Malicious code in @service-suppliers/fetch-initial-suppliers-watcher-saga (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware e38be804fe779ace5ea3a6a56214beebe7ceabaa5f765b46a0f7888ed2da4fc1 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2026-4846 Malicious code in @service-suppliers/fetch-initial-suppliers-watcher-saga (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware e38be804fe779ace5ea3a6a56214beebe7ceabaa5f765b46a0f7888ed2da4fc1 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in @bcs-bank-complex-ui/deeplink (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a93d855d3be0839ea18a9eb78249c1ba50f9029cf31e49e069e118deae5eca46 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in @hcs-hybrid/uirouter-core (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 27a0d7e172f9959faebfaed919369b4cd7a6321d9ae58986de045174908d431c Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in @polka-ui/configuration (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ebba90c019747402643a8d0056cd96101fe56feb8e9a4e14eb86cac2274def82 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious Package

Overview @polka-ui/config is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

MAL-2026-4842 Malicious code in @polka-ui/configuration (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ebba90c019747402643a8d0056cd96101fe56feb8e9a4e14eb86cac2274def82 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2026-4849 Malicious code in @service-suppliers/fetch_suppliers_country_list_action_saga (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 1019aabd4bb69e25840cb292802f34974e93eb6c61d783cd8e1bb054a33d182a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2026-4841 Malicious code in @hcs-hybrid/uirouter-core (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 27a0d7e172f9959faebfaed919369b4cd7a6321d9ae58986de045174908d431c Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2026-4843 Malicious code in @polka-ui/loads (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware d1c2dc697d40151aa0c28a6e1bc5fd467a78649ea136e58a874a8269fec093ae Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2026-4847 Malicious code in @service-suppliers/fetch-suppliers-watcher-saga (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 74317c1ce2d301970954a3b87d59143188bf88c4f822ea2eba15c88db25cd5f5 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2026-46187

In the Linux kernel, the following vulnerability has been resolved: wifi: rsi: fix kthread lifetime race between self-exit and external-stop RSI driver use both self-exitkthreadcompleteandexit and external-stop kthreadstop when killing a kthread. Generally, kthreadstop is called first, and in thi...

CVE-2026-46112

In the Linux kernel, the following vulnerability has been resolved: RDMA/hns: Fix unlocked call to hnsroceqpremove Sashiko points out that hnsroceqpremove requires the caller to hold locks. The error flow in hnsrocecreateqpcommon doesn't hold those locks for the error unwind so it risks corruptin...

CVE-2026-46223

In the Linux kernel, the following vulnerability has been resolved: cgroup: Defer css percpuref kill on rmdir until cgroup is depopulated A chain of commits going back to v7.0 reworked rmdir to satisfy the controller invariant that a subsystem's -cssoffline must not run while tasks are still doin...

CVE-2026-46160

CVE-2026-46160 concerns the Linux kernel’s Btrfs filesystem: when removing a directory, last_unlink_trans is not updated, which can lead to incorrect fsync behavior if a directory with an open file descriptor is fsynced after removal. This can cause log replay during mount to fail with -EIO, pote...

CVE-2026-46117

In the Linux kernel, the following vulnerability has been resolved: RDMA/mana: Remove user triggerable WARNON in manaibcreateqprss Sashiko points out that the user can specify WQs sharing the same CQ as a part of the uAPI and this will trigger the WARNON then go on to corrupt the kernel. Just...

CVE-2026-46112

In the Linux kernel, the following vulnerability has been resolved: RDMA/hns: Fix unlocked call to hnsroceqpremove Sashiko points out that hnsroceqpremove requires the caller to hold locks. The error flow in hnsrocecreateqpcommon doesn't hold those locks for the error unwind so it risks corruptin...

crypto: atmel-sha204a - Fix potential UAF and memory leak in remove path

...

SUSE CVE-2026-45877

In the Linux kernel, the following vulnerability has been resolved: HID: intel-ish-hid: fix NULL-ptr-deref in ishtpbusremoveallclients During a warm reset flow, the cl-device pointer may be NULL if the reset occurs while clients are still being enumerated. Accessing cl-device-referencecount witho...

SUSE CVE-2026-45898

In the Linux kernel, the following vulnerability has been resolved: RDMA/iwcm: Fix workqueue list corruption by removing worklist The commit e1168f0 "RDMA/iwcm: Simplify cmeventhandler" changed the work submission logic to unconditionally call queuework with the expectation that queuework would...