2014 matches found
CVE-2026-24218
NVIDIA DGX OS contains a vulnerability in the factory provisioning process, where the cloning of a base image causes identical SSH host keys to be deployed across multiple systems. The sharing of cryptographic identifiers across all similarly provisioned systems enables host impersonation or...
Astra Linux - уязвимость в tiff
A heap-based buffer overflow flaw was discovered in libtiff, particularly in the handling of TIFF images using libtiff’s TIFF2PDF tool. A specially crafted TIFF file can lead to arbitrary code execution. The greatest threat posed by this vulnerability relates to confidentiality, integrity, and...
MetaBackdoor: Exploiting Positional Encoding As a Backdoor Attack Surface in LLMs
Backdoor attacks pose a serious security threat to large language models LLMs, which are increasingly deployed as general-purpose assistants in safety- and privacy-critical applications. Existing LLM backdoors rely primarily on content-based triggers, requiring explicit modification of the input...
Malicious Package
Overview partner-tracker-api is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...
MAL-2026-2135 Malicious code in yelp-react-component-photo-upload (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 32e7f0c90df117fd4748129db7ebb37ee6519a0f8ace68bbd197b8f6658da7ee The package yelp-react-component-photo-upload was found to contain malicious code. Source: ghsa-malware...
WAVE
...
CVE-2018-19367
Portainer through 1.19.2 provides an API endpoint /api/users/admin/check to verify that the admin user is already created. This API endpoint will return 404 if admin was not created and 204 if it was already created. Attackers can set an admin password in the 404 case...
Exploring the Security Threats of Retriever Backdoors in Retrieval-Augmented Code Generation
Retrieval-Augmented Code Generation RACG is increasingly adopted to enhance Large Language Models for software development, yet its security implications remain dangerously underexplored. This paper conducts the first systematic exploration of a critical and stealthy threat: backdoor attacks...
MAL-2025-192887 Malicious code in workvivo-chatbot (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9e993f1097d70a3ff26607309666ae40eebf846a04af39cb76063ca237090bcc The package workvivo-chatbot was found to contain malicious code...
Malicious code in gemini-postgres-rehype-sagitta (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 835234f600dc962131b0c036e7163ad52a55b2eff7514f87441427dbc9a88dae This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
EUVD-2025-136698
Malicious code in inda-fodija-gif npm...
EUVD-2025-137006
Malicious code in riya-6 npm...
EUVD-2025-141822
Malicious code in goodain-nusiautua-nutgai npm...
EUVD-2025-143577
Malicious code in affri-zidan-tea npm...
Malicious code in buta-fna-nafifagffa (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9da2dd6c6cb78147341ec673f44ba1a717165addc42f09fcdaef038cbb166399 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
EUVD-2025-139570
Malicious code in nuilva-bavam-madivabunav npm...
MAL-2025-174718 Malicious code in hitachi-poke76 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ee1589c775b2354d8d3929cdc5e1ad3ef21232defe0c75bc1f69fbee8455e9fa This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
EUVD-2025-146135
Malicious code in adrianoalves npm...
MAL-2025-171631 Malicious code in nasirqadir (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1485b8466baacf5f808a74021df6792658a5c0e536ed3f28fe571816771a6f3f This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in indukhanna (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cbef1091f78360e62ada3fe8216bbe3c926ba09e0dfe68ac845be38ffc298c17 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...