Lucene search
K

676 matches found

EUVD
EUVD
added 2026/07/02 8:10 p.m.8 views

EUVD-2026-41437

react-native-receive-sharing-intent contains a path traversal vulnerability that allows a co-resident malicious application to write files outside the intended cache directory by supplying a crafted displayname value containing dot-dot path components through a malicious ContentProvider. Attacker...

7.7CVSS5.9AI score0.00138EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/07/02 8:10 p.m.36 views

CVE-2026-58460 react-native-receive-sharing-intent Path Traversal via _display_name

react-native-receive-sharing-intent contains a path traversal vulnerability that allows a co-resident malicious application to write files outside the intended cache directory by supplying a crafted displayname value containing dot-dot path components through a malicious ContentProvider. Attacker...

7.7CVSS0.00138EPSS
Exploits0References2
OSV
OSV
added 2026/06/17 12:0 p.m.6 views

MAL-2026-6153 Malicious code in datapersistence-profiling (npm)

The npm package datapersistence-profiling published by npm user sproger, [email protected] is a deceptive React Native component and part of a coordinated 37-package campaign across two attacker-controlled domains surrprisingcoompanny.lol and barbellmate.xyz. On component mount it registers...

5.5AI score
Exploits0References1
OSV
OSV
added 2026/06/17 12:0 p.m.7 views

MAL-2026-6170 Malicious code in onesignal-hooks (npm)

The npm package onesignal-hooks published by npm user sproger, [email protected] is a deceptive React Native component and part of a coordinated 37-package campaign across two attacker-controlled domains surrprisingcoompanny.lol and barbellmate.xyz. On component mount it registers...

5.5AI score
Exploits0References1
OSV
OSV
added 2026/06/17 12:0 p.m.7 views

MAL-2026-6181 Malicious code in virtualization-compression-collapse (npm)

The npm package virtualization-compression-collapse published by npm user sproger, [email protected] is a deceptive React Native component and part of a coordinated 37-package campaign across two attacker-controlled domains surrprisingcoompanny.lol and barbellmate.xyz. On component mount it...

5.5AI score
Exploits0References1
OSV
OSV
added 2026/06/17 12:0 p.m.6 views

MAL-2026-6151 Malicious code in buildautomation-touch (npm)

The npm package buildautomation-touch published by npm user sproger, [email protected] is a deceptive React Native component and part of a coordinated 37-package campaign across two attacker-controlled domains surrprisingcoompanny.lol and barbellmate.xyz. On component mount it registers...

5.4AI score
Exploits0References1
vulnersOsv
vulnersOsv
added 2026/05/05 5:31 p.m.7 views

@knocklabs/client (>=0.21.6 <=0.21.13), @knocklabs/expo (>=0.5.0 <=0.6.7) +8 more potentially affected by CVE-2026-32689 via phoenix (>=1.8.0 <=1.8.5)

phoenix NPM version =1.8.0, =0.21.6, =0.5.0, =0.1.0, =0.1.1, =0.1.1, =0.0.2, =0.0.1, =0.0.2, =0.0.1, =2.1.8, =2.5.1 Source cves: CVE-2026-32689 Source advisory: SNYK:JS-PHOENIX-16425773...

8.7CVSS5.7AI score0.00469EPSS
Exploits0
Snyk
Snyk
added 2026/05/05 3:33 p.m.16 views

Malicious Package

Overview react-native-parallax-scroll-view-updated is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that...

9.8CVSS5.8AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/04 1:43 a.m.12 views

Malicious code in pos-next-react-native (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 17462b618deafef53af5cb939d0240f899e18139f020fa631b898d2862bc6a08 The package pos-next-react-native was found to contain malicious code. Source: ghsa-malware...

5.8AI score
Exploits0References1
OSV
OSV
added 2026/05/04 1:43 a.m.9 views

MAL-2026-3281 Malicious code in pos-next-react-native (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 17462b618deafef53af5cb939d0240f899e18139f020fa631b898d2862bc6a08 The package pos-next-react-native was found to contain malicious code. Source: ghsa-malware...

5.8AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/04/29 2:0 p.m.13 views

Malicious code in react-native-parallax-scroll-view-updated (npm)

Dependency confusion and typosquatting campaign by threat actor "saif777". Packages use inflated version numbers 9999.9999.9999, 9999.9999.10000, 50.50.50, 7.66.5 to win version resolution in environments with private registries. All active packages execute a postinstall hook "node index.js" that...

5.9AI score
Exploits0References1
OSV
OSV
added 2026/04/29 2:0 p.m.7 views

MAL-2026-3262 Malicious code in react-native-parallax-scroll-view-updated (npm)

Dependency confusion and typosquatting campaign by threat actor "saif777". Packages use inflated version numbers 9999.9999.9999, 9999.9999.10000, 50.50.50, 7.66.5 to win version resolution in environments with private registries. All active packages execute a postinstall hook "node index.js" that...

5.9AI score
Exploits0References1
OSV
OSV
added 2026/03/24 3:57 p.m.8 views

MAL-2026-2386 Malicious code in react-native-forter (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ff4ae821a2636c10a3e19afaaf78823613bcedf143d91c79cbdec29f20b00654 The package react-native-forter was found to contain malicious code...

5.8AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/03/24 3:57 p.m.16 views

Malicious code in react-native-forter (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ff4ae821a2636c10a3e19afaaf78823613bcedf143d91c79cbdec29f20b00654 The package react-native-forter was found to contain malicious code...

5.9AI score
Exploits0
OSV
OSV
added 2026/03/19 4:45 p.m.7 views

MAL-2026-1931 Malicious code in react-native-country-select (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 769c13bead812dac05aaece43d165b10a7574c48a0a030b703e022325f736380 The package react-native-country-select was found to contain malicious code. Source: ghsa-malware...

5.7AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/03/19 4:45 p.m.12 views

Malicious code in react-native-country-select (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 769c13bead812dac05aaece43d165b10a7574c48a0a030b703e022325f736380 The package react-native-country-select was found to contain malicious code. Source: ghsa-malware...

5.7AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/03/19 4:44 p.m.23 views

Malicious code in react-native-international-phone-number (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f86d66bcbb0f2abf075d3d4ce6a18c3a8ec1563e35087a9fe409f56f9fb64a9f The package react-native-international-phone-number was found to contain malicious code. Source: ghsa-malware...

5.7AI score
Exploits0References1
OSV
OSV
added 2026/03/19 4:44 p.m.6 views

MAL-2026-1932 Malicious code in react-native-international-phone-number (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f86d66bcbb0f2abf075d3d4ce6a18c3a8ec1563e35087a9fe409f56f9fb64a9f The package react-native-international-phone-number was found to contain malicious code. Source: ghsa-malware...

5.7AI score
Exploits0References1
Snyk
Snyk
added 2026/03/15 11:0 p.m.5 views

Embedded Malicious Code

Overview react-native-international-phone-number is an International mobile phone input component with mask for React Native Affected versions of this package are vulnerable to Embedded Malicious Code. The publishing pipeline of this package was compromised and a malicious version was released on...

9.8CVSS5.7AI score
Exploits0References2
Snyk
Snyk
added 2026/03/15 11:0 p.m.6 views

Embedded Malicious Code

Overview react-native-country-select is a 🌍 React Native country picker with flags, search, TypeScript, i18n, and offline support. Lightweight, customizable, and designed with a modern UI. Affected versions of this package are vulnerable to Embedded Malicious Code. The publishing pipeline of this...

9.8CVSS5.8AI score
Exploits0References2
Rows per page
Query Builder