3 matches found
Malicious code in tailwindcss-effector (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4780f88b1924c1d5104a4ea18803a0180e9339e5c9a9bf787f9ed4901e1729e3 src/index.js appends a heavily obfuscated async IIFE after a legitimate-looking TailwindCSS plugin. On import, the IIFE issues HTTPS requests to remo...
MAL-2026-3774 Malicious code in ts-build-optimize (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 51c637ab7c13ca2f592502f3444ebb24b291422b6388563d04fb8f7ae9030d5a The package masquerades as a TypeScript helper library README is lifted from Microsoft's tslib and references --importHelpers, extends, assign, and a...
PT-2026-37290
Name of the Vulnerable Software and Affected Versions WWBN AVideo versions prior to 29.1 Description An unauthenticated attacker can execute arbitrary JavaScript in the browser session of any logged-in user. The issue stems from an incomplete server-side mitigation for an eval sink. While the...