Malicious code in sfx-data (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d3fe291f014f24a669e43d0092e768f822241c223899812aeeb652ade2dcc63f The package sfx-data was found to contain malicious code...

MAL-2026-2801 Malicious code in sfx-data (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d3fe291f014f24a669e43d0092e768f822241c223899812aeeb652ade2dcc63f The package sfx-data was found to contain malicious code...

sfx (=0.1.0) potentially affected by CVE-2026-34589 via openexr (=3.2.4)

openexr PYPI version =3.2.4 is affected by a known vulnerability. The following packages have a transitive dependency on openexr and may be impacted: - sfx =0.1.0 Source cves: CVE-2026-34589 Source advisory: OSV:GHSA-P8XC-W3Q4-H64X...

sfx (=0.1.0) potentially affected by CVE-2026-34589 via openexr (=3.2.4)

openexr PYPI version =3.2.4 is affected by a known vulnerability. The following packages have a transitive dependency on openexr and may be impacted: - sfx =0.1.0 Source cves: CVE-2026-34589 Source advisory: SNYK:PYTHON-OPENEXR-15993179...

sfx (=0.1.0) potentially affected by CVE-2026-34588 via openexr (=3.2.4)

openexr PYPI version =3.2.4 is affected by a known vulnerability. The following packages have a transitive dependency on openexr and may be impacted: - sfx =0.1.0 Source cves: CVE-2026-34588 Source advisory: SNYK:PYTHON-OPENEXR-15993130...

sfx (=0.1.0) potentially affected by CVE-2026-34588 via openexr (=3.2.4)

openexr PYPI version =3.2.4 is affected by a known vulnerability. The following packages have a transitive dependency on openexr and may be impacted: - sfx =0.1.0 Source cves: CVE-2026-34588 Source advisory: OSV:GHSA-588R-CR5C-W6HF...

sfx (=0.1.0) potentially affected by CVE-2025-64183 via openexr (=3.2.4)

openexr PYPI version =3.2.4 is affected by a known vulnerability. The following packages have a transitive dependency on openexr and may be impacted: - sfx =0.1.0 Source cves: CVE-2025-64183 Source advisory: OSV:GHSA-57CW-J6VP-2P9M...

sfx (=0.1.0) potentially affected by CVE-2026-34378 via openexr (=3.2.4)

openexr PYPI version =3.2.4 is affected by a known vulnerability. The following packages have a transitive dependency on openexr and may be impacted: - sfx =0.1.0 Source cves: CVE-2026-34378 Source advisory: SNYK:PYTHON-OPENEXR-15993306...

sfx (=0.1.0) potentially affected by CVE-2026-34379 via openexr (=3.2.4)

openexr PYPI version =3.2.4 is affected by a known vulnerability. The following packages have a transitive dependency on openexr and may be impacted: - sfx =0.1.0 Source cves: CVE-2026-34379 Source advisory: SNYK:PYTHON-OPENEXR-15993246...

sfx (=0.1.0) potentially affected by CVE-2026-34380 via openexr (=3.2.4)

openexr PYPI version =3.2.4 is affected by a known vulnerability. The following packages have a transitive dependency on openexr and may be impacted: - sfx =0.1.0 Source cves: CVE-2026-34380 Source advisory: SNYK:PYTHON-OPENEXR-15993236...

sfx (=0.1.0) potentially affected by CVE-2026-34543 via openexr (=3.2.4)

openexr PYPI version =3.2.4 is affected by a known vulnerability. The following packages have a transitive dependency on openexr and may be impacted: - sfx =0.1.0 Source cves: CVE-2026-34543 Source advisory: OSV:GHSA-VC68-257W-M432...

sfx (=0.1.0) potentially affected by CVE-2026-34544 via openexr (=3.2.4)

openexr PYPI version =3.2.4 is affected by a known vulnerability. The following packages have a transitive dependency on openexr and may be impacted: - sfx =0.1.0 Source cves: CVE-2026-34544 Source advisory: OSV:GHSA-H762-RHV3-H25V...

Malicious Package

Overview sfx-event-bridge is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

Malicious code in sfx-event-bridge (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 2ed3495e868bcd1db85182332d575437978593cda12ceca6ab4acf1c4b28accf Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2026-2099 Malicious code in sfx-event-bridge (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 2ed3495e868bcd1db85182332d575437978593cda12ceca6ab4acf1c4b28accf Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2026-28773

The web-based Ping diagnostic utility /IDCPing/main.cgi in International Datacasting Corporation IDC SFX Series SuperFlex Satellite Receiver Web Management Interface version 101 is vulnerable to OS Command Injection. The application insecurely parses the IPaddr parameter. An authenticated attacke...

EUVD-2026-9374

International Datacasting Corporation IDC SFX Series SuperFlexSFX2100 SatelliteReceiver contains hardcoded and insecure credentials for the admin account. A remote unauthenticated attacker can use these undocumented credentials to access the satellite system directly via the Telnet service, leadi...

EUVD-2026-9370

An unauthenticated Remote Code Execution RCE vulnerability exists in the SNMP service of International Datacasting Corporation IDC SFX Series SuperFlex SatelliteReceiver. The deployment insecurely provisions the private SNMP community string with read/write access by default. Because the SNMP age...

CVE-2026-29120

The /root/anaconda-ks.cfg installation configuration file in International Datacasting Corporation IDC SFX SeriesSFX2100 SuperFlex Satellite Receiver insecurely stores the hardcoded root password hash. The password itself is highly insecure and susceptible to offline dictionary attacks using the...

CVE-2026-28773

The web-based Ping diagnostic utility /IDCPing/main.cgi in International Datacasting Corporation IDC SFX Series SuperFlex Satellite Receiver Web Management Interface version 101 is vulnerable to OS Command Injection. The application insecurely parses the IPaddr parameter. An authenticated attacke...