620 matches found
EUVD-2026-38436
Nuxt 4.0.0 before 4.4.7 and 3.18.0 before 3.21.7, when running the development server nuxt dev on Linux, binds the vite-node IPC server to an abstract-namespace Unix socket without permission restrictions, allowing local users to enumerate and connect. Unprivileged co-resident users can exploit t...
CVE-2026-11745
A vulnerability has been identified in centraldogma-server-mirror-git versions prior to 0.84.0, where the Git mirror SSH client does not verify remote host keys for git+ssh:// connections, allowing an on-path attacker to perform man-in-the-middle attacks and compromise mirrored repositories...
Malicious code in request-cache-py (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector eafb96e46544cb1351d26caf52bff79055bc205a1f8454737b677fff8fbc6fea request-cache-py impersonates the legitimate requests-cache HTTP caching library. On import requestcachepy, the package's init.py starts a background...
MAL-2026-6245 Malicious code in request-cache-py (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector eafb96e46544cb1351d26caf52bff79055bc205a1f8454737b677fff8fbc6fea request-cache-py impersonates the legitimate requests-cache HTTP caching library. On import requestcachepy, the package's init.py starts a background...
Malicious code in syncagents (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector aebf468a6887fb09002d4ae4aceab77e347034b389b02e252844f7d0d81fabd6 The PyPI package 'syncagents' impersonates the legitimate PyPI package 'agentsync' — the README, PKG-INFO, CHANGELOG, and project URLs all point at...
MAL-2026-6083 Malicious code in syncagents (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector aebf468a6887fb09002d4ae4aceab77e347034b389b02e252844f7d0d81fabd6 The PyPI package 'syncagents' impersonates the legitimate PyPI package 'agentsync' — the README, PKG-INFO, CHANGELOG, and project URLs all point at...
EUVD-2026-37785
Evil-WinRM through 3.9, fixed in commit 6ecd570, contains a path traversal vulnerability in the downloaddir function that allows a rogue or compromised remote Windows server to write files outside the intended download directory by returning filenames with traversal sequences from Get-ChildItem...
Malicious code in scan-only (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9a7779ff21d9783e1026e13a7abf65e448c5f3d3d111f3cae539f3690e53a2b4 The CLI binary at bin/scan-only.js, when invoked e.g., via npx scan-only --diagnose, harvests installer-side secrets and ships them to a hardcoded...
Mlflow <2.9.2 - Path Traversal
Path Traversal: '..\filename' in GitHub repository mlflow/mlflow prior to 2.9.2. id: CVE-2023-6909 info: name: Mlflow 2.9.2 - Path Traversal author: Hyunsoo-ds severity: high description: | Path Traversal: '..\filename' in GitHub repository mlflow/mlflow prior to 2.9.2. impact: | Successful...
MAL-2026-5784 Malicious code in vaults-monitor-cron (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b81c6b9e59e86c40858cb47e91d597b3776fea71def7feb3ca11833625fa3923 On npm install, the package's preinstall hook node postinstall.js || true executes automatically. The script collects hostname, username, and current...
Malicious code in houzidawang807 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7568d90e7a8d940b5618fa36bccfc2b7fa02ceaa814f0a416d2cc989c685e489 Package advertises itself as 'a simple date formatting utility' but ships an SSH-key-stealing C2 client. postinstall.js enumerates /.ssh for .pub...
MAL-2026-5732 Malicious code in houzidawang808 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 71d6b96fe99e7f8503cb07df05d6b621dc8e8243fc7288844678d8aff043a654 The package presents itself as a 'simple date formatting utility' index.js exports a trivial formatDate wrapper around toLocaleDateString, but ships ...
Malicious code in internallib_v984 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3c46879ad94169111411f91b210779628bb14a5d16843ec2bec42bf418affdf8 Package exports a single command function that, when invoked, performs three coordinated attacks against the host: 1 appends a hardcoded...
MAL-2026-5641 Malicious code in goreleaser-run (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f2733e0c086915d44eb8c971575087d9260bf1133d62da63920b578cf7e60c30 Package impersonates the legitimate goreleaser tool name goreleaser-run, homepage spoofed to https://goreleaser.org; goreleaser is not officially...
EUVD-2026-35982
A local privilege escalation vulnerability was found in the ansible.posix authorizedkey module. The module's keyfile function uses os.chown instead of os.lchown and opens files without ONOFOLLOW when managing SSH authorized keys. An unprivileged local user can pre-stage symbolic links in their...
CVE-2026-11837
A local privilege escalation vulnerability was found in the ansible.posix authorizedkey module. The module's keyfile function uses os.chown instead of os.lchown and opens files without ONOFOLLOW when managing SSH authorized keys. An unprivileged local user can pre-stage symbolic links in their...
MAL-2026-5360 Malicious code in wallet-sdk-9 (npm)
Crypto/SSH/wallet stealer, blockchain-helper-0 campaign sibling c960+. postinstall auto-execs, src/index.js harvests /.ssh/idrsa+ided25519+Sol/Eth/BTC/Tron/Sui/Aptos wallets+.env+seeds, self-labels "CRYPTO STEALER", exfils to SAME Telegram bot 8227918239 chat 6433587894 not rotated. Campaign now...
Malicious code in ethereum-kit-9 (npm)
Crypto/SSH/wallet stealer, blockchain-helper-0 campaign sibling c960+. postinstall auto-execs, src/index.js harvests /.ssh/idrsa+ided25519+Sol/Eth/BTC/Tron/Sui/Aptos wallets+.env+seeds, self-labels "CRYPTO STEALER", exfils to SAME Telegram bot 8227918239 chat 6433587894 not rotated. Campaign now...
Malicious code in crypto-utils-7 (npm)
Crypto/SSH/wallet stealer, blockchain-helper-0/web3-tools-9 campaign sibling c960/c961. postinstall scripts/postinstall.js auto-execs, src/index.js harvests /.ssh/idrsa+wallet keys/seeds+env, self-labels "CRYPTO STEALER", exfils to IDENTICAL Telegram bot 8227918239 chat 6433587894 not rotated...
Malicious code in ethereum-kit-1 (npm)
Crypto/SSH/wallet stealer, blockchain-helper-0/web3-tools-9 campaign sibling c960/c961. postinstall scripts/postinstall.js auto-execs, src/index.js harvests /.ssh/idrsa+wallet keys/seeds+env, self-labels "CRYPTO STEALER", exfils to IDENTICAL Telegram bot 8227918239 chat 6433587894 not rotated...