Malicious code in atlasora-config (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f33093da9f0bcf9358f3b00bd87e723d95267074539c72511ab58bff4172f092 The package declares a postinstall hook in package.json "postinstall": "node install.js" that auto-executes install.js on every npm install. install....

MAL-2026-6239 Malicious code in atlasora-config (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f33093da9f0bcf9358f3b00bd87e723d95267074539c72511ab58bff4172f092 The package declares a postinstall hook in package.json "postinstall": "node install.js" that auto-executes install.js on every npm install. install....

Malicious code in atlasora-types (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7af2118f668c8e39caf15aeb52d365083d5bc6b9c1ae4d9ff6d007d348ba8b9e On npm install, the package runs install.js via the postinstall lifecycle hook. The script harvests installer-side secrets and POSTs them as JSON to ...

MAL-2026-6242 Malicious code in atlasora-types (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7af2118f668c8e39caf15aeb52d365083d5bc6b9c1ae4d9ff6d007d348ba8b9e On npm install, the package runs install.js via the postinstall lifecycle hook. The script harvests installer-side secrets and POSTs them as JSON to ...

Security Bulletin: Security vulnerability in JavaScript affects IBM Robotic Process Automation and IBM Robotic Process Automation for Cloud Pak

Summary A security vulnerability in JavaScript affects IBM Robotic Process Automation and IBM Robotic Process Automation for Cloud Pak. JavaScript is used by IBM Robotic Process Automation and IBM Robotic Process Automation for Cloud Pak as part of its deployment. This bulletin identifies the fix...

Security Bulletin: Multiple security vulnerabilities in .NET affect IBM Robotic Process Automation

Summary Multiple security vulnerabilities in .NET affect IBM Robotic Process Automation. .NET is used by IBM Robotic Process as part of it's development framework. This security bulletin identifies the fixes required to resolve these vulnerabilities Vulnerability Details CVEID:CVE-2026-26171...

GumVulns

GumVulns A single-file PHP CLI that searches many vulnerabi...

Web-Security-Audit-Skill

--- Features - Multi-language support: Automatic identi...

flowise-mcp-env-case-bypass-poc

Flowise 3.1.2 Custom MCP Environment Variable Case Bypass PoC...

SUSE-SU-2026:22197-1 Security update for tomcat10

This update for tomcat10 fixes the following issues Update to Tomcat 10.1.55: - CVE-2026-41284: Unbounded read in WebDAV LOCK and PROPFIND handling bsc1265162. - CVE-2026-41293: HTTP/2 request headers not validated bsc1265163. - CVE-2026-42498: WebSocket authentication header exposure bsc1265165....

SUSE-SU-2026:22195-1 Security update for tomcat

This update for tomcat fixes the following issues Update to Tomcat 9.0.118: - CVE-2026-41284: Unbounded read in WebDAV LOCK and PROPFIND handling bsc1265162. - CVE-2026-41293: HTTP/2 request headers not validated bsc1265163. - CVE-2026-42498: WebSocket authentication header exposure bsc1265165. -...

SUSE-SU-2026:22196-1 Security update for tomcat11

This update for tomcat11 fixes the following issues Update to Tomcat 11.0.22: - CVE-2026-41284: Unbounded read in WebDAV LOCK and PROPFIND handling bsc1265162. - CVE-2026-41293: HTTP/2 request headers not validated bsc1265163. - CVE-2026-42498: WebSocket authentication header exposure bsc1265165....

Improper Request Routing

http-proxy-middleware is vulnerable to improper request routing. The vulnerability is due to unanchored substring matching in the host+path router selector logic, where configured host+path entries are matched against attacker-controlled request metadata using partial string comparisons instead o...

Malicious code in yian666aikf (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f96776bdaabacae768376d5c1ff3543f77d94b41298d3d01365032817c3cd53e [email protected] advertises itself as a lightweight string-manipulation utility library, but its only on-install effect is to launch a reverse shell...

MAL-2026-6234 Malicious code in yian666aikf (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f96776bdaabacae768376d5c1ff3543f77d94b41298d3d01365032817c3cd53e [email protected] advertises itself as a lightweight string-manipulation utility library, but its only on-install effect is to launch a reverse shell...

Malicious code in yianzzkf6687 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a59a0aee58573b3030b9d541980fa9d7df8ea55d4e6cc5b3bb349452b908d0e9 On npm install, the postinstall hook scripts/postinstall.js detach-spawns scripts/shell.js with detached: true, stdio: 'ignore', windowsHide: true an...

MAL-2026-6235 Malicious code in yianzzkf6687 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a59a0aee58573b3030b9d541980fa9d7df8ea55d4e6cc5b3bb349452b908d0e9 On npm install, the postinstall hook scripts/postinstall.js detach-spawns scripts/shell.js with detached: true, stdio: 'ignore', windowsHide: true an...

ghidra-12.1.2-rce-ace-calc-poc

Ghidra 12.1.2 Conditional ACE/RCE Calc PoCs This repository p...

SUSE CVE-2026-12047

HTML injection in pgAdmin 4's cloud deployment module. The verifycredentials, deploy, regions, and update-server endpoints under /rds/, /azure/, /google/, and the top-level /cloud/ blueprint propagated AWS / Azure / Google SDK exception text - and the related file-resolution and database-commit...

SUSE CVE-2026-12050

SQL injection in pgAdmin 4's named restore point endpoint POST /browser/server/restorepoint/gid/sid. The user-supplied 'value' field was interpolated directly into the SQL string with str.format instead of being passed as a bound parameter, allowing an authenticated pgAdmin user with a connected...