MAL-2026-3138 Malicious code in robase-apis (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 953430b69a70b8a69dd00f87a8cf96f9b60eaf4dfdd70fd129ba5d2502612555 During installation package downloads and runs a malicious executable. Likely continuation of 2026-03-rowrap. The campaign is built over a malicious Roblox API...

Malicious code in robase-apis (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 953430b69a70b8a69dd00f87a8cf96f9b60eaf4dfdd70fd129ba5d2502612555 During installation package downloads and runs a malicious executable. Likely continuation of 2026-03-rowrap. The campaign is built over a malicious Roblox API...

fl-manager-components-datasets-torch (=0.1.0), fl-manager-components-formatters-pillow (=0.1.0) +11 more potentially affected by CVE-2026-24178 via nvflare (>=2.2.0 <=2.7.1)

nvflare PYPI version =2.2.0, =0.1.0, =0.2.0, =3.1.27, =3.1.27, =3.1.29, =3.1.31 Source cves: CVE-2026-24178 Source advisory: SNYK:PYTHON-NVFLARE-16318747...

oci-utils security update

-- 0.14.0-21 - Update the debugging log file path. Orabug: 39250938...

MAL-2026-3104 Malicious code in robase-ui (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 9ca93a110c410fd6294e5270289bebb1872f9b81152d837f4990756881646cc0 During installation package downloads and runs a malicious executable. Likely continuation of 2026-03-rowrap. The campaign is built over a malicious Roblox API...

ROOT-OS-DEBIAN-13-CVE-2026-34743 CVE-2026-34743 in rootio-xz-utils - Patched by Root

Root has patched CVE-2026-34743 in the rootio-xz-utils package for Root:Debian:13. Multiple fixed versions available...

Oracle Linux 8 : virt:kvm_utils3 (ELSA-2026-50239)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-50239 advisory. - Limit recursion in ri-records CVE-2021-3622 resolves: rhbz1976194 - Bounds check for block exceeding page length CVE-2021-3504 resolves: rhbz1950501...

Unity Linux 20.1070e Security Update: xz (UTSA-2026-014304)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-014304 advisory. XZ Utils provide a general-purpose data-compression library plus command-line tools. Prior to version 5.8.3, if lzmaindexdecoder was used to decode an Index that...

Malicious code in @clearpool/utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 81591bb660ad3ae2036615d00a3ff6960ccd2f36789a4f0df65a53ea7a557336 package.json declares preinstall and install lifecycle hooks that collect installer-identifying data whoami, hostname, pwd, $npmpackagename,...

CVE-2026-7021

A weakness has been identified in SmythOS sre up to 0.0.15. This impacts an unknown function of the file packages/sdk/src/LLM/utils.ts of the component Connector Service. This manipulation of the argument baseURL causes information disclosure. It is possible to initiate the attack remotely. The...

CVE-2026-7021 SmythOS sre Connector Service utils.ts information disclosure

A weakness has been identified in SmythOS sre up to 0.0.15. This impacts an unknown function of the file packages/sdk/src/LLM/utils.ts of the component Connector Service. This manipulation of the argument baseURL causes information disclosure. It is possible to initiate the attack remotely. The...

CVE-2026-7021 SmythOS sre Connector Service utils.ts information disclosure

A weakness has been identified in SmythOS sre up to 0.0.15. This impacts an unknown function of the file packages/sdk/src/LLM/utils.ts of the component Connector Service. This manipulation of the argument baseURL causes information disclosure. It is possible to initiate the attack remotely. The...

Malicious code in @tw-utils/static (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8060c32aabe89eb22a82291f64a25a65a01040bd6aa838ea676e7f500a25f70d The package @tw-utils/static was found to contain malicious code. Source: ghsa-malware 60a80ead8b8afa898624fa960ac7edaf112ac7b55a89001fc4c066971c2c4c...

MAL-2026-3073 Malicious code in @tw-utils/static (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8060c32aabe89eb22a82291f64a25a65a01040bd6aa838ea676e7f500a25f70d The package @tw-utils/static was found to contain malicious code. Source: ghsa-malware 60a80ead8b8afa898624fa960ac7edaf112ac7b55a89001fc4c066971c2c4c...

CLSA-2026-1777038119 plexus-utils: Fix of CVE-2025-67030

CVE-2025-67030 fix zip slip via canonical path check in Expand...

Security Bulletin: IBM Sterling Connect:Direct for Microsoft Windows is vulnerable to an issue in plexus-utils

Summary There is a vulnerability in plexus-utils used by IBM Sterling Connect:Direct for Microsoft Windows. IBM Sterling Connect:Direct for Microsoft Windows has addressed the applicable CVE CVE-2025-67030. Vulnerability Details CVEID:CVE-2025-67030 DESCRIPTION: Directory Traversal vulnerability ...

Malicious code in wrapped-logger-utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fe112208d0bcdd21ccfe23bb9c5658a1be2eebaf37068032ea67bb9f93559a9c The package wrapped-logger-utils was found to contain malicious code. Source: ghsa-malware...

MAL-2026-3027 Malicious code in wrapped-logger-utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fe112208d0bcdd21ccfe23bb9c5658a1be2eebaf37068032ea67bb9f93559a9c The package wrapped-logger-utils was found to contain malicious code. Source: ghsa-malware...

Malicious Package

Overview wrapped-logger-utils is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

Security Bulletin: Due to use of plexus-utils-3.5.1.jar, IBM Sterling Connect:Direct Web Services is affected by Directory Traversal issue.

Summary plexus-utils-3.5.1.jar is used by IBM Sterling Connect:Direct Web Services CVE-2025-67030. Vulnerability Details CVEID:CVE-2025-67030 DESCRIPTION: Directory Traversal vulnerability in the extractFile method of org.codehaus.plexus.util.Expand in plexus-utils before...