Astra Linux – Vulnerability in Firefox

The Remote Agent, used in WebDriver, did not validate the Host or Origin headers. This could have allowed websites to connect back locally to the user’s browser to control it. This bug only affected Firefox when WebDriver was enabled, which is not the default configuration.. This vulnerability...

Selenium Grid/Selenoid Unauthenticated RCE

Selenium Grid and Selenoid expose a WebDriver API that allows creating browser sessions with arbitrary capabilities. When deployed without authentication the default for both, an attacker can achieve remote code execution through two browser-specific techniques: For Chrome, the goog:chromeOptions...

@activepieces/piece-google-gemini (=0.1.6), @activepieces/piece-google-vertexai (=0.1.2) +9 more potentially affected by CVE-2026-33750 via brace-expansion (>=2.0.0 <=2.0.2)

brace-expansion NPM version =2.0.0, =0.2.1, =1.16.0, =1.0.1, =0.0.20, =15.0.0 - fluid-webdriver =1.1.2 - nx-cargo =1.0.0-alpha.2 Source cves: CVE-2026-33750 Source advisory: OSV:GHSA-F886-M6HF-6M8V...

@activepieces/piece-google-gemini (=0.1.6), @activepieces/piece-google-vertexai (=0.1.2) +9 more potentially affected by CVE-2026-33750 via brace-expansion (>=2.0.0 <=2.0.2)

brace-expansion NPM version =2.0.0, =0.2.1, =1.16.0, =1.0.1, =0.0.20, =15.0.0 - fluid-webdriver =1.1.2 - nx-cargo =1.0.0-alpha.2 Source cves: CVE-2026-33750 Source advisory: SNYK:JS-BRACEEXPANSION-15789759...

Astra Linux - уязвимость в zabbix

The webdriver for the Browser object expects an error object to be initialized when the webdriversessionquery function fails. But this function can fail for various reasons without an error description and then the wd-error will be NULL and trying to read from it will result in a crash...

EUVD-2025-176435

Malicious code in semantic-release-webdriver-mocha-holography-init npm...

EUVD-2025-179477

Malicious code in cryptography-webdriver-manager-schema-test npm...

EUVD-2025-176114

Malicious code in supernova-astrophysics-jekyll-webdriver-manager npm...

EUVD-2025-175614

Malicious code in webdriver-manager-neptune-vulcan-scorpius npm...

EUVD-2025-176105

Malicious code in supernova-webdriver-mocha-centauri-vega npm...

Malicious code in spectron-webdriver-nodemon-sedimentology-on (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 60e790ec19781e6bae0e122b31564bb4f314ef39cee5af5b11865dd3d38e722a This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

EUVD-2025-176023

Malicious code in telesto-dotenv-safe-webdriver-mocha-jwt npm...

MAL-2025-189266 Malicious code in rollup-neptune-webdriver-manager-eslint-plugin (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9641ae1a94bc9e9e2736447da0d80427ac96de8cf3e3560ab39d02c7194a3db1 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

EUVD-2025-175608

Malicious code in webdriver-mocha-apollo-server-shelljs npm...

EUVD-2025-175615

Malicious code in webdriver-manager-ethology-kastra-biotechnology npm...

EUVD-2025-176151

Malicious code in subscription-nightmare-nightmare-webdriver-manager npm...

EUVD-2025-176261

Malicious code in spectron-webdriver-async-primatology-canopus npm...

Malicious code in wavefunction-prompts-webdriver-mocha-vuetify (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9133d1deb74b2792ed8706555c49fa13ce1ca719f838438eaefd5622916c5386 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

EUVD-2025-176294

Malicious code in socketio-webdriver-mocha-kinetic-quantum npm...

EUVD-2025-176196

Malicious code in stratosphere-spectron-webdriver-deimos-dynamo npm...