GHSA-XJHV-PP2R-6F82 BoxLite has a Timeout Bypass Vulnerability

Summary BoxLite is a sandbox service that allows users to create lightweight virtual machines Boxes and run OCI containers within them. BoxLite allows users to configure a timeout for services running inside the virtual machine. When the timeout is triggered, BoxLite sends a signal to kill the...

BoxLite has a Timeout Bypass Vulnerability

Summary BoxLite is a sandbox service that allows users to create lightweight virtual machines Boxes and run OCI containers within them. BoxLite allows users to configure a timeout for services running inside the virtual machine. When the timeout is triggered, BoxLite sends a signal to kill the...

Malicious code in @service-suppliers/fetch-initial-suppliers-watcher-saga (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware e38be804fe779ace5ea3a6a56214beebe7ceabaa5f765b46a0f7888ed2da4fc1 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious Package

Overview @service-suppliers/fetch-initial-suppliers-watcher-saga is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between...

Malicious Package

Overview @service-suppliers/select-supplier-watcher-saga is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that...

Malicious Package

Overview @service-suppliers/fetch-suppliers-watcher-saga is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that...

MAL-2026-4436 Malicious code in @service-suppliers/select-supplier-watcher-saga (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3829c1a8be4ed51ad5c9d714d223cb037f7d76df868b73e63c69c6c60ff8dbf3 On npm install, scripts/postinstall.js fetches a platform-specific script from https://oob.moika.tech/payload/linux|mac|win, writes it to the OS temp...

[SECURITY] Fedora 42 Update: awatcher-0.3.3-2.fc42

A window activity and idle watcher...

[SECURITY] Fedora 43 Update: awatcher-0.3.3-2.fc43

A window activity and idle watcher...

[SECURITY] Fedora 44 Update: awatcher-0.3.3-2.fc44

A window activity and idle watcher...

CVE-2026-33810 vulnerabilities

Vulnerabilities for packages: aws-privateca-issuer-fips, omnibump, dataplaneapi-fips, nodetaint, karma-fips, flux-source-watcher-fips, sftpgo-plugin-eventsearch, sealed-secrets-fips, commercial-chainloop-cli, karpenter, flux-image-automation-controller, github-mcp-server,...

CVE-2026-32282 vulnerabilities

Vulnerabilities for packages: cloud-provider-azure-fips, docker-cli-fips, elastic-agent, gitlab-kas, cluster-autoscaler, cloud-provider-aws, kubescape, kube-arangodb, chezmoi, kine, zot, runc, flux-source-watcher-fips, buildkite-agent-fips, gitaly, gatekeeper-fips, argo-cd-fips, coredns-fips,...

GHSA-XJ38-JXC5-RPPX vulnerabilities

Vulnerabilities for packages: cloud-provider-azure-fips, docker-cli-fips, elastic-agent, gitlab-kas, cluster-autoscaler, cloud-provider-aws, kubescape, kube-arangodb, chezmoi, kine, zot, runc, flux-source-watcher-fips, buildkite-agent-fips, gitaly, gatekeeper-fips, argo-cd-fips, coredns-fips,...

GHSA-FV83-X2XW-2J55 vulnerabilities

Vulnerabilities for packages: aws-privateca-issuer-fips, omnibump, dataplaneapi-fips, nodetaint, karma-fips, flux-source-watcher-fips, sftpgo-plugin-eventsearch, sealed-secrets-fips, commercial-chainloop-cli, karpenter, flux-image-automation-controller, github-mcp-server,...

CVE-2026-32288 vulnerabilities

Vulnerabilities for packages: gitlab-kas, mailpit, minio-fips, openbao, ko-fips, flux-source-watcher-fips, cloudbeat, coredns-fips, libnvidia-container-fips, envconsul-fips, kubernetes, keda, gitleaks, gitea-fips, chartmuseum-fips, nats-server, pulumi-language-yaml, tekton-pipelines-fips,...

GHSA-X4JJ-H2V8-HQQV vulnerabilities

Vulnerabilities for packages: gitlab-kas, mailpit, minio-fips, openbao, ko-fips, flux-source-watcher-fips, cloudbeat, coredns-fips, libnvidia-container-fips, envconsul-fips, kubernetes, keda, gitleaks, gitea-fips, chartmuseum-fips, nats-server, pulumi-language-yaml, tekton-pipelines-fips,...

CVE-2026-32283 vulnerabilities

Vulnerabilities for packages: gitlab-kas, mailpit, ctop, minio-fips, nats-top, vault-k8s-fips, kubernetes-dashboard-metrics-scraper, flannel-fips, cert-exporter, mods, db-operator, promxy, terraform-provider-databricks-fips, nri-mysql, omnibump, openbao, ko-fips, git-sync-fips,...

CVE-2026-28674

xiaoheiFS is a self-hosted financial and operational system for cloud service businesses. In versions up to and including 0.3.15, the AdminPaymentPluginUpload endpoint lets admins upload any file to plugins/payment/. It only checks a hardcoded password qweasd123456 and ignores file content. A...

CVE-2026-28674

xiaoheiFS is a self-hosted financial and operational system for cloud service businesses. In versions up to and including 0.3.15, the AdminPaymentPluginUpload endpoint lets admins upload any file to plugins/payment/. It only checks a hardcoded password qweasd123456 and ignores file content. A...

CVE-2026-28674 xiaoheiFS Vulnerable to RCE via Arbitrary Payment Plugin Upload (Automatic Execution)

xiaoheiFS is a self-hosted financial and operational system for cloud service businesses. In versions up to and including 0.3.15, the AdminPaymentPluginUpload endpoint lets admins upload any file to plugins/payment/. It only checks a hardcoded password qweasd123456 and ignores file content. A...