MINI-6HJ7-WW87-X9H4

Bulletin has no description...

Malicious code in safe-action (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware dd0e257c2958e16d803f002f996ebb83aae4ecc32bf71320bf985b936996e634 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in cmux-agent-mcp (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 892743bdf6e4dc3af96fb8fd33e721f63e0984f0132a5728facc785dcc31d919 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2026-3546 Malicious code in @uipath/functions-tool (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 91d291bc0b76606fe49b04635cbf60f335fc04ae35054cb6b9125f0a33ca9b32 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2026-3545 Malicious code in @uipath/flow-tool (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware c8016b3433ca7e37f6e4ac3a263a05fd7ba16ce1f652615018abffe280623d21 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

EUVD-2026-29366

An OS Command Injection vulnerability exists in the SAP NetWeaver Application Server for ABAP and ABAP Platform that allows an authenticated attacker with administrative access to execute specially crafted shell commands on the server, bypassing the logging mechanism. This allows the execution of...

MAL-2026-3538 Malicious code in @uipath/codedagents-tool (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 7321b8eb18854f6e785ee2862e6f977f0e45ab2cfda39b5c05a3ca23a704a15c Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2026-3535 Malicious code in @uipath/case-tool (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware c66eb0255d40992fc638ffb18c027abb448bdd26f8982781cf0f7da3be7b6910 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2026-3533 Malicious code in @uipath/apollo-wind (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ef4195af9b94b5185e9243c35beefab6d9cf593b7b51e5de55aa5289336ff5f6 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2026-3532 Malicious code in @uipath/apollo-react (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 235b3abc1afad9d8a47430183286bbef61e16f74be20b29c7d967a8d528ecdf4 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2026-7256

UNSUPPORTED WHEN ASSIGNED A command injection vulnerability in the CGI program of Zyxel WRE6505 v2 firmware version V1.00ABDV.3C0 could allow an adjacent attacker on the LAN to execute operating system OS commands on a vulnerable device by sending a crafted HTTP request...

MAL-2026-3529 Malicious code in @uipath/ap-chat (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b6d4c7f3eabf1340aaa24999b51cf54be1d4a7fd243a48907a409c3ba2a6309e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2026-34259

Due to an OS Command Execution vulnerability in SAP Forecasting & Replenishment, an authenticated attacker with administrative authorizations could abuse a non-remote-enabled function to execute arbitrary operating system commands. Successful exploitation could allow the attacker to read or modif...

MAL-2026-3524 Malicious code in @uipath/admin-tool (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 4c7b3c6e3a941ca923642922773e148ac450c414f24a26637f0a048be65827e7 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in @tolka/cli (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 690527fdde65817c5fb47eeae87927130e678a6255b461b2ebfa6c0881be570f Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in @taskflow-corp/cli (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 1e305906fa9a2ce7ccc0318baa5c5d7cd13bd021623fec9701e1841d92ab00e9 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2026-40135

This CVE concerns SAP NetWeaver Application Server for ABAP and ABAP Platform. An OS Command Injection allows an authenticated attacker with administrative privileges to execute arbitrary shell commands on the server, bypassing the logging mechanism and potentially impacting integrity and availab...

CVE-2026-40135 OS Command Injection vulnerability in SAP NetWeaver Application Server for ABAP and ABAP Platform

An OS Command Injection vulnerability exists in the SAP NetWeaver Application Server for ABAP and ABAP Platform that allows an authenticated attacker with administrative access to execute specially crafted shell commands on the server, bypassing the logging mechanism. This allows the execution of...

CVE-2026-40135 OS Command Injection vulnerability in SAP NetWeaver Application Server for ABAP and ABAP Platform

An OS Command Injection vulnerability exists in the SAP NetWeaver Application Server for ABAP and ABAP Platform that allows an authenticated attacker with administrative access to execute specially crafted shell commands on the server, bypassing the logging mechanism. This allows the execution of...

Malicious code in @tallyui/database (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 1d7af140ba49fc46f93bc668a317637f07fe952aa72fa5aaa3c3f16939d221ff Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...