6 matches found
MAL-2026-5453 Malicious code in tivo-codelib-a (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2c187e845e4c0d637709021a287c758e0206cb7adc46517391df4724d8af8cb7 [email protected] is an empty-stub npm package whose index.js exports module.exports = and whose package metadata description, author is blank. I...
Malicious code in corporate-front-vue (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d26a235f294aacb3800465f89db0f33ecb54f09da450ee98543f8b039249fc12 [email protected] is a near-empty shim index.js exports an empty object whose only meaningful content is a tarball-URL dependency declared i...
Malicious code in mazemap (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 751317dcad79cec866b8dc69cd60b39e3be8e1bcc45746039835b04ce32445b0 package.json declares its only dependency ltidisafe as a direct HTTPS tarball URL https://ltidi.storage.googleapis.com/depenconf/ltidisafe-3.0.2.tgz...
MAL-2026-5446 Malicious code in housecall-ui (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 67e32f5c0c623ab57ac1de78fb5e118394d96f79b760af74d4127f775a0a97fe [email protected] is a hollow npm package empty description, empty author, index.js exports an empty object whose sole runtime dependency is declar...
Malicious code in @vtmn-play/react (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6e407217116bd1ae3eb89ce8631eae8299f5acd924409d33f141ebddc4489145 Package name @vtmn-play/react mimics Decathlon's Vitamin design system @vtmn/react and is published at version 99.9.1, the canonical...
CVE-2016-10591
Prince is a Node API for executing XML/HTML to PDF renderer PrinceXML via prince1 CLI. prince downloads zipped resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested tarball with an attacker controlled...