269 matches found
BoxLite has a Timeout Bypass Vulnerability
Summary BoxLite is a sandbox service that allows users to create lightweight virtual machines Boxes and run OCI containers within them. BoxLite allows users to configure a timeout for services running inside the virtual machine. When the timeout is triggered, BoxLite sends a signal to kill the...
GHSA-XJHV-PP2R-6F82 BoxLite has a Timeout Bypass Vulnerability
Summary BoxLite is a sandbox service that allows users to create lightweight virtual machines Boxes and run OCI containers within them. BoxLite allows users to configure a timeout for services running inside the virtual machine. When the timeout is triggered, BoxLite sends a signal to kill the...
Malicious Package
Overview @service-suppliers/fetch-suppliers-watcher-saga is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that...
Malicious Package
Overview @service-suppliers/select-supplier-watcher-saga is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that...
Malicious Package
Overview @service-suppliers/fetch-initial-suppliers-watcher-saga is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between...
Malicious code in @service-suppliers/fetch-initial-suppliers-watcher-saga (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware e38be804fe779ace5ea3a6a56214beebe7ceabaa5f765b46a0f7888ed2da4fc1 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2026-4436 Malicious code in @service-suppliers/select-supplier-watcher-saga (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3829c1a8be4ed51ad5c9d714d223cb037f7d76df868b73e63c69c6c60ff8dbf3 On npm install, scripts/postinstall.js fetches a platform-specific script from https://oob.moika.tech/payload/linux|mac|win, writes it to the OS temp...
[SECURITY] Fedora 42 Update: awatcher-0.3.3-2.fc42
A window activity and idle watcher...
[SECURITY] Fedora 43 Update: awatcher-0.3.3-2.fc43
A window activity and idle watcher...
[SECURITY] Fedora 44 Update: awatcher-0.3.3-2.fc44
A window activity and idle watcher...
GHSA-FV83-X2XW-2J55 vulnerabilities
Vulnerabilities for packages: omnibump, dataplaneapi, rabbitmq-messaging-topology-operator, dapr-fips, flux-source-controller-fips, sealed-secrets-fips, pluto-fips, cilium-fips, aws-eks-pod-identity-agent-fips, fluxcd-kustomize-mutating-webhook, listmonk, aws-privateca-issuer,...
GHSA-XJ38-JXC5-RPPX vulnerabilities
Vulnerabilities for packages: calico, fscrypt, coredns, tekton-pipelines, knative-serving, opentofu, libnvidia-container, azurefile-csi-fips, buildkite-agent-fips, nerdctl, cilium-fips, k8s-device-plugin, terraform, gitaly, kube-arangodb, dask-gateway, cloud-provider-azure-fips,...
CVE-2026-32282 vulnerabilities
Vulnerabilities for packages: calico, fscrypt, coredns, tekton-pipelines, knative-serving, opentofu, libnvidia-container, azurefile-csi-fips, buildkite-agent-fips, nerdctl, cilium-fips, k8s-device-plugin, terraform, gitaly, kube-arangodb, dask-gateway, cloud-provider-azure-fips,...
CVE-2026-33810 vulnerabilities
Vulnerabilities for packages: omnibump, dataplaneapi, rabbitmq-messaging-topology-operator, dapr-fips, flux-source-controller-fips, sealed-secrets-fips, pluto-fips, cilium-fips, aws-eks-pod-identity-agent-fips, fluxcd-kustomize-mutating-webhook, listmonk, aws-privateca-issuer,...
CVE-2026-32288 vulnerabilities
Vulnerabilities for packages: trivy-operator-fips, task, kubernetes-csi-driver-nfs-fips, fscrypt, libnvidia-container, helm-set-status, newrelic-infrastructure-agent, nerdctl, gitaly, pulumi-language-yaml, kargo, tekton-chains-fips, dask-gateway, docker-compose-fips, buildah, kube-fluentd-operato...
GHSA-X4JJ-H2V8-HQQV vulnerabilities
Vulnerabilities for packages: trivy-operator-fips, task, kubernetes-csi-driver-nfs-fips, fscrypt, libnvidia-container, helm-set-status, newrelic-infrastructure-agent, nerdctl, gitaly, pulumi-language-yaml, kargo, tekton-chains-fips, dask-gateway, docker-compose-fips, buildah, kube-fluentd-operato...
CVE-2026-32283 vulnerabilities
Vulnerabilities for packages: trivy-operator-fips, pgpool2exporter, verticadb-operator-fips, task, crossplane-provider-aws-dynamodb-fips, crossplane-provider-aws-wafv2-fips, goose, kubernetes-csi-driver-nfs-fips, dex-k8s-authenticator, cadence, databricks-cli-fips, fscrypt, libnvidia-container,...
CVE-2026-28674
xiaoheiFS is a self-hosted financial and operational system for cloud service businesses. In versions up to and including 0.3.15, the AdminPaymentPluginUpload endpoint lets admins upload any file to plugins/payment/. It only checks a hardcoded password qweasd123456 and ignores file content. A...
CVE-2026-28674
xiaoheiFS is a self-hosted financial and operational system for cloud service businesses. In versions up to and including 0.3.15, the AdminPaymentPluginUpload endpoint lets admins upload any file to plugins/payment/. It only checks a hardcoded password qweasd123456 and ignores file content. A...
EUVD-2026-12702
xiaoheiFS is a self-hosted financial and operational system for cloud service businesses. In versions up to and including 0.3.15, the AdminPaymentPluginUpload endpoint lets admins upload any file to plugins/payment/. It only checks a hardcoded password qweasd123456 and ignores file content. A...