TencentOS Server 3: nodejs:18 (TSSA-2024:0108)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2024:0108 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...

Security Bulletin: Security Vulnerabilities in node.js packages affect IBM Voice Gateway

Summary Security Vulnerabilities in node.js packages affect IBM Voice Gateway. The vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2025-58754 DESCRIPTION: Axios is a promise based HTTP client for the browser and Node.js. When Axios prior to versions 0.30.2 and 1.12.0 runs on...

AZL-70613 CVE-2025-13230 affecting package nodejs 20.14.0-13

Type Confusion in V8 in Google Chrome prior to 142.0.7444.59 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

AZL-70559 CVE-2025-13226 affecting package nodejs18 18.20.3-11

Type Confusion in V8 in Google Chrome prior to 142.0.7444.59 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

AZL-70610 CVE-2025-13226 affecting package nodejs 20.14.0-13

Type Confusion in V8 in Google Chrome prior to 142.0.7444.59 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

AZL-70607 CVE-2025-13227 affecting package nodejs 20.14.0-13

Type Confusion in V8 in Google Chrome prior to 142.0.7444.59 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

AZL-70604 CVE-2025-13224 affecting package nodejs 20.14.0-13

Type Confusion in V8 in Google Chrome prior to 142.0.7444.175 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

AZL-70553 CVE-2025-13224 affecting package nodejs18 18.20.3-11

Type Confusion in V8 in Google Chrome prior to 142.0.7444.175 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

EUVD-2025-48942

AWS Advanced Python Wrapper: Privilege Escalation in Aurora PostgreSQL instance...

EUVD-2025-180383

Malicious code in apollo-nodejs-helmet-loglevel npm...

EUVD-2025-177558

Malicious code in nodejs-cosmicweb-chakra-ui-vortex npm...

EUVD-2025-178130

Malicious code in less-geckodriver-mongodb-nodejs npm...

EUVD-2025-179166

Malicious code in element-ui-nodejs-bellatrix-hapi npm...

EUVD-2025-177556

Malicious code in nodejs-hyperion-quito-start npm...

EUVD-2025-179234

Malicious code in duplex-parcel-nodejs-membrane npm...

EUVD-2025-180087

Malicious code in betelgeuse-nodejs-hugo-flare npm...

EUVD-2025-180518

Malicious code in acamar-child-process-oauth-nodejs npm...

EUVD-2025-178405

Malicious code in init-optimize-css-assets-webpack-plugin-nodejs-grus npm...

EUVD-2025-177552

Malicious code in nodejs-sublimation-blueshift-ganymede npm...

Malicious code in despina-photon-nodejs-on (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3152b5d159e60035f53ed829f5362c99844bd6585f8e614ae1b496a79ee78f46 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...