FatPipe WARP/IPVPN/MPVPN - Authorization Bypass

FatPipe WARP, IPVPN, and MPVPN software prior to versions 10.1.2r60p91 and 10.2.2r42 contain a missing authorization caused by lack of access control in the web management interface, letting remote attackers access sensitive URLs, exploit requires no authentication. id: CVE-2021-27858 info: name:...

Exploit for CVE-2026-54686

CVE-2026-54686: Warp Remote SSH Command Injection PoC Desc...

MAL-2026-5724 Malicious code in warp-dependency (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 493b3ed30d94fb482e4b9c7cf3d328ba9b307f91965783f0024ec7dca1fedb96 [email protected] declares postinstall: node index.js in package.json. The index.js entry point is heavily obfuscated using obfuscator.io-style...

Malicious code in warp-dependency (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 493b3ed30d94fb482e4b9c7cf3d328ba9b307f91965783f0024ec7dca1fedb96 [email protected] declares postinstall: node index.js in package.json. The index.js entry point is heavily obfuscated using obfuscator.io-style...

DNGInspector Structural Analyzer for DNG/TIFF Metadata and IFD Anomaly Detection

This Python script implements a static inspection tool for Digital Negative DNG files by parsing the TIFF-based header and analyzing Image File Directory IFD entries for structural anomalies. The tool validates basic header fields, traverses IFD records, and flags suspicious metadata patterns suc...

Exploit for CVE-2026-48732

CVE-2026-48732: Warp Remote SSH cwd Command Injection PoC...

PT-2026-48391

Found a command injection in Warp CVE-2026-48719 A crafted Git branch name runs in the victim's shell when selected in the prompt branch selector. Responsibly disclosed and now patched. Update @warpdotdev to stay safe. https://t.co/j16vvGrYLa...

PT-2026-48373

CVE-2026-48703 Warp Agent: Code Search Command Injection via Grep and FileGlob https://t.co/Li4h31dQjZ...

MAL-2026-4727 Malicious code in weavedb-warp-contracts-plugin-deploy (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a98f87e329831590a7416ca47a949a7b21cf8e948491e875d8359ca8d5cc5959 package.json declares "preinstall": "./tools/setup", which is a 976 KB Linux x8664 ELF binary shipped in the tarball with no source, no build system,...

Malicious code in warp-contracts-plugin-deploy-test (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ac3a02c9f004d72f8975e0e93fb0810818b509cf295cf9a567c882afaf9a7444 Package name warp-contracts-plugin-deploy-test mimics the legitimate warp-contracts-plugin-deploy and copies its public API surface lib/cjs/index.js...

MAL-2026-4712 Malicious code in warp-contracts-plugin-deploy-test (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ac3a02c9f004d72f8975e0e93fb0810818b509cf295cf9a567c882afaf9a7444 Package name warp-contracts-plugin-deploy-test mimics the legitimate warp-contracts-plugin-deploy and copies its public API surface lib/cjs/index.js...

Astra Linux – Vulnerability in xorg-server

A use-after-free flaw was detected in the xorg-x11-server. A X server crash may occur in a very specific and legacy configuration a multi-screen setup with multiple protocol screens, also known as Zaphod mode if the pointer is moved from one screen’s window to the root window of another screen, a...

📄 Samsung QuramDng Warp Out-Of-Bounds Read

This python proof of concept demonstrates an out-of-bounds read vulnerability in Samsung's QuramDng image processing library, triggered via a specially crafted DNG Digital Negative file. The script programmatically builds a minimal but valid DNG file containing a malformed WarpRectilinear opcode,...

CVE-2024-41997

An issue was discovered in version of Warp Terminal prior to 2024.07.18 v0.2024.07.16.08.02. A command injection vulnerability exists in the Docker integration functionality. An attacker can create a specially crafted hyperlink using the warp://action/docker/opensubshell intent that when clicked ...

Exploit for CVE-2024-41997

Warp Terminal RCE CVE-2024-41997 Command injection via unsa...

Malicious code in cors-warp-farout-testcafe (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c13b58f1af8bf82671c841b76a10d8e68246dcd60737603893aef17271bd3c2d This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in parallax-janus-deimos-warp (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 36fa586f7c683f8a681203065dcb93883653d448d623e0860603acbcf21c0ee6 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

EUVD-2025-175657

Malicious code in warp-boson-callback-supercluster npm...

Malicious code in oscillation-leda-warp-framework (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b4034a7c18a9c9766f734ef16d4eadac9e3d3574d8910068cacc02e37e741318 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in deneb-warp-nucleosynthesis-lepton (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9e70719cc700229a9dd67dc10f095ef7a077cd2994062c4934645d61f181e602 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...