Lucene search
K

26 matches found

NVD
NVD
added last week11 views

CVE-2026-56812

Improper Check for Unusual or Exceptional Conditions vulnerability in phoenixframework phoenix Presence JavaScript client allows an attacker with ordinary channel access to cause a persistent client-side denial of service against every viewer of a presence channel topic. This vulnerability is...

7.5CVSS0.00447EPSS
Exploits1References7
EUVD
EUVD
added last week6 views

EUVD-2026-42050

Improper Check for Unusual or Exceptional Conditions vulnerability in phoenixframework phoenix Presence JavaScript client allows an attacker with ordinary channel access to cause a persistent client-side denial of service against every viewer of a presence channel topic. This vulnerability is...

6.3CVSS6AI score0.00447EPSS
Exploits1References7
OSV
OSV
added last week5 views

CVE-2026-56812 Phoenix JavaScript presence client crashes on presence keys colliding with Object.prototype members in Presence.syncState/syncDiff

Improper Check for Unusual or Exceptional Conditions vulnerability in phoenixframework phoenix Presence JavaScript client allows an attacker with ordinary channel access to cause a persistent client-side denial of service against every viewer of a presence channel topic. This vulnerability is...

6.3CVSS6AI score0.00447EPSS
Exploits1References13
OSV
OSV
added last week6 views

EEF-CVE-2026-56812 Phoenix JavaScript presence client crashes on presence keys colliding with Object.prototype members in Presence.syncState/syncDiff

Summary Improper Check for Unusual or Exceptional Conditions vulnerability in phoenixframework phoenix Presence JavaScript client allows an attacker with ordinary channel access to cause a persistent client-side denial of service against every viewer of a presence channel topic. This vulnerabilit...

6.3CVSS6AI score0.00447EPSS
Exploits1References8
NVD
NVD
added 2026/04/23 2:16 a.m.4 views

CVE-2026-41182

LangSmith Client SDKs provide SDK's for interacting with the LangSmith platform. Prior to version 0.5.19 of the JavaScript SDK and version 0.7.31 of the Python SDK, the LangSmith SDK's output redaction controls hideOutputs in JS, hideoutputs in Python do not apply to streaming token events. When ...

5.3CVSS0.00214EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2018-8397

Malware in sbrugna...

10CVSS9.5AI score0.02359EPSS
Exploits1References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2022-0509

Malicious code in bioql PyPI...

8.1CVSS7.2AI score0.0112EPSS
Exploits0References4
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/08/14 6:52 p.m.7 views

Malicious code in metal-js-client (npm)

The package metal-js-client was found to contain malicious code...

7AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/08/14 6:52 p.m.5 views

Malicious code in contentchef-management-js-client (npm)

The package contentchef-management-js-client was found to contain malicious code...

7AI score
Exploits0
RedhatCVE
RedhatCVE
added 2025/02/06 1:20 a.m.15 views

CVE-2022-21671

@replit/crosis is a JavaScript client that speaks Replit's container protocol. A vulnerability that involves exposure of sensitive information exists in versions prior to 7.3.1. When using this library as a way to programmatically communicate with Replit in a standalone fashion, if there are...

8.1CVSS6.2AI score0.0112EPSS
Exploits0References1
CVE
CVE
added 2024/12/04 3:20 p.m.4211 views

CVE-2024-54134

CVE-2024-54134 affects the Solana JavaScript library solana/web3.js, specifically versions 1.95.6 and 1.95.7. A publish-access account was compromised, enabling attackers to publish unauthorized malicious packages that could exfiltrate private key material and drain funds from dapps that handle p...

8.3CVSS6.5AI score0.00431EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/10/08 12:0 a.m.35 views

SAP HANA 安全漏洞

SAP HANA is a set of high-performance real-time data analytics platform from Germany's SAP SAP. The platform provides data query functions to support users to query real-time business data query and analysis. An input validation error vulnerability exists in the SAP HANA Node.js client, which ste...

4.3CVSS6.8AI score0.00589EPSS
Exploits0References5
OSSF Malicious Packages
OSSF Malicious Packages
added 2024/08/07 11:58 p.m.4 views

Malicious code in advertising-api-javascript-client (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware e3299e8d083575625b432f2781c5a613ffd086315798fc9dcf413612f98193b1 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.9AI score
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2023/05/30 12:0 a.m.30 views

GLSA-202305-36 : Mozilla Thunderbird: Multiple Vulnerabilities

The remote host is affected by the vulnerability described in GLSA-202305-36 Mozilla Thunderbird: Multiple Vulnerabilities - matrix-js-sdk is a Matrix messaging protocol Client-Server SDK for JavaScript. In versions prior to 24.0.0 events sent with special strings in key places can temporarily...

8.8CVSS7.8AI score0.01185EPSS
Exploits2References38
NVD
NVD
added 2022/11/29 11:15 p.m.13 views

CVE-2022-46155

Airtable.js is the JavaScript client for Airtable. Prior to version 0.11.6, Airtable.js had a misconfigured build script in its source package. When the build script is run, it would bundle environment variables into the build target of a transpiled bundle. Specifically, the AIRTABLEAPIKEY and...

7.6CVSS0.00448EPSS
Exploits0References3
Prion
Prion
added 2022/11/29 11:15 p.m.19 views

Design/Logic Flaw

Airtable.js is the JavaScript client for Airtable. Prior to version 0.11.6, Airtable.js had a misconfigured build script in its source package. When the build script is run, it would bundle environment variables into the build target of a transpiled bundle. Specifically, the AIRTABLEAPIKEY and...

4.3CVSS6.3AI score0.00448EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2022/11/29 12:0 a.m.70 views

CVE-2022-46155

Summary: CVE-2022-46155 describes a misconfiguration in Airtable.js prior to 0.11.6 where the build script would bundle AIRTABLE_API_KEY and AIRTABLE_ENDPOINT_URL into the transpiled bundle when building from source. This affects copies built from source (not npm/yarn-installed packages) if the u...

7.6CVSS6.5AI score0.00448EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2022/11/29 12:0 a.m.45 views

CVE-2022-46155 Airtable.js credentials exposed in browser builds

Airtable.js is the JavaScript client for Airtable. Prior to version 0.11.6, Airtable.js had a misconfigured build script in its source package. When the build script is run, it would bundle environment variables into the build target of a transpiled bundle. Specifically, the AIRTABLEAPIKEY and...

7.6CVSS7.7AI score0.00448EPSS
Exploits0References3
OSV
OSV
added 2022/11/29 12:0 a.m.30 views

CVE-2022-46155 Airtable.js credentials exposed in browser builds

Airtable.js is the JavaScript client for Airtable. Prior to version 0.11.6, Airtable.js had a misconfigured build script in its source package. When the build script is run, it would bundle environment variables into the build target of a transpiled bundle. Specifically, the AIRTABLEAPIKEY and...

7.6CVSS6.8AI score0.00448EPSS
Exploits0References5
CNNVD
CNNVD
added 2022/11/29 12:0 a.m.6 views

Airtable.js 安全漏洞

Airtable.js is Airtable open source an Airtable javascript client . Provides a simple way to access the data . A misconfiguration vulnerability exists in Airtable.js versions prior to 0.11.6 that stems from a misconfiguration in a script that binds environment variables to the build target of a...

7.6CVSS6.5AI score0.00448EPSS
Exploits0References4
Rows per page
Query Builder