Malicious code in vaults-monitor-cron (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b81c6b9e59e86c40858cb47e91d597b3776fea71def7feb3ca11833625fa3923 On npm install, the package's preinstall hook node postinstall.js || true executes automatically. The script collects hostname, username, and current...

IronWorm and New Miasma Worm Variant Hit npm in Supply Chain Attacks

Multiple software supply chain attacks have hit the npm ecosystem, with threat actors using both malicious and poisoned versions of over 50 legitimate packages to distribute a Rust-based information stealer and a self-spreading worm, respectively. According to JFrog, the information stealer...

Dashlane Discloses Brute-Force Attack, Encrypted Vaults of Fewer Than 20 Users Downloaded

Password manager Dashlane has disclosed that "fewer than" 20 users on the personal subscription plan had their encrypted vaults downloaded following a brute-force attack launched by an unknown party. On May 31, 2026, the company said an "external" threat actor launched a brute-force attack agains...

CVE-2026-9223

Missing authorization in the vault import feature in Devolutions Server 2026.1.16.0 and earlier allows a low-privileged authenticated user to create new vaults via a crafted import request...

EUVD-2026-26049

Improper access control in the vault documentation feature in Devolutions Server 2026.1.14.0 and earlier allows an authenticated attacker to read documentation content from unauthorized vaults via a crafted API request...

CVE-2026-6706

CVE-2026-6706 involves an improper access control flaw in the vault documentation feature of Devolutions Server up to 2026.1.14.0. An authenticated attacker can read documentation content from unauthorized vaults via a crafted API request. Affected component: vault documentation feature; root cau...

CVE-2026-6706

Improper access control in the vault documentation feature in Devolutions Server allows an authenticated attacker to read documentation content from unauthorized vaults via a crafted API request. This issue affects Server: from 2026.1.6.0 through 2026.1.14.0, through 2025.3.18.0...

CVE-2026-6706

Improper access control in the vault documentation feature in Devolutions Server allows an authenticated attacker to read documentation content from unauthorized vaults via a crafted API request. This issue affects Server: from 2026.1.6.0 through 2026.1.14.0, through 2025.3.18.0...

PT-2026-35724

Name of the Vulnerable Software and Affected Versions Devolutions Server versions prior to 2026.1.14.1 Description Improper access control in the vault documentation feature allows an authenticated attacker to read documentation content from unauthorized vaults by sending a crafted API request...

CVE-2026-34986 vulnerabilities

Vulnerabilities for packages: trivy-operator, skopeo, flux-source-controller, grpc-health-probe-fips, frankenphp-8.5, crossplane-provider-gcp, seaweedfs-operator-fips, terraform-provider-acme, spire-server, weaviate, gitlab-cng-fips, agentbeat-fips, oauth2-proxy-fips, hydra, cosign-fips, packer,...

Incorrect Authorization

Overview n8n is a n8n Workflow Automation Tool Affected versions of this package are vulnerable to Incorrect Authorization when saving credentials. An authenticated user can access plaintext values of secrets stored in external vaults by referencing a secret's external name in a credential,...

PT-2026-26659

Cryptomator for Android offers multi-platform transparent client-side encryption for files in the cloud. Prior to version 1.12.3, an integrity check vulnerability allows an attacker tamper with the vault configuration file leading to a man-in-the-middle vulnerability in Hub key loading mechanism...

CVE-2026-2590

Improper enforcement of the Disable password saving in vaults setting in the connection entry component in Devolutions Remote Desktop Manager 2025.3.30 and earlier allows an authenticated user to persist credentials in vault entries, potentially exposing sensitive information to other users, by...

CVE-2026-27801

Vaultwarden is an unofficial Bitwarden compatible server written in Rust, formerly known as bitwardenrs. Vaultwarden versions 1.34.3 and prior are susceptible to a 2FA bypass when performing protected actions. An attacker who gains authenticated access to a user’s account can exploit this bypass ...

Vaultwarden 安全漏洞

Vaultwarden is an alternative implementation of the Bitwarden server API, developed by Daniel García. Versions of Vaultwarden 1.34.3 and earlier contained security vulnerabilities. These vulnerabilities stemmed from the ability to bypass two-factor authentication when performing protected...

CVE-2026-2590

CVE-2026-2590 affects Devolutions Remote Desktop Manager up to version 2025.3.30. The issue is improper enforcement of the Disable password saving in vaults setting in the connection entry component, allowing an authenticated user to persist credentials in vault entries by creating or editing cer...

CVE-2026-2590

Improper enforcement of the Disable password saving in vaults setting in the connection entry component in Devolutions Remote Desktop Manager 2025.3.30 and earlier allows an authenticated user to persist credentials in vault entries, potentially exposing sensitive information to other users, by...

GHSA-9H8M-3FM2-QJRQ vulnerabilities

Vulnerabilities for packages: trivy-operator, ceph-csi-operator-fips, crossplane-provider-gcp, cortex-fips, spire-server, otel-cli, gatekeeper, weaviate, secrets-store-csi-driver-provider-gcp, gitlab-cng-fips, kapp-controller, azure-workload-identity-webhook, hydra,...

CVE-2025-11065 vulnerabilities

Vulnerabilities for packages: kyverno, datadog-agent, gitlab-runner, jitsucom-bulker, bank-vaults...

CVE-2025-11065 vulnerabilities

Vulnerabilities for packages: datadog-agent, datadog-agent-fips, ratify-fips, crossplane-fips, gitlab-runner, istio-fips, mattermost-fips, docker-compose-fips, gitlab-cng-fips, bank-vaults, beats-fips, gitlab-runner-fips, beats, elastic-agent-fips, kyverno, boring-registry-fips, tkn-fips,...