38 matches found
CVE-2026-31233
Guardrails AI thru 0.6.7 contains a code injection vulnerability CWE-94 in its Hub package installation mechanism. When installing validator packages via guardrails hub install, the system retrieves a manifest from the Guardrails Hub and dynamically executes a script specified in the postinstall...
EUVD-2026-29556
Guardrails AI thru 0.6.7 contains a code injection vulnerability CWE-94 in its Hub package installation mechanism. When installing validator packages via guardrails hub install, the system retrieves a manifest from the Guardrails Hub and dynamically executes a script specified in the postinstall...
GHSA-R6HF-G5X6-7PV9 Guardrails AI contains a code injection vulnerability in its Hub package installation mechanism
Guardrails AI thru 0.6.7 contains a code injection vulnerability CWE-94 in its Hub package installation mechanism. When installing validator packages via guardrails hub install, the system retrieves a manifest from the Guardrails Hub and dynamically executes a script specified in the postinstall...
CVE-2026-31233
Guardrails AI thru 0.6.7 contains a code injection vulnerability CWE-94 in its Hub package installation mechanism. When installing validator packages via guardrails hub install, the system retrieves a manifest from the Guardrails Hub and dynamically executes a script specified in the postinstall...
PT-2026-40120
Guardrails AI thru 0.6.7 contains a code injection vulnerability CWE-94 in its Hub package installation mechanism. When installing validator packages via guardrails hub install, the system retrieves a manifest from the Guardrails Hub and dynamically executes a script specified in the post install...
CVE-2026-31233
CVE-2026-31233 affects Guardrails AI through version 0.6.7. The vulnerability resides in the Hub package installation mechanism: when installing validator packages, the system fetches a manifest from the Guardrails Hub and dynamically executes a script specified in the post_install field. The scr...
Vaadin Flow and the axios npm supply-chain compromise
On March 31, 2026, compromised versions of the popular axios HTTP client library 1.14.1 and 0.30.4 were published to NPM via a hijacked maintainer account. The malicious versions injected [email protected], a cross-platform RAT dropper that connected to a command-and-control server. The...
Oracle Linux 10 : wireshark (ELSA-2025-23083)
The remote Oracle Linux 10 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2025-23083 advisory. 4.4.2-4.0.1.1 - Fix post script to not fail during initial installation Orabug: 37565359 1:4.4.2-4.1 - Resolves: RHEL-130425 - Access of Uninitialized Pointer...
Malicious Package
Overview etherdjs is a malicious package. This is a "typosquatting" package, which means the package name is based on existing repositories, namespaces, or components, it aims to trick users to download the package which contains a malicious code. Payload behavior The malicious payload runs npm's...
Malicious code in concurrent-hashmap (npm)
This package runs a post-install script that exfils sensitive data to a attacker-controlled server. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b043630941c12131f7d10fdb97608a15c397c2cf21e74116aa2fd89a1840a58e Any computer that has this package installed or runni...
Malicious code in slf4j-api-js (npm)
This package runs a post-install script that exfils sensitive data to a attacker-controlled server. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b3bf0cf1724507eaf1d28ec976793772cc682047cc52a74438224fb96d61884b Any computer that has this package installed or runni...
Malicious code in next-refresh-token (npm)
This package executes a post-install script to collect system data and sends it to a remote server. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware c1d44ee35f1e7a2f1a815de12ce539b2c3ffcb9ef5dc72eb632de64e000cf1b7 Any computer that has this package installed or runni...
Malicious code in openssl-node (npm)
This package executes a post-install script to collect system data and sends it to a remote server. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 06f19e257e800106253b9b27f14e1caac48d65284d85d47aa244d8aa9bfc97a8 Any computer that has this package installed or runni...
MAL-2025-141 Malicious code in serve-static-corell (npm)
This package includes a post-install script that fetches JavaScript code from a remote server and executes it. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware fdac054c93284fd4c0dca285d57baabea075f4c42f7a8bd63abf69f974d56b31 Any computer that has this package install...
PT-2024-12299 · Mlocate · Mlocate
Name of the Vulnerable Software and Affected Versions: mlocate affected versions not specified Description: The issue allows the RUN UPDATEDB AS user to make arbitrary files world readable by abusing insecure file operations that run with root privileges. This is due to mlocate's %post script...
Important: Red Hat Security Advisory: kpatch-patch security update
An update for kpatch-patch is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is availabl...
Gentoo Security Vulnerabilities
Gentoo is an open source Linux system from the Gentoo Foundation. A security vulnerability exists in Gentoo ebuild for Slurm 22.05.3 and earlier versions, which stems from the fact that pkgpostinst can call chown to assign ownership of files in the root filesystem...
Important: Red Hat Security Advisory: kpatch-patch security update
An update for kpatch-patch is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is availabl...
Important: Red Hat Security Advisory: kpatch-patch security update
An update for kpatch-patch is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is availabl...
Important: Red Hat Security Advisory: kpatch-patch security update
An update for kpatch-patch is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...