MAL-2026-5577 Malicious code in web-pool (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d2b1d78cd3ff0c5eeead299eb670d299590b48a453c9416ae2a692bc4173737c Requiring web-pool triggers middleware to spawn a detached node lib/initializeCaller.js. That script base64-decodes a hardcoded endpoint...

Malicious code in web-pool (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d2b1d78cd3ff0c5eeead299eb670d299590b48a453c9416ae2a692bc4173737c Requiring web-pool triggers middleware to spawn a detached node lib/initializeCaller.js. That script base64-decodes a hardcoded endpoint...

EUVD-2026-18348

A vulnerability was determined in huimeicloud hmeditor up to 2.2.3. Impacted is the function client.get of the file src/mcp-server.js of the component image-to-base64 Endpoint. Executing a manipulation of the argument url can lead to server-side request forgery. It is possible to launch the attac...

CVE-2026-5346

A vulnerability was determined in huimeicloud hmeditor up to 2.2.3. Impacted is the function client.get of the file src/mcp-server.js of the component image-to-base64 Endpoint. Executing a manipulation of the argument url can lead to server-side request forgery. It is possible to launch the attac...

HmEditor 代码问题漏洞

HmEditor is an intelligent medical electronic health record editor developed under open source by huimeicloud. Versions of HmEditor 2.2.3 and earlier contained code vulnerabilities. These vulnerabilities stemmed from incorrect handling of the parameter url in the client.get function of the...

Cross-site Scripting (XSS)

Overview httpbin is a HTTP Request and Response Service Affected versions of this package are vulnerable to Cross-site Scripting XSS via the endpoint /base64 which does not encode user-controllable parameters when outputting them on the current page. An attacker can inject and execute arbitrary...