Malicious code in swift-parse-stream (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8ab8561c6c561b045d817d4fab3aa0754ce7cd767a3c5ec07b95151dda6b92c8 swift-parse-stream advertises itself as an SVG sanitizer/minifier but ships an undocumented getPlugin export in index.js that, when invoked, performs...

MAL-2026-6066 Malicious code in quirky-token (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b263413912feb72882ee0b52e7025c636ed98472ba90e6db4714b3b111b4e2e8 The package is advertised as an SVG sanitizer but exposes an undocumented getPlugin export whose returned function fetches JSON from...

CVE-2026-8598

An undocumented configuration export port is accessible on some models of ZKTeco CCTV cameras. This port does not require authentication and exposes critical information about the camera such as open services and camera account credentials...

EUVD-2026-31124

An undocumented configuration export port is accessible on some models of ZKTeco CCTV cameras. This port does not require authentication and exposes critical information about the camera such as open services and camera account credentials...