Malicious code in 0x2ai-demo6x (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cf57dfddd0bfd0def03360ae66ea88dd6d4e875cbcb42880a4277eb2d1df269a On npm install, scripts/postinstall.cjs recursively copies the package's payload/ directory into process.env.INITCWD the installer's project root,...

MAL-2026-5446 Malicious code in housecall-ui (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 67e32f5c0c623ab57ac1de78fb5e118394d96f79b760af74d4127f775a0a97fe [email protected] is a hollow npm package empty description, empty author, index.js exports an empty object whose sole runtime dependency is declar...

MAL-2026-5352 Malicious code in blockchain-helper-0 (npm)

Note: This report is updated by a verification record Crypto/SSH/wallet stealer self-labeled "CRYPTO STEALER". postinstall scripts/postinstall.js auto-execs, src/index.js harvests /.ssh/idrsa + wallet keys/seeds + env and exfils to hardcoded Telegram bot...

Malicious code in @lux2/ssr-catalogue-sfcc (npm)

Package collects system info, exfiltrates data to a suspicious IP, executes shell commands, and uses pre/postinstall scripts. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b625e0932d70166d526fb8fa4993c8c448699203e795ad308cfe52cd784b28ff The package...

MAL-2026-1384 Malicious code in @lux2/ssr-catalogue-sfcc (npm)

Package collects system info, exfiltrates data to a suspicious IP, executes shell commands, and uses pre/postinstall scripts. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b625e0932d70166d526fb8fa4993c8c448699203e795ad308cfe52cd784b28ff The package...

Remote Code Execution (RCE)

Signal K Server is vulnerable to Remote Code Execution RCE. The vulnerability is due to unsanitized npm version specifiers in the appstore install API, where attacker-controlled URLs or git sources can be passed to npm, allowing execution of malicious postinstall scripts when an administrator...

PT-2026-1023

Name of the Vulnerable Software and Affected Versions Signal K Server versions prior to 2.19.0 Description Signal K Server is a server application used in marine environments. Versions prior to 2.19.0 of the appstore interface allow administrators to install npm packages through a REST API...

CVE-2025-58374

Roo Code is an AI-powered autonomous coding agent that lives in users' editors. Versions 3.25.23 and below contain a default list of allowed commands that do not need manual approval if auto-approve is enabled, and npm install is included in that list. Because npm install executes lifecycle...

CVE-2025-58374 Roo Code: Auto-approve allows npm install execution of malicious postinstall scripts

Roo Code is an AI-powered autonomous coding agent that lives in users' editors. Versions 3.25.23 and below contain a default list of allowed commands that do not need manual approval if auto-approve is enabled, and npm install is included in that list. Because npm install executes lifecycle...

Automox Alive Automox Agent 安全漏洞

Automox is a cloud-based tool from US-based Automox Inc. It can fully automate the patch repair process in Windows, macOS, Linux and third-party software including Adobe, Firefox, Chrome and Windows. A security vulnerability exists in Automox Alive Automox Agent that originates from allowing an...