Malicious Package

Overview chainix is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...

Malicious Package

Overview @tmecontinue/cli is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

CVE-2026-37232

An issue was discovered in OpenAirInterface5G 2.4.0 nr-softmodem in the E2SM-KPM RAN Function's PRB utilization metric calculation. The functions fillRRUPrbTotDl and fillRRUPrbTotUl in openair2/E2AP/RANFUNCTION/O-RAN/ranfunckpmsubs.c lines 182 and 197 compute PRB usage percentages by dividing by...

Linux Distros Unpatched Vulnerability : CVE-2026-45149

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The brace-expansion library generates arbitrary strings containing a common prefix and suffix. From 5.0.0 to before 5.0.6, the max option was being applied too...

FlexRIC security vulnerabilities

FlexRIC is an open-source RAN intelligent controller developed by Mosaic5G. Version FlexRIC v2.0.0 contains a security vulnerability. This vulnerability stems from the iApp message distributor using assert for validation of the allowlist, which may allow remote unauthenticated attackers to send...

PT-2026-45517

microtar through 0.1.0 contains a stack-based buffer overflow vulnerability in the raw to header function in src/microtar.c that allows attackers to corrupt adjacent stack memory by supplying a crafted TAR archive with non-null-terminated name or linkname fields. The function uses strcpy to copy...

CVE-2026-37232

OpenAirInterface5G 2.4.0 (nr-softmodem) E2SM-KPM RAN Function PRB utilization calculation (fill_RRU_PrbTotDl/Ul in openair2/E2AP/RAN_FUNCTION/O-RAN/ran_func_kpm_subs.c) divides PRB difference by the previous total_prb_aggregate, missing a zero-check. If two consecutive samples are identical and a...

Malicious Package

Overview Sicoob-Cooperativa.Sicoob.ConvenioPagamentos is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that...

[SECURITY] Fedora 44 Update: netatalk-4.4.3-1.fc44

Netatalk is a freely-available Open Source AFP file server. A NIX/BSD system running Netatalk is capable of serving many Macintosh clients simultaneously as an AppleShare file server AFP. In addition to the AFP file server daemon, the following utility programs are also included: ad - AppleDouble...

CVE-2026-10156

A vulnerability was determined in Open5GS up to 2.7.7. This affects the function handleamfinfo in the library /lib/sbi/nnrf-handler.c of the component nf-instances Endpoint. Executing a manipulation of the argument nfinfopool can lead to resource consumption. The attack may be performed from...

SUSE CVE-2026-48526

PyJWT is a JSON Web Token implementation in Python. Prior to 2.13.0, when the verifier is decoding JSON Web Tokens, while supporting both asymmetric and HMAC algorithms, the library does not validate use of JSON Web Keys in HMAC algorithm, allowing attacker to use the issuer public key as the...

SUSE CVE-2026-48735

pypdf is a free and open-source pure-python PDF library. Prior to 6.12.1, an attacker who uses this vulnerability can craft a PDF which leads to large memory usage. This requires parsing large XMP metadata, possibly with lots of unnecessary elements. This vulnerability is fixed in 6.12.1...

Malicious Package

Overview @t-in-one/prefillbundledatatoken is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and...

Malicious Package

Overview @sber-ecom-core/sberpay-widget is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and thi...

Malicious Package

Overview @t-in-one/getapplicationhid is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...

Malicious Package

Overview @t-in-one/sendaddapplication is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...

Malicious Package

Overview @t-in-one/restoreapplicationhidfromstorage is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that...

Malicious Package

Overview @t-in-one/onlydifferencepayload is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and th...

Malicious Package

Overview @t-in-one/saveapplicationhidtostorage is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization...

Malicious Package

Overview @t-in-one/addapplicationservicetoken is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization a...