Malicious Package

Overview @izumiswap/sdk is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

CVE-2026-33362 Meari SDK hardcoded cryptographic keys

In Meari IoT SDK builds embedded in CloudEdge 5.5.0 build 220, Arenti 1.8.1 build 220, and white-label Android apps = 1.8.x latest observed, multiple security-critical secrets are hardcoded and shared, including API signing material, password-transport keying, and service access keys...

CVE-2026-41686 Claude SDK for TypeScript has Insecure Default File Permissions in Local Filesystem Memory Tool

Claude SDK for TypeScript provides access to the Claude API from server-side TypeScript or JavaScript applications. From version 0.79.0 to before version 0.91.1, the BetaLocalFilesystemMemoryTool in the Anthropic TypeScript SDK created memory files and directories using the Node.js default modes...

PT-2026-34552

CVE-2026-30623 vulnerability via Anthropic's MCP SDK has been fixed since v1.83.6-nightly. Please refer to our blog post for more details. https://t.co/ImGk2mGYug...

The Telnyx SDK on PyPI Compromise and the 2026 TeamPCP Supply Chain Attacks

...

CVE-2026-26861

CleverTap Web SDK version 1.15.2 and earlier is vulnerable to Cross-Site Scripting XSS via window.postMessage. The handleCustomHtmlPreviewPostMessageEvent function in src/util/campaignRender/nativeDisplay.js performs insufficient origin validation using the includes method, which can be bypassed ...

CVE-2026-27704 Dart SDK and Flutter SDK have Zip slip in Dart Pub package extraction

The Dart and Flutter SDKs provide software development kits for the Dart programming language. In versions of the Dart SDK prior to 3.11.0 and the Flutter SDK prior to version 3.41.0, when the pub client dart pub and flutter pub extracts a package in the pub cache, a malicious package archive can...

CVE-2025-27898

CVE-2025-27898 is supported by connected documentation: IBM Db2 Recovery Expert for Linux, UNIX and Windows (DB2 Recovery Expert LUW) versions affected include 5.5 with IF 2. The bulletin states the vulnerability arises from the product not invalidating a session after a timeout, which could allo...

Malicious code in internal-company-sdk (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fa8dfa7267565b0ac4a94eb2d7fda38475a0ff412b196f5bdc842e73f9671455 The package internal-company-sdk was found to contain malicious code. Source: ghsa-malware...

EUVD-2026-3262

Malicious code in internal-company-sdk npm...

CVE-2025-40801

A vulnerability has been identified in COMOS V10.6 All versions V10.6.1, COMOS V10.6 All versions V10.6.1, JT Bi-Directional Translator for STEP All versions, NX V2412 All versions V2412.8900 with Cloud Entitlement bundled as NX X, NX V2506 All versions V2506.6000 with Cloud Entitlement bundled a...

EUVD-2025-202262

DNG SDK versions 1.7.0 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

CVE-2025-64783

CVE-2025-64783 affects Adobe DNG SDK versions 1.7.0 and earlier, due to an Integer Overflow or Wraparound that could lead to arbitrary code execution in the context of the current user. Exploitation requires the user to open a malicious file. Public material in connected sources describes proofs ...

CVE-2025-61830

Adobe Pass versions 3.7.3 and earlier are affected by an Incorrect Authorization vulnerability. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized read and write access. Exploitation of this issue requires user interaction in that a victim must install...

EUVD-2025-93390

Adobe Pass versions 3.7.3 and earlier are affected by an Incorrect Authorization vulnerability. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized read and write access. Exploitation of this issue requires user interaction in that a victim must install...

CVE-2025-61830

Adobe Pass (Android SDK) versions 3.7.3 and earlier are affected by an Incorrect Authorization vulnerability that allows bypass of security controls to read/write data. Exploitation requires user interaction (victim installs a malicious SDK). The issue is discussed across multiple advisories (CVE...

EUVD-2024-55011

Malicious code in bioql PyPI...

CVE-2024-45432

OpenSynergy BlueSDK aka Blue SDK through 6.x mishandles a function call. The specific flaw exists within the BlueSDK Bluetooth stack. The issue results from an incorrect variable used as a function argument. An attacker can leverage this to cause unexpected behavior or obtain sensitive informatio...

CVE-2024-45434

OpenSynergy BlueSDK aka Blue SDK through 6.x has a Use-After-Free. The specific flaw exists within the BlueSDK Bluetooth stack. The issue results from the lack of validating the existence of an object before performing operations on the object aka use after free. An attacker can leverage this to...

CVE-2024-45433

OpenSynergy BlueSDK Bluetooth stack (BlueSDK) up to version 6.x is affected by an Incorrect Control Flow Scoping flaw. The root cause is improper handling of exceptional conditions and lack of proper return control flow after detecting an unusual state, enabling bypass of security validation and ...