MAL-2026-2414 Malicious code in ftapi-core (npm)

Multiple suspicious behaviors: hex obfuscation, code execution via constructor, process access, install script, and suspicious author email. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1a78a31e9e0e51a5531ac61b714695aa1af1ac1379233e78623ac3ed63285f6c The...

Malicious code in ftapi-core (npm)

Multiple suspicious behaviors: hex obfuscation, code execution via constructor, process access, install script, and suspicious author email. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1a78a31e9e0e51a5531ac61b714695aa1af1ac1379233e78623ac3ed63285f6c The...

Malicious code in @cloudsop/hmoment (npm)

Malicious package due to suspicious install script attempting to require the current directory and low project popularity. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ad95ef51ef99f49ca08b99a81d6a18ecb75dafb1dad2afc2bca687f221ef95dc The package...

Malicious code in @ceeferenderer/itg-renderer-sdk (npm)

Malicious package due to code obfuscation, dynamic module loading, process exposure, suspicious install script, and untrustworthy author email. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 51b9fa22264e38705c3a7ba319515ee66036e72ab14c32d08b01a5695aa191b8 This...

MAL-2026-2407 Malicious code in @ceeferenderer/itg-renderer-sdk (npm)

Malicious package due to code obfuscation, dynamic module loading, process exposure, suspicious install script, and untrustworthy author email. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 51b9fa22264e38705c3a7ba319515ee66036e72ab14c32d08b01a5695aa191b8 This...

MAL-2026-2406 Malicious code in @ceeferenderer/fe-renderer-sdk (npm)

Multiple evidences suggest malicious intent: code obfuscation, dynamic code execution, process access, install script, and suspicious email. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector feee20bafab758bb648bbe425a100a13e6d21799552a2b5566fe6029faef6ce4 Package...

Malicious code in cclr-component-resources (npm)

Multiple evidences suggest this package is a malware: code obfuscation, dynamic code execution, suspicious domain, and unusual install script. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 61af3265fce06cfbb9bbf20e38d468e136487f69c41f70b0bbb1b331535bdf82 The...

MAL-2026-2413 Malicious code in cclr-component-resources (npm)

Multiple evidences suggest this package is a malware: code obfuscation, dynamic code execution, suspicious domain, and unusual install script. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 61af3265fce06cfbb9bbf20e38d468e136487f69c41f70b0bbb1b331535bdf82 The...

EUVD-2026-14738

A weakness has been identified in itsourcecode Online Enrollment System 1.0. This vulnerability affects unknown code of the file /sms/user/index.php?view=add of the component Parameter Handler. Executing a manipulation of the argument Name can lead to sql injection. The attack may be performed fr...

EUVD-2026-14588

OpenClaw before 2026.2.19 contains a local command injection vulnerability in Windows scheduled task script generation that allows attackers to execute arbitrary commands by injecting cmd metacharacters into unsafe gateway.cmd arguments. Attackers with control over service script generation value...

SourceCodester Online Catering Reservation SQL注入漏洞

SourceCodester Online Catering Reservation is an open-source online catering reservation system developed by SourceCodester. Version 1.0 of SourceCodester Online Catering Reservation has a SQL injection vulnerability. This vulnerability arises from incorrect handling of parameters in the...

PT-2026-27305

Name of the Vulnerable Software and Affected Versions SourceCodester Online Library Management System version 1.0 Description A SQL injection issue exists in SourceCodester Online Library Management System version 1.0. Manipulating the searchField argument in a function within the /home.php file ...

Bootstrapy CMS SQL注入漏洞

Bootstrapy CMS is an open-source content management system developed by Bootstrapy. Bootstrapy CMS has a SQL injection vulnerability. This vulnerability arises from multiple SQL injections, allowing unauthenticated attackers to inject malicious code through the threadid parameter in...

MATRI4WEB Matrimony Website Script M-Plus SQL注入漏洞

MATRI4WEB Matrimony Website Script M-Plus is a website scripting system developed by the Indian company MATRI4WEB. It is used to create dating platforms and manage member profiles as well as matching functions. The MATRI4WEB Matrimony Website Script M-Plus has a SQL injection vulnerability. This...

PT-2026-27506

NVIDIA Megatron-LM contains a vulnerability in the hybrid conversion script where an Attacker may cause an RCE by convincing a user to load a maliciously crafted file. A successful exploit of this vulnerability may lead to code execution, escalation of privileges, information disclosure, and data...

NVIDIA Megatron-LM 代码问题漏洞

NVIDIA Megatron-LM is a distributed training framework based on PyTorch developed by NVIDIA Corporation in the United States. It is specifically designed for training large-scale Transformer language models. NVIDIA Megatron-LM has code vulnerabilities; these vulnerabilities stem from remote code...

PT-2026-27373

Matrimony Website Script M-Plus contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to manipulate database queries by injecting SQL code through various POST parameters. Attackers can inject malicious SQL payloads into parameters like txtGender, religion, Fage, an...

CVE-2026-29840

JiZhiCMS v2.5.6 and before contains a Stored Cross-Site Scripting XSS vulnerability in the release function within app/home/c/UserController.php. The application attempts to sanitize input by filtering tags but fails to recursively remove dangerous event handlers in other HTML tags such as onerro...

PT-2026-27584

Name of the Vulnerable Software and Affected Versions Safari versions prior to 26.4 iOS versions prior to 18.7.7 iPadOS versions prior to 18.7.7 macOS Tahoe versions prior to 26.4 visionOS versions prior to 26.4 Description A logic issue exists due to improved state management. A malicious websit...

PT-2026-27623

Name of the Vulnerable Software and Affected Versions Authelia versions 4.39.15 Description Authelia is an open-source authentication and authorization server. An attacker may potentially be able to inject javascript into the Authelia login page if specific conditions are met, including...