269 matches found
BoxLite has a Timeout Bypass Vulnerability
Summary BoxLite is a sandbox service that allows users to create lightweight virtual machines Boxes and run OCI containers within them. BoxLite allows users to configure a timeout for services running inside the virtual machine. When the timeout is triggered, BoxLite sends a signal to kill the...
GHSA-XJHV-PP2R-6F82 BoxLite has a Timeout Bypass Vulnerability
Summary BoxLite is a sandbox service that allows users to create lightweight virtual machines Boxes and run OCI containers within them. BoxLite allows users to configure a timeout for services running inside the virtual machine. When the timeout is triggered, BoxLite sends a signal to kill the...
Malicious Package
Overview @service-suppliers/fetch-suppliers-watcher-saga is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that...
Malicious Package
Overview @service-suppliers/select-supplier-watcher-saga is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that...
Malicious Package
Overview @service-suppliers/fetch-initial-suppliers-watcher-saga is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between...
Malicious code in @service-suppliers/fetch-initial-suppliers-watcher-saga (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware e38be804fe779ace5ea3a6a56214beebe7ceabaa5f765b46a0f7888ed2da4fc1 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2026-4436 Malicious code in @service-suppliers/select-supplier-watcher-saga (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3829c1a8be4ed51ad5c9d714d223cb037f7d76df868b73e63c69c6c60ff8dbf3 On npm install, scripts/postinstall.js fetches a platform-specific script from https://oob.moika.tech/payload/linux|mac|win, writes it to the OS temp...
[SECURITY] Fedora 42 Update: awatcher-0.3.3-2.fc42
A window activity and idle watcher...
[SECURITY] Fedora 43 Update: awatcher-0.3.3-2.fc43
A window activity and idle watcher...
[SECURITY] Fedora 44 Update: awatcher-0.3.3-2.fc44
A window activity and idle watcher...
CVE-2026-33810 vulnerabilities
Vulnerabilities for packages: pluto-fips, victoriametrics-cluster-fips, fluxcd-kustomize-mutating-webhook-fips, pluto, smokescreen, go, apko, nfs-subdir-external-provisioner, envoy-ratelimit, aws-privateca-issuer-fips, kubewatch, cilium-fips, flux-image-reflector-controller-fips,...
CVE-2026-32282 vulnerabilities
Vulnerabilities for packages: keda, azurefile-csi-fips, tigera-operator, azuredisk-csi-fips, aws-load-balancer-controller-fips, nerdctl, go, dask-gateway, terraform, kube-conformance, k3s, elastic-agent, jaeger, argo-workflows-fips, fuse-overlayfs-snapshotter, traefik, k9s-fips, external-dns,...
GHSA-FV83-X2XW-2J55 vulnerabilities
Vulnerabilities for packages: pluto-fips, victoriametrics-cluster-fips, fluxcd-kustomize-mutating-webhook-fips, pluto, smokescreen, go, apko, nfs-subdir-external-provisioner, envoy-ratelimit, aws-privateca-issuer-fips, kubewatch, cilium-fips, flux-image-reflector-controller-fips,...
GHSA-XJ38-JXC5-RPPX vulnerabilities
Vulnerabilities for packages: keda, azurefile-csi-fips, tigera-operator, azuredisk-csi-fips, aws-load-balancer-controller-fips, nerdctl, go, dask-gateway, terraform, kube-conformance, k3s, elastic-agent, jaeger, argo-workflows-fips, fuse-overlayfs-snapshotter, traefik, k9s-fips, external-dns,...
GHSA-X4JJ-H2V8-HQQV vulnerabilities
Vulnerabilities for packages: mailpit-fips, bom, ko-fips, kubevirt-cdi-uploadserver, azurefile-csi-fips, tigera-operator, nerdctl, go, kbld-fips, kube-conformance, fuse-overlayfs-snapshotter, ko, vault-env, beats, nerdctl-fips, traefik-fips, gitaly-fips, cilium-envoy, flux-helm-controller-fips,...
CVE-2026-32288 vulnerabilities
Vulnerabilities for packages: mailpit-fips, bom, ko-fips, kubevirt-cdi-uploadserver, azurefile-csi-fips, tigera-operator, nerdctl, go, kbld-fips, kube-conformance, fuse-overlayfs-snapshotter, ko, vault-env, beats, nerdctl-fips, traefik-fips, gitaly-fips, cilium-envoy, flux-helm-controller-fips,...
CVE-2026-32283 vulnerabilities
Vulnerabilities for packages: mailpit-fips, bom, crossplane-function-go-templating, ko-fips, kubevirt-cdi-uploadserver, azurefile-csi-fips, crossplane-provider-aws-backup-fips, json-exporter, tigera-operator, smokescreen, kubernetes-csi-livenessprobe, aws-ebs-csi-driver, go, kube-oidc-proxy,...
CVE-2026-28674
xiaoheiFS is a self-hosted financial and operational system for cloud service businesses. In versions up to and including 0.3.15, the AdminPaymentPluginUpload endpoint lets admins upload any file to plugins/payment/. It only checks a hardcoded password qweasd123456 and ignores file content. A...
CVE-2026-28674
xiaoheiFS is a self-hosted financial and operational system for cloud service businesses. In versions up to and including 0.3.15, the AdminPaymentPluginUpload endpoint lets admins upload any file to plugins/payment/. It only checks a hardcoded password qweasd123456 and ignores file content. A...
EUVD-2026-12702
xiaoheiFS is a self-hosted financial and operational system for cloud service businesses. In versions up to and including 0.3.15, the AdminPaymentPluginUpload endpoint lets admins upload any file to plugins/payment/. It only checks a hardcoded password qweasd123456 and ignores file content. A...