Lucene search
K

4 matches found

OSV
OSV
added 2026/06/11 5:5 a.m.9 views

MAL-2026-5582 Malicious code in wp-env (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ec2e092036cea9a9b2563e18b3d588ab046800c2160fb820081423b909066759 Package squats the wp-env CLI name commonly invoked as npx wp-env by users intending @wordpress/env. The package ships only bin/run.js declared main:...

5.6AI score
Exploits0References1
NVD
NVD
added 2025/10/16 4:15 p.m.4 views

CVE-2025-62490

In quickjs, in jsprintobject, when printing an array, the function first fetches the array length and then loops over it. The issue is, printing a value is not side-effect free. An attacker-defined callback could run during jsprintvalue, during which the array could get resized and len1 become ou...

8.8CVSS0.00371EPSS
Exploits1References2
AlpineLinux
AlpineLinux
added 2025/10/16 3:51 p.m.7 views

CVE-2025-62490

In quickjs, in jsprintobject, when printing an array, the function first fetches the array length and then loops over it. The issue is, printing a value is not side-effect free. An attacker-defined callback could run during jsprintvalue, during which the array could get resized and len1 become ou...

8.8CVSS7.1AI score0.00371EPSS
Exploits1References2
OSV
OSV
added 2025/08/22 5:2 p.m.6 views

CVE-2025-57800 Audiobookshelf vulnerable to OIDC token exfiltration and account takeover

Audiobookshelf is an open-source self-hosted audiobook server. In versions 2.6.0 through 2.26.3, the application does not properly restrict redirect callback URLs during OIDC authentication. An attacker can craft a login link that causes Audiobookshelf to store an arbitrary callback in a cookie,...

8.8CVSS6.8AI score0.00429EPSS
Exploits1References4
Rows per page
Query Builder