MAL-2026-3447 Malicious code in @squawk/icao-registry-data (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8b2e3d9fe7e5b2e36db3f5a5e5b4453685fe4a2993dd0116c25f290e05cce269 The package @squawk/icao-registry-data was found to contain malicious code. Source: ghsa-malware...

@squawk/mcp (>=0.2.0 <=0.8.13) potentially affected by unknown CVE via @squawk/icao-registry-data (>=0.3.3 <=0.8.3)

@squawk/icao-registry-data NPM version =0.3.3, =0.2.0, =0.8.13 Source cves: unknown CVE Source advisory: OSV:MAL-2026-3447...

Malicious code in @squawk/icao-registry-data (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8b2e3d9fe7e5b2e36db3f5a5e5b4453685fe4a2993dd0116c25f290e05cce269 The package @squawk/icao-registry-data was found to contain malicious code. Source: ghsa-malware...

@squawk/airport-data (>=0.2.0 <=0.7.3), @squawk/airports (>=0.2.0 <=0.6.1) +16 more potentially affected by unknown CVE via @squawk/types (>=0.3.1 <=0.8.0)

@squawk/types NPM version =0.3.1, =0.2.0, =0.2.0, =0.2.0, =0.2.0, =0.2.0, =0.2.0, =0.1.0, =0.2.0, =0.2.0, =0.2.0, =0.2.0, =0.2.0, =0.2.0, =0.2.0, =0.2.0, =0.3.5 and more Source cves: unknown CVE Source advisory: SNYK:JS-SQUAWKTYPES-16640890...

@squawk/mcp (>=0.2.0 <=0.8.13) potentially affected by unknown CVE via @squawk/icao-registry-data (>=0.3.3 <=0.8.3)

@squawk/icao-registry-data NPM version =0.3.3, =0.2.0, =0.8.13 Source cves: unknown CVE Source advisory: SNYK:JS-SQUAWKICAOREGISTRYDATA-16640875...

Malicious code in paypal-payouts-bridge (npm)

Malicious npm package published by the microsop threat actor as part of a dependency-confusion campaign that impersonates internal tooling at Microsoft, Google Cloud, and PayPal using inflated semver values e.g. 99.9.x, 100.1.x to win npm resolution against private internal packages. All packages...

MAL-2026-3323 Malicious code in paypal-payouts-bridge (npm)

Malicious npm package published by the microsop threat actor as part of a dependency-confusion campaign that impersonates internal tooling at Microsoft, Google Cloud, and PayPal using inflated semver values e.g. 99.9.x, 100.1.x to win npm resolution against private internal packages. All packages...

OpenClaw 竞争条件问题漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.2.19 contained a race condition vulnerability. This vulnerability stemmed from concurrent update operations involving sandbox containers and browsers, which could lead to registry...

EUVD-2025-208573

GitLab has remediated an issue in GitLab EE affecting all versions from 18.2 before 18.7.6, 18.8 before 18.8.6, and 18.9 before 18.9.2 that could have allowed an authenticated user to access Virtual Registry data in groups where they are not members due to improper authorization under certain...

CVE-2025-12704

GitLab has remediated an issue in GitLab EE affecting all versions from 18.2 before 18.7.6, 18.8 before 18.8.6, and 18.9 before 18.9.2 that could have allowed an authenticated user to access Virtual Registry data in groups where they are not members due to improper authorization under certain...

CVE-2025-12704 Missing Authorization in GitLab

GitLab has remediated an issue in GitLab EE affecting all versions from 18.2 before 18.7.6, 18.8 before 18.8.6, and 18.9 before 18.9.2 that could have allowed an authenticated user to access Virtual Registry data in groups where they are not members due to improper authorization under certain...

CVE-2025-12704 Missing Authorization in GitLab

GitLab has remediated an issue in GitLab EE affecting all versions from 18.2 before 18.7.6, 18.8 before 18.8.6, and 18.9 before 18.9.2 that could have allowed an authenticated user to access Virtual Registry data in groups where they are not members due to improper authorization under certain...

CVE-2025-12704 Missing Authorization in GitLab

GitLab has remediated an issue in GitLab EE affecting all versions from 18.2 before 18.7.6, 18.8 before 18.8.6, and 18.9 before 18.9.2 that could have allowed an authenticated user to access Virtual Registry data in groups where they are not members due to improper authorization under certain...

PT-2026-24707

GitLab has remediated an issue in GitLab EE affecting all versions from 18.2 before 18.7.6, 18.8 before 18.8.6, and 18.9 before 18.9.2 that could have allowed an authenticated user to access Virtual Registry data in groups where they are not members due to improper authorization under certain...

CVE-2025-59093

Exos 9300 instances are using a randomly generated database password to connect to the configured MSSQL server. The password is derived from static random values, which are concatenated to the hostname and a random string that can be read by every user from the registry. This allows an attacker t...

CVE-2025-59093

Exos 9300 instances are using a randomly generated database password to connect to the configured MSSQL server. The password is derived from static random values, which are concatenated to the hostname and a random string that can be read by every user from the registry. This allows an attacker t...

PT-2026-4743

Exos 9300 instances are using a randomly generated database password to connect to the configured MSSQL server. The password is derived from static random values, which are concatenated to the hostname and a random string that can be read by every user from the registry. This allows an attacker t...

CVE-2025-8304

An authenticated local user can obtain information that allows claiming security policy rules of another user due to sensitive information being accessible in the Windows Registry keys for Check Point Identity Agent running on a Terminal Server...

CVE-2025-8304

An authenticated local user can obtain information that allows claiming security policy rules of another user due to sensitive information being accessible in the Windows Registry keys for Check Point Identity Agent running on a Terminal Server...

EUVD-2019-2421

Malware in sbrugna...