33 matches found
MAL-2025-15592 Malicious code in bem-page-object (npm)
The package bem-page-object was found to contain malicious code...
Malicious code in iron-bem (npm)
The package iron-bem was found to contain malicious code...
Malicious code in bem-page-object (npm)
The package bem-page-object was found to contain malicious code...
MAL-2025-23389 Malicious code in iron-bem (npm)
The package iron-bem was found to contain malicious code...
anima-pull2load (>=1.0.1 <=1.0.3), bem-register (>=1.0.0 <=1.0.5) +11 more potentially affected by CVE-2024-51091 via seajs (>=1.2.1 <=2.2.1)
seajs NPM version =1.2.1, =1.0.1, =1.0.0, =0.1.0, =1.0.0, =1.0.0, =1.0.1, =0.0.1, =1.0.7, =0.9.11, =1.1.0, =1.1.3 Source cves: CVE-2024-51091 Source advisory: OSV:GHSA-PFR4-4397-3HG8...
Cross-site Scripting (XSS)
Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS due to improper sanitization of the bem Twig function. Note: This is only exploitable when the function is used outside of Drupal. If the Drupal Attribute class exists, the function uses it and it does escape...
MAL-2024-1820 Malicious code in bem-mvc-direct (npm)
--- -= Per source details. Do not edit below this line.=-...
Malicious code in bem-mvc-direct (npm)
--- -= Per source details. Do not edit below this line.=-...
Malicious Package
Overview toolbox-bem-bundle is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this packag...
Malicious Package
Overview bem-mvc-direct is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this package wa...
Malicious code in toolbox-bem-bundle (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware e7d90e4edafca946a3c4746d96347b41770e4cf2fd362e3dcaa984b69e3fc64f Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2023-895 Malicious code in toolbox-bem-bundle (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware e7d90e4edafca946a3c4746d96347b41770e4cf2fd362e3dcaa984b69e3fc64f Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
bem-lyon.fr Cross Site Scripting vulnerability OBB-2841908
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
MAL-2022-1906 Malicious code in cisco-bem-network-test (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 36d6613f246fd08612e8b2fd3292d25600598f0b2ad7748c88b8014e41e632c0 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in cisco-bem-network-test (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 36d6613f246fd08612e8b2fd3292d25600598f0b2ad7748c88b8014e41e632c0 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in bem-xjst-static-analyzer (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware e5c3910628bae004c82b2e78a7ee1be3d4fd038c3335d0f7ac0d3285ee25f45a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in bem-mvc (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 886727b00d8e66e121f2350c44e83e198483450ff7c986720bb268dc9907ffeb Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2022-6339 Malicious code in stylelint-bem-validator (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware c8b27f9be233ba1e0a20cd29efbd9d6a2b5982651dee648523dd66d48ee7ea09 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in stylelint-bem-validator (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware c8b27f9be233ba1e0a20cd29efbd9d6a2b5982651dee648523dd66d48ee7ea09 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
bem-register (>=1.0.0 <=1.0.5), itstep_server (=0.0.1) +4 more potentially affected by CVE-2021-23372 via mongo-express (>=0.19.0 <=0.53.0)
mongo-express NPM version =0.19.0, =1.0.0, =0.1.1, =1.0.0, =1.5.0, =1.6.1 Source cves: CVE-2021-23372 Source advisory: OSV:GHSA-M2R3-8492-VX59...