SUSE: Security Advisory (SUSE-SU-2026:20997-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

GHSA-C7PH-F7JM-XV4W rPGP's integrity protection of encrypted data was not always checked

Summary For some messages, rPGP returned incorrectly decrypted data without signaling that integrity protection was invalid. Details When decrypting SEIPD Symmetrically Encrypted and Integrity Protected Data Packet, rPGP previously did not under all circumstances report the absence of valid...

rPGP's integrity protection of encrypted data was not always checked

Summary For some messages, rPGP returned incorrectly decrypted data without signaling that integrity protection was invalid. Details When decrypting SEIPD Symmetrically Encrypted and Integrity Protected Data Packet, rPGP previously did not under all circumstances report the absence of valid...

Malicious Package

Overview baileys-ud is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...

PT-2026-3252

Name of the Vulnerable Software and Affected Versions ConnectWise PSA versions prior to 2026.1 Description Certain session cookies were not configured with the HttpOnly attribute in affected versions. This could potentially allow client-side scripts to access session cookie values. Recommendation...

EUVD-2026-1134

Malicious code in eslint-supertest npm...

EUVD-2025-198319

hpke-js is a Hybrid Public Key Encryption HPKE module built on top of Web Cryptography API. Prior to version 1.7.5, the public SenderContext Seal API has a race condition which allows for the same AEAD nonce to be re-used for multiple Seal calls. This can lead to complete loss of Confidentiality...

EUVD-2025-142362

Malicious code in diva-banubo-imani npm...

Malicious code in rival-poke88 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ba5e0e43b9b4153ba214d06e01a54717dc8127ca7a763f82bfabbadd2bf4a2dc This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in rehype-testcafe-iota-sails (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e7d5a0ef86d9d1e26796efa729b64cfdfbf09a3a2a2669f32d1e01e0b38ee963 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

EUVD-2025-120141

Malicious code in yaml-gatsby-yildun-less npm...

EUVD-2025-104830

Malicious code in hadianto-lumpur12-breki npm...

EUVD-2025-62420

Malicious code in quainttarantulaz3n npm...

EUVD-2025-53666

Malicious code in irrelevant-coffee-earthworm npm...

EUVD-2025-40308

Malicious code in budi-telur21-sluey npm...

Malicious Package

Overview cypress-typescript is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

OpenAI’s Guardrails Can Be Bypassed by Simple Prompt Injection Attack

Just weeks after its release, OpenAI’s Guardrails system was quickly bypassed by researchers. Read how simple prompt injection attacks fooled the system’s AI judges and exposed an ongoing security concern for OpenAI...

Malicious Package

Overview redirect-95fl17 is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

Malicious code in eslint-plugin-react-discord (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 862a652a5e78f22218ea31a4ff588865d928d6ffaab7d8be046b8430511288c0 Any computer that has this package installed or running should be considered...

EUVD-2020-3083

Malware in sbrugna...