Introducing Runtime Threat Detection for Google Cloud Run

Wiz Runtime Sensor support for Google Cloud Run Containers is now generally available, giving teams real-time threat detection and response for their serverless container workloads...

Malicious code in okfe-serverless-conf (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f74a72b0853bd9a530292e0f2f74d820ea396dd35650bb3537cf4b2d8705e0dc The package okfe-serverless-conf was found to contain malicious code. Source: ghsa-malware...

Malicious Package

Overview okfe-serverless-conf is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

MAL-2026-2646 Malicious code in okfe-serverless-conf (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f74a72b0853bd9a530292e0f2f74d820ea396dd35650bb3537cf4b2d8705e0dc The package okfe-serverless-conf was found to contain malicious code. Source: ghsa-malware...

EUVD-2026-14982

Astro: Unauthenticated Path Override via x-astro-path / xastropath...

CVE-2026-3992

A weakness has been identified in CodeGenieApp serverless-express up to 4.17.1. This affects an unknown part of the file utils/dynamodb.ts of the component Users Endpoint. This manipulation of the argument filter causes injection. The attack may be initiated remotely. The exploit has been made...

CVE-2026-4171

A security vulnerability has been detected in CodeGenieApp serverless-express up to 4.17.1. Affected by this issue is some unknown functionality of the file examples/lambda-function-url/packages/api/models/TodoList.ts of the component API Endpoint. The manipulation of the argument userId leads to...

CVE-2026-33768 Astro: Unauthenticated Path Override via `x-astro-path` / `x_astro_path`

Astro is a web framework. Prior to version 10.0.2, the @astrojs/vercel serverless entrypoint reads the x-astro-path header and xastropath query parameter to rewrite the internal request path, with no authentication whatsoever. On deployments without Edge Middleware, this lets anyone bypass Vercel...

CVE-2026-33768 Astro: Unauthenticated Path Override via `x-astro-path` / `x_astro_path`

Astro is a web framework. Prior to version 10.0.2, the @astrojs/vercel serverless entrypoint reads the x-astro-path header and xastropath query parameter to rewrite the internal request path, with no authentication whatsoever. On deployments without Edge Middleware, this lets anyone bypass Vercel...

CVE-2026-33768

Astro: Unauthenticated Path Override via x-astro-path/x_astro_path affects Astro 5.18.1 + @astrojs/vercel 9.0.4 and Astro 6.0.3 + @astrojs/vercel 10.0.0, with patch in 10.0.2. The vulnerable code rewrites the internal request path from a caller-supplied header or query parameter without authentic...

EUVD-2026-12216

A security vulnerability has been detected in CodeGenieApp serverless-express up to 4.17.1. Affected by this issue is some unknown functionality of the file examples/lambda-function-url/packages/api/models/TodoList.ts of the component API Endpoint. The manipulation of the argument userId leads to...

CVE-2026-4171

A security vulnerability has been detected in CodeGenieApp serverless-express up to 4.17.1. Affected by this issue is some unknown functionality of the file examples/lambda-function-url/packages/api/models/TodoList.ts of the component API Endpoint. The manipulation of the argument userId leads to...

Serverless Express 安全漏洞

Serverless Express is an open-source library from Code Genie that allows for running Node.js web applications in a serverless environment. Serverless Express versions 4.17.1 and earlier contain a security vulnerability. This vulnerability stems from incorrect handling of the parameter userId in t...

CVE-2026-4171

CVE-2026-4171 affects CodeGenieApp serverless-express up to 4.17.1. The vulnerability involves the authorization of a TodoList.ts endpoint (examples/lambda-function-url/packages/api/models/TodoList.ts) where manipulating the userId bypasses authorization. It is exploitable remotely and has public...

CVE-2026-4171

A security vulnerability has been detected in CodeGenieApp serverless-express up to 4.17.1. Affected by this issue is some unknown functionality of the file examples/lambda-function-url/packages/api/models/TodoList.ts of the component API Endpoint. The manipulation of the argument userId leads to...

CVE-2026-4171 CodeGenieApp serverless-express API Endpoint TodoList.ts authorization

A security vulnerability has been detected in CodeGenieApp serverless-express up to 4.17.1. Affected by this issue is some unknown functionality of the file examples/lambda-function-url/packages/api/models/TodoList.ts of the component API Endpoint. The manipulation of the argument userId leads to...

CVE-2026-4171 CodeGenieApp serverless-express API Endpoint TodoList.ts authorization

A security vulnerability has been detected in CodeGenieApp serverless-express up to 4.17.1. Affected by this issue is some unknown functionality of the file examples/lambda-function-url/packages/api/models/TodoList.ts of the component API Endpoint. The manipulation of the argument userId leads to...

PT-2026-25543

A security vulnerability has been detected in CodeGenieApp serverless-express up to 4.17.1. Affected by this issue is some unknown functionality of the file examples/lambda-function-url/packages/api/models/TodoList.ts of the component API Endpoint. The manipulation of the argument userId leads to...

Build Serverless Functions with Zero Cold Starts: WebAssembly and Spin

...

EUVD-2026-11535

A weakness has been identified in CodeGenieApp serverless-express up to 4.17.1. This affects an unknown part of the file utils/dynamodb.ts of the component Users Endpoint. This manipulation of the argument filter causes injection. The attack may be initiated remotely. The exploit has been made...