170 matches found
EUVD-2024-1160
Malicious code in bioql PyPI...
EUVD-2022-6714
Malicious code in bioql PyPI...
EUVD-2023-1061
Malicious code in bioql PyPI...
EUVD-2022-6927
Malicious code in bioql PyPI...
CVE-2025-57324
The CVE-2025-57324 entry concerns the Parse-SDK-JS library. A prototype pollution flaw exists in SingleInstanceStateController.initializeState, allowing a crafted payload to inject properties into Object.prototype. Affected versions are parse 5.3.0 and earlier. Consequences include denial of serv...
Mesh Connect JS SDK Vulnerable to Cross Site Scripting via createLink.openLink
Summary The lack of sanitization of URLs protocols in the createLink.openLink function enables the execution of arbitrary JavaScript code within the context of the parent page. Details...
CVE-2025-59430
Mesh Connect JS SDK contains a cross-site scripting (XSS) vulnerability in the web-link component. Prior to version 3.3.2, createLink.openLink does not sanitize the URL protocol, allowing an attacker-controlled base64-encoded payload to set an iframe src that executes arbitrary JavaScript in the ...
Linux Distros Unpatched Vulnerability : CVE-2025-59160
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Matrix JavaScript SDK is a Matrix Client-Server SDK for JavaScript and TypeScript. matrix-js-sdk before 38.2.0 has insufficient validation of room predecessor...
@a.agiir/cinny (>=0.0.1 <=0.0.2), @airgap/beacon-sdk (>=0.0.1 <=0.0.3-beta.9) +73 more potentially affected by CVE-2025-59160 via matrix-js-sdk (>=0.0.4 <=37.5.0)
matrix-js-sdk NPM version =0.0.4, =0.0.1, =0.0.1, =0.0.34, =1.3.0, =1.0.0, =0.1.0, =0.1.0, =1.0.0, =2.0.0-alpha.3, =2.0.0-alpha.1, =1.4.1, =1.1.0, =0.0.1, =0.0.0-development, =0.0.1-development and more Source cves: CVE-2025-59160 Source advisory: OSV:GHSA-MP7C-M3RH-R56V...
GHSA-MP7C-M3RH-R56V matrix-js-sdk has insufficient validation when considering a room to be upgraded by another
Impact matrix-js-sdk before 38.2.0 has insufficient validation of room predecessor links in MatrixClient::getJoinedRooms, allowing a remote attacker to attempt to replace a tombstoned room with an unrelated attacker-supplied room. Patches The issue has been patched and users should upgrade to...
CVE-2025-59160
Matrix JavaScript SDK is a Matrix Client-Server SDK for JavaScript and TypeScript. matrix-js-sdk before 38.2.0 has insufficient validation of room predecessor links in MatrixClient::getJoinedRooms, allowing a remote attacker to attempt to replace a tombstoned room with an unrelated...
UBUNTU-CVE-2025-59160
Matrix JavaScript SDK is a Matrix Client-Server SDK for JavaScript and TypeScript. matrix-js-sdk before 38.2.0 has insufficient validation of room predecessor links in MatrixClient::getJoinedRooms, allowing a remote attacker to attempt to replace a tombstoned room with an unrelated...
CVE-2025-59160 matrix-js-sdk has insufficient validation when considering a room to be upgraded by another
Matrix JavaScript SDK is a Matrix Client-Server SDK for JavaScript and TypeScript. matrix-js-sdk before 38.2.0 has insufficient validation of room predecessor links in MatrixClient::getJoinedRooms, allowing a remote attacker to attempt to replace a tombstoned room with an unrelated...
CVE-2025-59160
Matrix JavaScript SDK is a Matrix Client-Server SDK for JavaScript and TypeScript. matrix-js-sdk before 38.2.0 has insufficient validation of room predecessor links in MatrixClient::getJoinedRooms, allowing a remote attacker to attempt to replace a tombstoned room with an unrelated...
CVE-2025-59160
The CVE-2025-59160 entry concerns the Matrix JavaScript SDK (matrix-js-sdk) prior to version 38.2.0, where MatrixClient::getJoinedRooms performs insufficient validation of room predecessor links. This can allow a remote attacker to attempt to replace a tombstoned room with an unrelated attacker-s...
Malicious code in @huobi-lib/vulcan-js-sdk (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 19abe7ab9afcd189bbbd5061add8629d1f576b8dae3944cc7974b7581ffbd570 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in @identity-authn/authn-js-sdk (npm)
The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=-...
Malicious code in bayonet-js-sdk (npm)
The package bayonet-js-sdk was found to contain malicious code...
Malicious code in kindle-fast-metrics-javascript-sdk (npm)
The package kindle-fast-metrics-javascript-sdk was found to contain malicious code...
MAL-2025-24521 Malicious code in kindle-fast-metrics-javascript-sdk (npm)
The package kindle-fast-metrics-javascript-sdk was found to contain malicious code...