response header value enables cookie jar pollution and POST body/credential exfiltration via redirect — RC=0, curl 8

Summary curl's HTTP/1.x response header parser splits header lines using a single memchrbuf, '\n', blen call lib/http.c:4457, with no awareness of whether the current position is inside a quoted-string value. A server response containing any header field whose value embeds a raw LF byte \x0a caus...

MAL-2026-4723 Malicious code in weavedb-sdk (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c25ff456baf684075b65ecf808bbfe36cbf91811fb4b04b70c13a3dd9d8a9403 package.json declares "preinstall": "./tools/setup", where tools/setup is a 976KB stripped Linux x86-64 ELF binary sha256...