Lucene search
+L

400 matches found

vulnrichment
vulnrichment
added 2026/04/20 8:30 a.m.3 views

CVE-2026-6621 1024bit extend-deep index.js prototype pollution

A vulnerability was determined in 1024bit extend-deep up to 0.1.6. The impacted element is an unknown function of the file index.js. This manipulation of the argument proto causes improperly controlled modification of object prototype attributes. Remote exploitation of the attack is possible. The...

7.5CVSS5.4AI score0.00336EPSS
Exploits0References4
cnnvd
cnnvd
added 2026/04/20 12:0 a.m.10 views

extend-deep 安全漏洞

extend-deep is a JavaScript library developed by Hangga, designed for deeply recursive object merging. Versions of extend-deep 0.1.6 and earlier contained a security vulnerability, which stemmed from improper handling of the proto parameter in the index.js file. This vulnerability could lead to...

7.5CVSS7.1AI score0.00336EPSS
Exploits0References1
ossf
ossf
added 2026/03/24 9:8 a.m.3 views

Malicious code in tombac-chronos (npm)

Suspicious install script executing index.js and an untrustworthy author email domain sl4x0.xyz strongly suggest this package is malware. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 69e040ef4bdedbed143a5a8d1a1bb0389fa07848772a87c03da1c67557ced13e The package...

5.9AI score
Exploits0References1
ossf
ossf
added 2026/03/24 9:6 a.m.8 views

Malicious code in oc-aa-module-client (npm)

Multiple pieces of evidence suggest malicious intent: hex obfuscation, dynamic code execution, suspicious email, and install script executing index.js. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0ff9a96329ad67bbc8f97ec7686f7f6a8f1b94bb76be3f8f48671cafde13fc...

6AI score
Exploits0References1
osv
osv
added 2026/03/24 9:6 a.m.4 views

MAL-2026-2415 Malicious code in oc-aa-module-client (npm)

Multiple pieces of evidence suggest malicious intent: hex obfuscation, dynamic code execution, suspicious email, and install script executing index.js. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0ff9a96329ad67bbc8f97ec7686f7f6a8f1b94bb76be3f8f48671cafde13fc...

5.8AI score
Exploits0References1
ossf
ossf
added 2026/02/24 6:40 p.m.13 views

Malicious code in rtxbbtyols (npm)

Package collects and exfiltrates sensitive info to oastify.com via HTTP in both index.js and setup.py with silent error handling. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7a545131c0d6f2f8be5e52e2d51ba1ca4bc79095868f4b3c8169744110c68ecd The package...

5.7AI score
Exploits0References3
osv
osv
added 2026/02/24 6:40 p.m.3 views

MAL-2026-1027 Malicious code in rtxbbtyols (npm)

Package collects and exfiltrates sensitive info to oastify.com via HTTP in both index.js and setup.py with silent error handling. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7a545131c0d6f2f8be5e52e2d51ba1ca4bc79095868f4b3c8169744110c68ecd The package...

5.7AI score
Exploits0References3
susecve
susecve
added 2026/01/30 12:31 a.m.7 views

SUSE CVE-2025-61140

The value function in jsonpath 1.1.1 lib/index.js is vulnerable to Prototype Pollution...

8.1CVSS5.9AI score0.00399EPSS
Exploits1References9
osv
osv
added 2026/01/28 6:30 p.m.4 views

GHSA-6C59-MWGH-R2X6 JSONPath vulnerable to Prototype Pollution due to insufficient input validation of object keys in lib/index.js

The value function in jsonpath 1.1.1 lib/index.js is vulnerable to Prototype Pollution...

8.7CVSS5.3AI score0.00399EPSS
Exploits1References7
github
github
added 2026/01/28 6:30 p.m.18 views

JSONPath vulnerable to Prototype Pollution due to insufficient input validation of object keys in lib/index.js

The value function in jsonpath 1.1.1 lib/index.js is vulnerable to Prototype Pollution...

9.8CVSS5.3AI score0.00399EPSS
Exploits1References8Affected Software1
euvd
euvd
added 2026/01/28 12:0 a.m.5 views

EUVD-2025-206486

The value function in jsonpath 1.1.1 lib/index.js is vulnerable to Prototype Pollution...

9.8CVSS5.9AI score0.00399EPSS
Exploits1References2
cve
cve
added 2026/01/28 12:0 a.m.36 views

CVE-2025-61140

The CVE-2025-61140 entry concerns jsonpath version 1.1.1, where the value function in lib/index.js is vulnerable to Prototype Pollution. This is documented across multiple sources (GitHub advisory, OSV/NVD entries, and Red Hat advisories) and is categorized with a critical CVSS score. The vulnera...

9.8CVSS5.9AI score0.00399EPSS
Exploits1References11Affected Software1
euvd
euvd
added 2025/10/07 12:30 a.m.8 views

EUVD-2021-0600

Malware in sbrugna...

9.8CVSS9.4AI score0.02472EPSS
Exploits1References6
euvd
euvd
added 2025/10/07 12:30 a.m.4 views

EUVD-2020-20886

Malware in sbrugna...

9.8CVSS9.4AI score0.01233EPSS
Exploits1References3
euvd
euvd
added 2025/10/07 12:30 a.m.7 views

EUVD-2018-0155

Malware in sbrugna...

7.5CVSS7.6AI score0.0258EPSS
Exploits1References11
euvd
euvd
added 2025/10/07 12:30 a.m.6 views

EUVD-2019-6530

Malware in sbrugna...

9.8CVSS9.5AI score0.01371EPSS
Exploits0References2
euvd
euvd
added 2025/10/07 12:30 a.m.8 views

EUVD-2020-0628

Malware in sbrugna...

8.1CVSS8.7AI score0.03009EPSS
Exploits0References6
euvd
euvd
added 2025/10/07 12:30 a.m.3 views

EUVD-2018-8829

Malware in sbrugna...

6.1CVSS6.3AI score0.00744EPSS
Exploits1References2
euvd
euvd
added 2025/10/07 12:30 a.m.8 views

EUVD-2021-1397

Malware in sbrugna...

6.1CVSS6.2AI score0.0115EPSS
Exploits1References5
nessus
nessus
added 2025/10/07 12:0 a.m.2 views

Unity Linux 20.1070e Security Update: nodejs-brace-expansion (UTSA-2025-984691)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-984691 advisory. A vulnerability was found in juliangruber brace-expansion up to 1.1.11/2.0.1/3.0.0/4.0.0. It has been rated as problematic. Affected by this issue is the function...

3.1CVSS4.1AI score0.00459EPSS
Exploits0References4
Rows per page
Query Builder