CVE-2026-24315 Path Traversal Vulnerability in SAP Fiori (launchpad)

SAP Fiori Launchpad allows attackers to craft malicious URLs that triggers arbitrary service calls on the Fiori domain, this when opened by the user could compromise accounts by stealing user credentials. Successful exploitation requires adversaries to possess advanced knowledge of the system...

CVE-2026-24315 Path Traversal Vulnerability in SAP Fiori (launchpad)

SAP Fiori Launchpad allows attackers to craft malicious URLs that triggers arbitrary service calls on the Fiori domain, this when opened by the user could compromise accounts by stealing user credentials. Successful exploitation requires adversaries to possess advanced knowledge of the system...

MAL-2026-5161 Malicious code in nrwl.angular-console (VSCode)

--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security 12636eadc931d19fc68ca6d30f5397404c6b782a67537c770c944ed9337a4125 The compromised version of the Nx Console VS Code extension contains malicious code injected into its main execution file. When a develope...

CVE-2026-41860 - Missing tls-verify on bosh-monitor | Cloud Foundry

High CVSS Score: High 7.1 CVSSv4: High 7.1 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:L/VA:N/SC:H/SI:H/SA:H CVSSv3: High 8.8 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:HVendor Cloud Foundry Foundation / BOSH Versions Affected Severity is High unless otherwise noted. BOSH – All versions prior to...

Malicious code in @antv/f6-ui (npm)

Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...

PT-2026-36905

Name of the Vulnerable Software and Affected Versions n8n versions prior to 1.123.32 n8n versions prior to 2.17.4 n8n versions prior to 2.18.1 Description An unauthenticated attacker can register a malicious MCP OAuth client using a crafted client name. If a victim user authorizes the OAuth conse...

OpenClaw 安全漏洞

OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from a security vulnerability that can be exploited by an attacker to read arbitrary host files, thereby stealing sensitive credentials and accessing critical data...

OpenClaw has an unspecified vulnerability (CNVD-2026-19030)

OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from a security vulnerability that can be exploited by an attacker to read arbitrary host files, thereby stealing sensitive credentials and accessing critical data...

Operation Masquerade: FBI Disrupts Russian Router Hacking Campaign

Operation Masquerade: The FBI and DoJ disrupted a Russian GRU campaign that hijacked routers via DNS attacks to spy on users and steal credentials...

RUSTSEC-2026-0014 `rpc-check` was removed from crates.io for malicious code

It was attempting to steal credentials from the POLYMARKETPRIVATEKEY environment variable. The malicious crate had 3 versions published on 2026-02-15 and had been downloaded only 155 times. There were no crates depending on this crate on crates.io. Thanks to Sisong Li for finding and reporting th...

CVE-2026-25052

n8n is an open source workflow automation platform. Prior to versions 1.123.18 and 2.5.0, a vulnerability in the file access controls allows authenticated users with permission to create or modify workflows to read sensitive files from the n8n host system. This can be exploited to obtain critical...

`finch-rst` was removed from crates.io for malicious code

This attempts to typosquat the existing crate finch to steal credentials from local files. The malicious crate had 1 version published on 2025-12-08 and had been downloaded 21 times. There were no crates depending on this crate on crates.io. Thanks to Matthias Zepper of NGI Sweden for reporting...

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Sha1-hulud supply chain attack, and its content was removed from the official package manager. The malware functions as a self-replicating worm capable of...

MAL-2025-190818 Malicious code in @markvivanco/app-version-checker (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector eb3390637a7e3c1122d5f1f2417189358dec13936938bd997c1bf5949c1bb8dc The package @markvivanco/app-version-checker was found to contain malicious code. Source: ghsa-malware...

MAL-2025-190706 Malicious code in @actbase/css-to-react-native-transform (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 19bb30e7704436db9e7ac671839931de450cdcde7408b8c151337c6958433836 The package @actbase/css-to-react-native-transform was found to contain malicious code. Source: ghsa-malware...

MAL-2025-190757 Malicious code in @seung-ju/react-hooks (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4adf0b1f6ebc35246707044936c68dfe237eb92c6e65e24e87383fcfb2dbe55f The package @seung-ju/react-hooks was found to contain malicious code. Source: ghsa-malware...

EUVD-2020-25329

Malware in sbrugna...

EUVD-2006-3325

Malware in sbrugna...

EUVD-2006-0257

Malware in sbrugna...

EUVD-2022-31494

Malicious code in bioql PyPI...