MAL-2026-6525 Malicious code in ts-einkle-slot (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f565a21645ed6a288a820dea60e648589a5cca95a91b2c90720f3d2bcadca73b Package is published as ts-einkle-slot but its tarball contents source, README, LICENCE, package.json author/repository/description are copied verbat...

Malicious code in ts-einkle-slot (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f565a21645ed6a288a820dea60e648589a5cca95a91b2c90720f3d2bcadca73b Package is published as ts-einkle-slot but its tarball contents source, README, LICENCE, package.json author/repository/description are copied verbat...

CVE-2026-53277

A flaw was found in the Kernel-based Virtual Machine KVM component of the Linux kernel on arm64 architectures. This vulnerability occurs because certain page table walk operations, used in fault injection and Address Translation AT emulation, do not properly acquire a Sleepable Read-Copy Update...

EUVD-2026-39146

Quest NetVault Backup NVBULibrarySlot SQL Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Quest NetVault Backup. Although authentication is required to exploit this vulnerability, the existing...

CVE-2026-52969

In the provided documents, CVE-2026-52969 affects the Linux kernel KVM path for dirty-page tracking. The vulnerability arises in kvm_reset_dirty_gfn(), where an unchecked 64-bit offset can wrap and bypass the range check, allowing a mismatch between slot/offset data and the gfn bounds via the MAP...

Malicious code in ts-grok (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a981e7e3ba27d859a2c536cbc25c04ebece92e1992035226ea9246d8bd381f1d Package ts-grok ships a verbatim copy of big.js v7.0.1 same banner, author 'Michael Mclaughlin', repository URL https://github.com/MikeMcl/big.js.git...

MAL-2026-6321 Malicious code in ts-grok (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a981e7e3ba27d859a2c536cbc25c04ebece92e1992035226ea9246d8bd381f1d Package ts-grok ships a verbatim copy of big.js v7.0.1 same banner, author 'Michael Mclaughlin', repository URL https://github.com/MikeMcl/big.js.git...

CVE-2026-50146

Astro is a web framework. Prior to 6.3.3, when a component uses a client: directive, Astro inserts named slot content into a data-astro-template attribute without HTML escaping the slot name allowing an attacker to break out of the attribute context and inject arbitrary HTML, resulting in reflect...

CVE-2026-50146

Astro is a web framework. Prior to 6.3.3, when a component uses a client: directive, Astro inserts named slot content into a data-astro-template attribute without HTML escaping the slot name allowing an attacker to break out of the attribute context and inject arbitrary HTML, resulting in reflect...

CVE-2026-50146 Astro: Reflected XSS via unescaped slot name

Astro is a web framework. Prior to 6.3.3, when a component uses a client: directive, Astro inserts named slot content into a data-astro-template attribute without HTML escaping the slot name allowing an attacker to break out of the attribute context and inject arbitrary HTML, resulting in reflect...

CVE-2026-50146

CVE-2026-50146 affects the Astro web framework prior to 6.3.3. When a component uses a client:* directive, Astro inserts named slot content into a data-astro-template attribute without escaping the slot name, allowing an attacker to break out of the attribute context and inject arbitrary HTML, re...

CVE-2026-56282

Capgo before 12.128.2 contains an information disclosure vulnerability in the unauthenticated /replication endpoint that exposes internal PostgreSQL replication telemetry including slot names and WAL LSN positions. Attackers can access this endpoint without authentication to retrieve sensitive...

CVE-2026-56282 Capgo - Information Disclosure via Unauthenticated /replication Endpoint

Capgo before 12.128.2 contains an information disclosure vulnerability in the unauthenticated /replication endpoint that exposes internal PostgreSQL replication telemetry including slot names and WAL LSN positions. Attackers can access this endpoint without authentication to retrieve sensitive...

EUVD-2026-38120

Capgo before 12.128.2 contains an information disclosure vulnerability in the unauthenticated /replication endpoint that exposes internal PostgreSQL replication telemetry including slot names and WAL LSN positions. Attackers can access this endpoint without authentication to retrieve sensitive...

CVE-2026-56282

Capgo before 12.128.2 contains an information disclosure vulnerability in the unauthenticated /replication endpoint that exposes internal PostgreSQL replication telemetry including slot names and WAL LSN positions. Attackers can access this endpoint without authentication to retrieve sensitive...

CVE-2026-56282

Capgo before 12.128.2 has an information-disclosure vulnerability in the unauthenticated /replication endpoint that exposes internal PostgreSQL replication telemetry (e.g., replication slot names, confirmed_flush_lsn, restart_lsn) and database error messages. Access to this endpoint does not requ...

CVE-2026-56317 Nuxt - Cross-Site Scripting via NoScript Component Slot Content

Nuxt before 4.4.7 and the 3.x branch before 3.21.7 contains a cross-site scripting vulnerability in the NoScript component that writes slot content to innerHTML without escaping. Attackers can inject malicious scripts through untrusted data in NoScript slots, such as route.query parameters, which...

EUVD-2026-38112

Nuxt before 4.4.7 and the 3.x branch before 3.21.7 contains a cross-site scripting vulnerability in the NoScript component that writes slot content to innerHTML without escaping. Attackers can inject malicious scripts through untrusted data in NoScript slots, such as route.query parameters, which...

PT-2026-51143

Name of the Vulnerable Software and Affected Versions Nuxt versions prior to 4.4.7 Nuxt versions prior to 3.21.7 Description A cross-site scripting issue exists in the NoScript component, which writes slot content to innerHTML without proper escaping. This allows attackers to inject malicious...

PT-2026-51152

Name of the Vulnerable Software and Affected Versions Capgo versions prior to 12.128.2 Description An information disclosure issue exists in the unauthenticated '/replication' endpoint. This allows attackers to retrieve internal PostgreSQL replication telemetry without authentication, exposing...