MAL-2026-2933 Malicious code in @kjma/mailcraft (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 69f8916db8f38815341618cd61534b177ef9984ab2dd5774e445bb072fcf10c6 The package @kjma/mailcraft was found to contain malicious code. Source: ghsa-malware 5e4802b882a28ccb6e1c4c9bf610c05c4a2a023d7018fb66c0ac46623b8560d...

Malicious code in optimized-fastest-levenshtein (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6ad1df5ecfcba26f63d6afe82b0b81c718ed915074e7e2a1eec30d7fd6815be5 The package optimized-fastest-levenshtein was found to contain malicious code. Source: ghsa-malware...

Malicious code in mailcraftjs (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 27f66d32585597a7eeaa611a0c5f0fd20ee5a035d98d00ace5c0a333ae36b5be The package mailcraftjs was found to contain malicious code. Source: ghsa-malware bc9eb14094700cd30fbd04c4f4b7e75c8971e1ceb5442320dba55befe0fdccb7 An...

MAL-2026-2943 Malicious code in turbo-he (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1da17bf1f37303e3d91056c1ce674462279861bc896e413f1d262548ff6b3647 The package turbo-he was found to contain malicious code. Source: ghsa-malware 6bd9985ec0cf97c08347814d88b84c1c12cd8f22507a76e2a78cacb06c6840a6 Any...

Malicious code in @kjma/mailcraft (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 69f8916db8f38815341618cd61534b177ef9984ab2dd5774e445bb072fcf10c6 The package @kjma/mailcraft was found to contain malicious code. Source: ghsa-malware 5e4802b882a28ccb6e1c4c9bf610c05c4a2a023d7018fb66c0ac46623b8560d...

MAL-2026-2940 Malicious code in mailcraftjs (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 27f66d32585597a7eeaa611a0c5f0fd20ee5a035d98d00ace5c0a333ae36b5be The package mailcraftjs was found to contain malicious code. Source: ghsa-malware bc9eb14094700cd30fbd04c4f4b7e75c8971e1ceb5442320dba55befe0fdccb7 An...

CVE-2026-6597 langflow-ai langflow Flow Using API core.py has_api_terms credentials storage

A weakness has been identified in langflow-ai langflow up to 1.8.3. Impacted is the function removeapikeys/hasapiterms of the file src/backend/base/langflow/api/utils/core.py of the component Flow Using API. This manipulation causes unprotected storage of credentials. The attack can be initiated...

CVE-2026-6597

langflow-ai (Flow Using API) up to version 1.8.3 is affected by CVE-2026-6597. The vulnerability resides in the code path src/backend/base/langflow/api/utils/core.py, specifically the remove_api_keys/has_api_terms functions, which enables unprotected storage of credentials. The issue can be explo...

PT-2026-33692

A weakness has been identified in langflow-ai langflow up to 1.8.3. Impacted is the function remove api keys/has api terms of the file src/backend/base/langflow/api/utils/core.py of the component Flow Using API. This manipulation causes unprotected storage of credentials. The attack can be...

Fedora 42 : incus (2026-4481307278)

The remote Fedora 42 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-4481307278 advisory. Remove incus dependency from incus-agent. ---- Update to 6.23 Tenable has extracted the preceding description block directly from the Fedora securit...

Malicious code in react-hook-form (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 17ae372e5061ef357237d48a7812ca65bbc3a49b8a57153df5812d17e9d8eeaa The package react-hook-form was found to contain malicious code. Source: ghsa-malware 5aa9ba7a4ea0b89453bdd073b8ffb80b6e3baab6684d5652a1e898c2bacb5a6...

MAL-2026-2853 Malicious code in react-hook-form (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 17ae372e5061ef357237d48a7812ca65bbc3a49b8a57153df5812d17e9d8eeaa The package react-hook-form was found to contain malicious code. Source: ghsa-malware 5aa9ba7a4ea0b89453bdd073b8ffb80b6e3baab6684d5652a1e898c2bacb5a6...

MAL-2026-2850 Malicious code in value-slider (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector abf877173b9292185a66f77e03a35a1964c716f9cc053cd68cfd66fa005843fa The package value-slider was found to contain malicious code. Source: ghsa-malware cf716f2e826f45d1313d19d4691315d634d3199be557367c4346af4481aec65c A...

Malicious code in @than-xs/libsignal-node (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c613873d188e4ec1b5e30520478eb5e162c8f2b10cad3dd50e0973d9ca925034 The package @than-xs/libsignal-node was found to contain malicious code. Source: ghsa-malware...

Malicious code in @than1st/baileys (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 33e5a745025283eafbcdaca42eabb928085deea39d64a048431086a73651cbb3 The package @than1st/baileys was found to contain malicious code. Source: ghsa-malware b279f3956e0591d27684f8ad6e1464cb4d3901ef0d1c977ef8ea6ec3f53a71...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-007546)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007546 advisory. In the Linux kernel, the following vulnerability has been resolved: md-raid10: fix KASAN warning There's a KASAN warning in raid10removedisk when running the lvm tes...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-007225)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007225 advisory. In the Linux kernel, the following vulnerability has been resolved: sh: push-switch: Reorder cleanup operations to avoid use-after-free bug The original code puts...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-007308)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007308 advisory. In the Linux kernel, the following vulnerability has been resolved: media: usbtv: Remove useless locks in usbtvvideofree Remove locks calls in usbtvvideofree because...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-007282)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007282 advisory. In the Linux kernel, the following vulnerability has been resolved: net: dpaa2-eth: fix use-after-free in dpaa2ethremove Access to netdev after freenetdev will cause...

CVE-2026-40318 SiYuan: Publish Reader Path Traversal Delete via `removeUnusedAttributeView`

SiYuan is an open-source personal knowledge management system. In versions 3.6.3 and prior, the /api/av/removeUnusedAttributeView endpoint constructs a filesystem path using the user-controlled id parameter without validation or path boundary enforcement. An attacker can inject path traversal...