716 matches found
CVE-2026-33467
Improper Verification of Cryptographic Signature CWE-347 in Elastic Package Registry could allow an attacker positioned to intercept network traffic, or to otherwise influence the contents served to a self-hosted registry, to substitute a tampered package without the integrity check failing close...
CVE-2026-44088
SzafirHost verifies the signature of the downloaded JAR file using class JarInputStream reading from the beginning of the file, but loads classes using class JarFile/URLClassLoader reading the Central Directory from the end. It can lead to remote code execution by allowing an attacker to combine ...
EUVD-2022-55996
Dräger Infinity Acute Care System and Standalone Infinity M540 patient monitors versions VG4.1.1, VG4.0.3, and lower with VG4.2 partially affected contain a network message handling vulnerability that allows remote attackers to inject spoofed or tampered data and cause denial-of-service condition...
CVE-2022-4992
CVE-2022-4992 affects Dräger Infinity Acute Care System and Standalone Infinity M540, VG4.1.1, VG4.0.3 and lower (VG4.2 partially affected). The issue is a network message handling vulnerability that lets remote attackers inject spoofed/tampered data to cause denial-of-service, potentially modify...
MAL-2026-5135 Malicious code in @redhat-cloud-services/frontend-components-advisor-components (npm)
Part of the "Mini Shai-Hulud" supply chain worm campaign that compromised the GitHub Actions OIDC trusted publisher shared by Red Hat Cloud Services npm packages. The attacker injected a preinstall hook into this and 31 other packages in the @redhat-cloud-services scope. The hook delivers a...
MAL-2026-5147 Malicious code in @redhat-cloud-services/tsc-transform-imports (npm)
Part of the "Mini Shai-Hulud" supply chain worm campaign that compromised the GitHub Actions OIDC trusted publisher shared by Red Hat Cloud Services npm packages. The attacker injected a preinstall hook into this and 31 other packages in the @redhat-cloud-services scope. The hook delivers a...
MAL-2026-5134 Malicious code in @redhat-cloud-services/config-manager-client (npm)
Part of the "Mini Shai-Hulud" supply chain worm campaign that compromised the GitHub Actions OIDC trusted publisher shared by Red Hat Cloud Services npm packages. The attacker injected a preinstall hook into this and 31 other packages in the @redhat-cloud-services scope. The hook delivers a...
Malicious code in @vino.tian/vibe-kanban (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7f1533bb7e55b1bcd10291aa9f19e2a5cbe5755a7a6a7343d38fbd3ff8064a1f This package is published as @vino.tian/vibe-kanban and copies its README, name, and feature description from BloopAI's legitimate vibe-kanban projec...
PT-2026-42665
Name of the Vulnerable Software and Affected Versions samlify versions prior to 2.13.0 Description samlify is a Node.js library for SAML single sign-on. The template substitution mechanism only escapes attribute contexts, meaning values inserted into element text, such as , are not escaped. This...
Malicious code in rdflib (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fb9a536a077e23bda8e10a55aa1177de28f4f5a8622e08914eeab437e8036940 package.json for this release declares two runtime dependencies — "package-lock.json": "^1.0.0" and "package.json": "^2.0.1" — inside the dependencie...
MAL-2026-4659 Malicious code in rdflib (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fb9a536a077e23bda8e10a55aa1177de28f4f5a8622e08914eeab437e8036940 package.json for this release declares two runtime dependencies — "package-lock.json": "^1.0.0" and "package.json": "^2.0.1" — inside the dependencie...
Malicious code in @antv/g (npm)
Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a credential-stealing payload and worm propagation logic. A malicious actor associated with the "TeamPCP" or "Mini Shai-Hulud" campaign compromised a maintainer's access token; this allowed the...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a credential-stealing payload and worm propagation logic. A malicious actor associated with the "TeamPCP" or "Mini Shai-Hulud" campaign compromised a maintainer's access token; this allowed the...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a credential-stealing payload and worm propagation logic. A malicious actor associated with the "TeamPCP" or "Mini Shai-Hulud" campaign compromised a maintainer's access token; this allowed the...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a credential-stealing payload and worm propagation logic. A malicious actor associated with the "TeamPCP" or "Mini Shai-Hulud" campaign compromised a maintainer's access token; this allowed the...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a credential-stealing payload and worm propagation logic. A malicious actor associated with the "TeamPCP" or "Mini Shai-Hulud" campaign compromised a maintainer's access token; this allowed the...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a credential-stealing payload and worm propagation logic. A malicious actor associated with the "TeamPCP" or "Mini Shai-Hulud" campaign compromised a maintainer's access token; this allowed the...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a credential-stealing payload and worm propagation logic. A malicious actor associated with the "TeamPCP" or "Mini Shai-Hulud" campaign compromised a maintainer's access token; this allowed the...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a credential-stealing payload and worm propagation logic. A malicious actor associated with the "TeamPCP" or "Mini Shai-Hulud" campaign compromised a maintainer's access token; this allowed the...