CVE-2026-3321 Authorization Bypass in ON24 Q&A chat

A vulnerability of authorization bypass through user-controlled key in the 'console-survey/api/v1/answer/EVENTID/TIMESTAMP/' endpoint. Exploiting this vulnerability would allow an unauthenticated attacker to enumerate event IDs and obtain the complete Q&A history. This publicly exposed data may...

CVE-2026-3321

A vulnerability of authorization bypass through user-controlled key in the 'console-survey/api/v1/answer/EVENTID/TIMESTAMP/' endpoint. Exploiting this vulnerability would allow an unauthenticated attacker to enumerate event IDs and obtain the complete Q&A history. This publicly exposed data may...

MAL-2026-2212 Malicious code in @opengov/qa-record-types-api (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0be39ed161d642824f2ce1f8511e03759918909ba0218265174294129a172d01 The package @opengov/qa-record-types-api was found to contain malicious code. Source: google-open-source-security...

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. The publishing pipeline of this package was compromised as the result of Trivy's GitHub Actions compromise and a malicious versions were released on NPM. They contain malicious code, and its content was NOT yet...

ChartAttack: Testing the Vulnerability of LLMs to Malicious Prompting in Chart Generation

Multimodal large language models MLLMs are increasingly used to automate chart generation from data tables, enabling efficient data analysis and reporting but also introducing new misuse risks. In this work, we introduce ChartAttack, a novel framework for evaluating how MLLMs can be misused to...

Malicious Package

Overview rt-qa-sampler is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

Malicious code in rt-qa-sampler (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 01d57d7fdf7de875c7da43a03defcfe1df8c66f3a72a0802585f903e5e4e4a19 The package rt-qa-sampler was found to contain malicious code. Source: ghsa-malware 7db994932160920a0a11f0ca0419898a6c0552e1f38b68ccf9bb6b59d72f98fb...

MAL-2026-142 Malicious code in rt-qa-sampler (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 01d57d7fdf7de875c7da43a03defcfe1df8c66f3a72a0802585f903e5e4e4a19 The package rt-qa-sampler was found to contain malicious code. Source: ghsa-malware 7db994932160920a0a11f0ca0419898a6c0552e1f38b68ccf9bb6b59d72f98fb...

EUVD-2025-199504

Malicious code in @dev-blinq/ai-qa-logic npm...

Malicious code in @dev-blinq/ai-qa-logic (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6bcfefccc1ff9a7579321c6e45d16fc6aa94b9eaa45952fe47d415c2ffcde9a4 The package @dev-blinq/ai-qa-logic was found to contain malicious code. Source: ghsa-malware...

@dev-blinq/ai-qa-logic (=1.0.3) potentially affected by unknown CVE via @dev-blinq/ai-qa-logic (=1.0.18)

@dev-blinq/ai-qa-logic NPM version =1.0.18 is affected by a known vulnerability. The following packages have a transitive dependency on @dev-blinq/ai-qa-logic and may be impacted: - @dev-blinq/ai-qa-logic =1.0.3 Source cves: unknown CVE Source advisory: OSV:MAL-2025-191210...

@dev-blinq/ai-qa-logic (>=1.0.0 <=1.0.18), @dev-blinq/cucumber_client (>=0.0.1 <=1.0.1633-dev) potentially affected by unknown CVE via automation_model (>=1.0.1-amdocs <=1.0.894-dev)

automationmodel NPM version =1.0.1-amdocs, =1.0.0, =0.0.1, =1.0.1633-dev Source cves: unknown CVE Source advisory: OSV:MAL-2025-191066...

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Sha1-hulud supply chain attack, and its content was removed from the official package manager. The malware functions as a self-replicating worm capable of...

PT-2025-47158

Name of the Vulnerable Software and Affected Versions QaTraq version 6.9.2 Description Authenticated users can upload arbitrary files through the "Add Attachment" feature within the "Test Script" module. The application does not restrict file types, allowing the upload of executable PHP files...

EUVD-2025-37058

Malicious code in qa-egs-rollback npm...

Malicious code in qa-egs-rollback (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f069cbe096962a4415247fec584da742da87006805e2e0a12d2e0a080936479d The package qa-egs-rollback was found to contain malicious code...

MAL-2025-49235 Malicious code in qa-egs-rollback (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f069cbe096962a4415247fec584da742da87006805e2e0a12d2e0a080936479d The package qa-egs-rollback was found to contain malicious code...

01os (>=0.0.1 <=0.0.14), 12factor-configclasses (>=0.2.1 <=0.2.6) +4412 more potentially affected by CVE-2025-62727 via starlette (>=0.10.1 <=0.49.0)

starlette PYPI version =0.10.1, =0.0.1, =0.2.1, =0.1.0, =0.3.6, =0.12.0, =0.4.2, =0.1.10, =0.0.1, =0.1.0, =0.1.3, =0.0.1, =0.1.5, =0.1.1, =0.1.9 and more Source cves: CVE-2025-62727 Source advisory: SNYK:PYTHON-STARLETTE-13733964...

EUVD-2017-9718

Malware in sbrugna...

cli-form (>=0.0.0 <=0.1.4), kik (>=0.0.0 <=1.3.0) potentially affected by unknown CVE via cli-qa (>=0.3.0 <=2.3.0)

cli-qa NPM version =0.3.0, =0.0.0, =0.0.0, =1.3.0 Source cves: unknown CVE Source advisory: OSV:MAL-2025-17116...