Malicious code in ogd-analytics (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1df5f4bdd6e2f58ff581cbad0d01738b5f6464794ace1a9fa95eea061a5bb7d5 package.json declares a preinstall lifecycle script that runs automatically during npm install. The script executes hostname, whoami, and pwd, then...

Malicious code in classbreeze-utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e19daf4f946816f5ba3c6e592eacc980861b281c6752b738de57fdd31f49279d The package masquerades as a Tailwind plugin: README and the top of src/index.js are a verbatim clone of @tailwindcss/typography...

MAL-2026-5973 Malicious code in classbreeze-utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e19daf4f946816f5ba3c6e592eacc980861b281c6752b738de57fdd31f49279d The package masquerades as a Tailwind plugin: README and the top of src/index.js are a verbatim clone of @tailwindcss/typography...

Malicious code in easy-day-js (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8602a5a154b50bb6351900a08fa45d7814c0f152e4379dcae53ccfa0b83db891 Package name 'easy-day-js' impersonates the popular 'dayjs' library, copying dayjs's author 'iamkun', homepage https://day.js.org, repository URL,...

MAL-2026-5979 Malicious code in easy-day-js (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8602a5a154b50bb6351900a08fa45d7814c0f152e4379dcae53ccfa0b83db891 Package name 'easy-day-js' impersonates the popular 'dayjs' library, copying dayjs's author 'iamkun', homepage https://day.js.org, repository URL,...

MAL-2026-5975 Malicious code in cryptodao-contracts (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 21c450a1d14c10213b83137f9c0670a9d8ed953105f96d66eedee78a56479d82 Package is published as version 99.99.99 to win private-vs-public resolution against an internal cryptodao-contracts namespace. The package's main...

Malicious code in cryptodao-contracts (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 21c450a1d14c10213b83137f9c0670a9d8ed953105f96d66eedee78a56479d82 Package is published as version 99.99.99 to win private-vs-public resolution against an internal cryptodao-contracts namespace. The package's main...

Malicious code in cryptodao-types (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 39fca1d76ba65e01fbd3319d6752bb0dc896f9cc356676c6bfad3671d8b1e0d9 On npm install, the package's postinstall script recon.js harvests installer-side secrets and POSTs them to attacker-controlled webhook endpoints. Th...

MAL-2026-5970 Malicious code in cryptodao-types (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 39fca1d76ba65e01fbd3319d6752bb0dc896f9cc356676c6bfad3671d8b1e0d9 On npm install, the package's postinstall script recon.js harvests installer-side secrets and POSTs them to attacker-controlled webhook endpoints. Th...

Malicious code in cryptodao-sdk (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 03ac58e81310f19b32d136445eab91f7ddc776921ff8dfd08bdb91bcdd4a1da6 [email protected] ships a postinstall script recon.js that runs automatically on npm install and harvests installer-side secrets. The script...

MAL-2026-5969 Malicious code in cryptodao-sdk (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 03ac58e81310f19b32d136445eab91f7ddc776921ff8dfd08bdb91bcdd4a1da6 [email protected] ships a postinstall script recon.js that runs automatically on npm install and harvests installer-side secrets. The script...

SUSE CVE-2026-24895

FrankenPHP is a modern application server for PHP. Prior to 1.11.2, FrankenPHP's CGI path splitting logic improperly handles Unicode characters during case conversion. The logic computes the split index for finding .php on a lowercased copy of the request path but applies that byte index to the...

SUSE CVE-2026-42257

Net::IMAP implements Internet Message Access Protocol IMAP client functionality in Ruby. Prior to versions 0.4.24, 0.5.14, and 0.6.4, several Net::IMAP commands accept a raw string argument that is sent to the server without validation or escaping. If this string is derived from user-controlled...

CVE-2026-53441

A flaw was found in Jenkins. This vulnerability, a stored cross-site scripting XSS issue, allows attackers with Agent/Configure permission to inject malicious scripts into the user-provided description of a generic offline cause. When other users view this description, the injected script can...

PT-2026-50429

When NGINX Plus is configured as the data plane for NGINX Gateway Fabric, an injection vulnerability exists in the NGINX configuration generator component of NGINX Gateway Fabric. User-supplied string values from the NginxProxy Custom Resource Definition serverTokens field and the...

PT-2026-50543

Shaarli is a personal bookmarking service. Versions 0.16.1 and prior contain a DOM-based Cross-Site Scripting XSS vulnerability in the Thumbnail Synchronizer feature. When an administrator runs the thumbnail update process, malicious bookmark titles are returned via an AJAX response and inserted...

Hitachi Energy RTU500 NULL Pointer Dereference (CVE-2026-24515)

In libexpat before 2.7.4, XMLExternalEntityParserCreate does not copy unknown encoding handler user data, causing Denial of Service impact. Product is only affected if IEC 61850 functionality is configured. This plugin only works with Tenable.ot. Please visit...

Drupal core - Less critical - Cache poisoning and open redirect - SA-CORE-2026-007

Drupal core ships a rebuild.php front controller that can be used to rebuild Drupal clearing the caches and rebuilding the container when the site is in an unexpected condition. This script doesn't correctly check the Host header against the list of trusted host patterns. This could result in cac...

PT-2026-50473

Summary The spreadsheet-fetch endpoint axiosRequestMake accepted URLs whose path contained a permitted extension anywhere in the string, and applied a hand-rolled regex blocklist that omitted 127.0.0.0/8 and 169.254.0.0/16, allowing the cloud-metadata endpoint to be reached with a crafted URL...

PT-2026-50568

Name of the Vulnerable Software and Affected Versions Steeltoe.Configuration.Encryption versions 4.0.0 through 4.1.0 Description Steeltoe is an open source project providing libraries for building cloud-native applications. An issue exists where configuring the encrypt:rsa:algorithm variable with...