44 matches found
a11y-mcp: Server-Side Request Forgery (SSRF) vulnerability in A11yServer function
A vulnerability was found in priyankark a11y-mcp up to 1.0.5. This vulnerability affects the function A11yServer of the file src/index.js. The manipulation results in server-side request forgery. The attack must be initiated from a local position. The exploit has been made public and could be use...
Server-side Request Forgery (SSRF)
Overview a11y-mcp is a MCP server for performing accessibility audits on webpages Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the A11yServer function in index.js. An attacker can cause the server to initiate unintended requests to arbitrary resources b...
CVE-2026-5323
A vulnerability was found in priyankark a11y-mcp up to 1.0.5. This vulnerability affects the function A11yServer of the file src/index.js. The manipulation results in server-side request forgery. The attack must be initiated from a local position. The exploit has been made public and could be use...
CVE-2026-5323 priyankark a11y-mcp index.js A11yServer server-side request forgery
A vulnerability was found in priyankark a11y-mcp up to 1.0.5. This vulnerability affects the function A11yServer of the file src/index.js. The manipulation results in server-side request forgery. The attack must be initiated from a local position. The exploit has been made public and could be use...
CVE-2026-5323 priyankark a11y-mcp index.js A11yServer server-side request forgery
A vulnerability was found in priyankark a11y-mcp up to 1.0.5. This vulnerability affects the function A11yServer of the file src/index.js. The manipulation results in server-side request forgery. The attack must be initiated from a local position. The exploit has been made public and could be use...
MAL-2026-1521 Malicious code in lit-a11y (npm)
The package 'lit-a11y' is part of the PhantomRaven supply chain attack campaign Wave 2. It uses a Remote Dynamic Dependency RDD technique: the published package appears benign but includes a URL-based dependency in package.json pointing to an attacker-controlled C2 server npm.jpartifacts.com...
MAL-2026-1530 Malicious code in styled-components-a11y (npm)
The package 'styled-components-a11y' is part of the PhantomRaven supply chain attack campaign Wave 2. It uses a Remote Dynamic Dependency RDD technique: the published package appears benign but includes a URL-based dependency in package.json pointing to an attacker-controlled C2 server...
Malicious code in lit-a11y (npm)
The package 'lit-a11y' is part of the PhantomRaven supply chain attack campaign Wave 2. It uses a Remote Dynamic Dependency RDD technique: the published package appears benign but includes a URL-based dependency in package.json pointing to an attacker-controlled C2 server npm.jpartifacts.com...
MAL-2025-191459 Malicious code in @vleo-dev/a11y-js-service (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bf7b4a5742b82956cf1632de9f435f824ac60651023bec86e0f12d9689dc5b2c The package @vleo-dev/a11y-js-service was found to contain malicious code. Source: ghsa-malware...
EUVD-2025-199555
Malicious code in @vleo-dev/a11y-js-service npm...
Malicious code in @vleo-dev/a11y-js-service (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bf7b4a5742b82956cf1632de9f435f824ac60651023bec86e0f12d9689dc5b2c The package @vleo-dev/a11y-js-service was found to contain malicious code. Source: ghsa-malware...
Malicious code in jsx-a11y (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 69d8158b553a773a363a5a4bbce1477f430fae7a45c29fe8f1855401337f4b0a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2025-49016 Malicious code in jsx-a11y (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 69d8158b553a773a363a5a4bbce1477f430fae7a45c29fe8f1855401337f4b0a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious Package
Overview jsx-a11y is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...
EUVD-2019-0627
Malware in sbrugna...
EUVD-2025-15340
Malicious code in bioql PyPI...
CVE-2019-15482
selectize-plugin-a11y before 1.1.0 has XSS via the msg field...
CVE-2024-11190
The jwp-a11y WordPress plugin through 4.1.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2024-11190
The jwp-a11y WordPress plugin through 4.1.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2024-11190
The jwp-a11y WordPress plugin through 4.1.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...