269 matches found
GHSA-XJHV-PP2R-6F82 BoxLite has a Timeout Bypass Vulnerability
Summary BoxLite is a sandbox service that allows users to create lightweight virtual machines Boxes and run OCI containers within them. BoxLite allows users to configure a timeout for services running inside the virtual machine. When the timeout is triggered, BoxLite sends a signal to kill the...
BoxLite has a Timeout Bypass Vulnerability
Summary BoxLite is a sandbox service that allows users to create lightweight virtual machines Boxes and run OCI containers within them. BoxLite allows users to configure a timeout for services running inside the virtual machine. When the timeout is triggered, BoxLite sends a signal to kill the...
Malicious Package
Overview @service-suppliers/fetch-suppliers-watcher-saga is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that...
Malicious Package
Overview @service-suppliers/fetch-initial-suppliers-watcher-saga is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between...
Malicious Package
Overview @service-suppliers/select-supplier-watcher-saga is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that...
Malicious code in @service-suppliers/fetch-initial-suppliers-watcher-saga (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware e38be804fe779ace5ea3a6a56214beebe7ceabaa5f765b46a0f7888ed2da4fc1 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2026-4436 Malicious code in @service-suppliers/select-supplier-watcher-saga (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3829c1a8be4ed51ad5c9d714d223cb037f7d76df868b73e63c69c6c60ff8dbf3 On npm install, scripts/postinstall.js fetches a platform-specific script from https://oob.moika.tech/payload/linux|mac|win, writes it to the OS temp...
[SECURITY] Fedora 42 Update: awatcher-0.3.3-2.fc42
A window activity and idle watcher...
[SECURITY] Fedora 43 Update: awatcher-0.3.3-2.fc43
A window activity and idle watcher...
[SECURITY] Fedora 44 Update: awatcher-0.3.3-2.fc44
A window activity and idle watcher...
CVE-2026-33810 vulnerabilities
Vulnerabilities for packages: actions-runner-controller-fips, local-path-provisioner-fips, cilium-certgen-fips, k8s-metacollector-fips, fluxcd-kustomize-mutating-webhook-fips, malcontent, oras-fips, flux-source-controller, supercronic-fips, newrelic-k8s-metadata-injection-fips,...
GHSA-XJ38-JXC5-RPPX vulnerabilities
Vulnerabilities for packages: qemu-guesthelper, redka, cilium-cli, datadog-agent, gitaly-fips, elastic-agent, coredns-fips, buildkite-agent-fips, commercial-grafana, tekton-pipelines-fips, mattermost, argo-cd-fips, istio, prometheus, rke2-runtime-fips, cert-manager-fips, gitlab-kas-fips,...
GHSA-FV83-X2XW-2J55 vulnerabilities
Vulnerabilities for packages: actions-runner-controller-fips, local-path-provisioner-fips, cilium-certgen-fips, k8s-metacollector-fips, fluxcd-kustomize-mutating-webhook-fips, malcontent, oras-fips, flux-source-controller, supercronic-fips, newrelic-k8s-metadata-injection-fips,...
CVE-2026-32282 vulnerabilities
Vulnerabilities for packages: qemu-guesthelper, redka, cilium-cli, datadog-agent, gitaly-fips, elastic-agent, coredns-fips, buildkite-agent-fips, commercial-grafana, tekton-pipelines-fips, mattermost, argo-cd-fips, istio, prometheus, rke2-runtime-fips, cert-manager-fips, gitlab-kas-fips,...
CVE-2026-32288 vulnerabilities
Vulnerabilities for packages: qemu-guesthelper, bom, cilium-cli, elastic-agent, kubevirt-cdi-uploadserver, mattermost, istio, prometheus, gitlab-kas-fips, newrelic-fluent-bit-output-fips, cilium-envoy, witness, cluster-autoscaler-fips, oras, kubevirt-cdi-uploadserver-fips, gitlab-pages, karpenter...
GHSA-X4JJ-H2V8-HQQV vulnerabilities
Vulnerabilities for packages: qemu-guesthelper, bom, cilium-cli, elastic-agent, kubevirt-cdi-uploadserver, mattermost, istio, prometheus, gitlab-kas-fips, newrelic-fluent-bit-output-fips, cilium-envoy, witness, cluster-autoscaler-fips, oras, kubevirt-cdi-uploadserver-fips, gitlab-pages, karpenter...
CVE-2026-32283 vulnerabilities
Vulnerabilities for packages: cluster-api-aws-controller-fips, qemu-guesthelper, bom, minio-object-browser, kor, step-fips, kubernetes-ingress-defaultbackend-fips, git-lfs-fips, knative-net-istio-fips, q, kyverno-policy-reporter-fips, actions-runner-controller-fips, cluster-api-provider-vsphere,...
CVE-2026-28674
xiaoheiFS is a self-hosted financial and operational system for cloud service businesses. In versions up to and including 0.3.15, the AdminPaymentPluginUpload endpoint lets admins upload any file to plugins/payment/. It only checks a hardcoded password qweasd123456 and ignores file content. A...
CVE-2026-28674
xiaoheiFS is a self-hosted financial and operational system for cloud service businesses. In versions up to and including 0.3.15, the AdminPaymentPluginUpload endpoint lets admins upload any file to plugins/payment/. It only checks a hardcoded password qweasd123456 and ignores file content. A...
CVE-2026-28674 xiaoheiFS Vulnerable to RCE via Arbitrary Payment Plugin Upload (Automatic Execution)
xiaoheiFS is a self-hosted financial and operational system for cloud service businesses. In versions up to and including 0.3.15, the AdminPaymentPluginUpload endpoint lets admins upload any file to plugins/payment/. It only checks a hardcoded password qweasd123456 and ignores file content. A...