Lucene search
+L

56 matches found

ossf
ossf
added 2026/06/30 2:10 p.m.7 views

Malicious code in rs-biginteger (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 796cb1ee4c8398963dcc192d2fc9b425866f40f7a99b467cba1d160234508617 Package presents itself as a big-integer arithmetic library and ships the verbatim big.js v7.0.1 source plus its README. Injected between the P.minus...

6.2AI score
Exploits0References3
osv
osv
added 2026/06/30 2:10 p.m.6 views

MAL-2026-6675 Malicious code in rs-biginteger (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 796cb1ee4c8398963dcc192d2fc9b425866f40f7a99b467cba1d160234508617 Package presents itself as a big-integer arithmetic library and ships the verbatim big.js v7.0.1 source plus its README. Injected between the P.minus...

6.4AI score
Exploits0References3
osv
osv
added 2026/06/23 4:7 p.m.16 views

MAL-2026-6316 Malicious code in ts-biginteger-lib (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b8059a1d2db2edb7231b017023f82f6a651585c0ee7120aaebe882cb6407b9e3 Package is published as 'ts-biginteger-lib' but its metadata, README, and source are a wholesale copy of big.js by MikeMcl author set to 'Michael...

6.4AI score
Exploits0References2
redhat
redhat
added 2026/06/09 11:19 a.m.14 views

node-forge: node-forge: Denial of Service via infinite loop in BigInteger.modInverse()

A flaw was found in the node-forge library, a JavaScript implementation of Transport Layer Security. This vulnerability, inherited from the bundled jsbn library, allows a remote attacker to cause a Denial of Service DoS. When the BigInteger.modInverse function is called with a zero value, it ente...

7.5CVSS5.4AI score0.00596EPSS
Exploits1References6
redhat
redhat
added 2026/06/09 11:18 a.m.10 views

node-forge: node-forge: Denial of Service via infinite loop in BigInteger.modInverse()

A flaw was found in the node-forge library, a JavaScript implementation of Transport Layer Security. This vulnerability, inherited from the bundled jsbn library, allows a remote attacker to cause a Denial of Service DoS. When the BigInteger.modInverse function is called with a zero value, it ente...

7.5CVSS5.4AI score0.00596EPSS
Exploits1References6
vulnersosv
vulnersosv
added 2026/04/14 12:36 p.m.15 views

cjs-biginteger (=5.0.5) potentially affected by unknown CVE via ts-lint-builds (=1.0.5)

ts-lint-builds NPM version =1.0.5 is affected by a known vulnerability. The following packages have a transitive dependency on ts-lint-builds and may be impacted: - cjs-biginteger =5.0.5 Source cves: unknown CVE Source advisory: OSV:MAL-2026-2883...

5.8AI score
Exploits0
ossf
ossf
added 2026/04/14 12:35 p.m.12 views

Malicious code in cjs-biginteger (npm)

big.js typosquat campaign - SSH backdoor implantation, credential and crypto wallet theft --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ad18a38aa59b5edbd05dbdf229f4d013446f970fe18b41e54ffc1c24a926d2bd The package cjs-biginteger was found to contain malicious...

5.9AI score
Exploits0References2
osv
osv
added 2026/04/14 12:35 p.m.8 views

MAL-2026-2882 Malicious code in cjs-biginteger (npm)

big.js typosquat campaign - SSH backdoor implantation, credential and crypto wallet theft --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ad18a38aa59b5edbd05dbdf229f4d013446f970fe18b41e54ffc1c24a926d2bd The package cjs-biginteger was found to contain malicious...

5.9AI score
Exploits0References2
vulnersosv
vulnersosv
added 2026/04/14 12:35 p.m.12 views

bjs-biginteger (=5.0.5) potentially affected by unknown CVE via bjs-lint-builders (=1.1.0)

bjs-lint-builders NPM version =1.1.0 is affected by a known vulnerability. The following packages have a transitive dependency on bjs-lint-builders and may be impacted: - bjs-biginteger =5.0.5 Source cves: unknown CVE Source advisory: OSV:MAL-2026-2881...

5.8AI score
Exploits0
vulnersosv
vulnersosv
added 2026/04/14 12:35 p.m.10 views

bjs-biginteger (=5.0.6) potentially affected by unknown CVE via bjs-lint-builder (=1.0.5)

bjs-lint-builder NPM version =1.0.5 is affected by a known vulnerability. The following packages have a transitive dependency on bjs-lint-builder and may be impacted: - bjs-biginteger =5.0.6 Source cves: unknown CVE Source advisory: OSV:MAL-2026-2880...

5.8AI score
Exploits0
ossf
ossf
added 2026/04/14 12:34 p.m.7 views

Malicious code in bjs-biginteger (npm)

big.js typosquat campaign - SSH backdoor implantation, credential and crypto wallet theft --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ce3bc89babfc42de2e7df569ebf26d41dcc13469a19895aa4144c2625ddbd87b The package bjs-biginteger was found to contain malicious...

5.9AI score
Exploits0References2
osv
osv
added 2026/04/14 12:34 p.m.10 views

MAL-2026-2879 Malicious code in bjs-biginteger (npm)

big.js typosquat campaign - SSH backdoor implantation, credential and crypto wallet theft --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ce3bc89babfc42de2e7df569ebf26d41dcc13469a19895aa4144c2625ddbd87b The package bjs-biginteger was found to contain malicious...

5.9AI score
Exploits0References2
ossf
ossf
added 2026/04/09 2:5 p.m.11 views

Malicious code in sjs-biginteger (npm)

sjs-biginteger typosquats big.js on npm. Published April 7, 2026 by throwaway account vanes.s.p.orit.a, the package ships legitimate big.js source and hides its payload in a dependency: sjs-lint-build1. On install, the dependency’s postinstall hook fetches the attacker’s SSH public key from a C2...

5.9AI score
Exploits0References2
vulnersosv
vulnersosv
added 2026/04/09 2:4 p.m.9 views

sjs-biginteger (=5.0.6) potentially affected by unknown CVE via sjs-lint-build1 (=1.0.4)

sjs-lint-build1 NPM version =1.0.4 is affected by a known vulnerability. The following packages have a transitive dependency on sjs-lint-build1 and may be impacted: - sjs-biginteger =5.0.6 Source cves: unknown CVE Source advisory: OSV:MAL-2026-2528...

5.8AI score
Exploits0
redhatcve
redhatcve
added 2026/03/27 10:12 p.m.4 views

CVE-2026-33891

A flaw was found in the node-forge library, a JavaScript implementation of Transport Layer Security. This vulnerability, inherited from the bundled jsbn library, allows a remote attacker to cause a Denial of Service DoS. When the BigInteger.modInverse function is called with a zero value, it ente...

7.5CVSS5.8AI score0.00596EPSS
Exploits1References5
osv
osv
added 2026/03/27 9:17 p.m.5 views

UBUNTU-CVE-2026-33891

Forge also called node-forge is a native implementation of Transport Layer Security in JavaScript. Prior to version 1.4.0, a Denial of Service DoS vulnerability exists in the node-forge library due to an infinite loop in the BigInteger.modInverse function inherited from the bundled jsbn library...

7.5CVSS5.8AI score0.00596EPSS
Exploits1References4
attackerkb
attackerkb
added 2026/03/27 8:43 p.m.4 views

CVE-2026-33891

Forge also called node-forge is a native implementation of Transport Layer Security in JavaScript. Prior to version 1.4.0, a Denial of Service DoS vulnerability exists in the node-forge library due to an infinite loop in the BigInteger.modInverse function inherited from the bundled jsbn library...

7.5CVSS5.9AI score0.00596EPSS
Exploits1References3Affected Software1
vulnrichment
vulnrichment
added 2026/03/27 8:43 p.m.3 views

CVE-2026-33891 Forge has Denial of Service via Infinite Loop in BigInteger.modInverse() with Zero Input

Forge also called node-forge is a native implementation of Transport Layer Security in JavaScript. Prior to version 1.4.0, a Denial of Service DoS vulnerability exists in the node-forge library due to an infinite loop in the BigInteger.modInverse function inherited from the bundled jsbn library...

7.5CVSS5.9AI score0.00596EPSS
Exploits1References2
cvelist
cvelist
added 2026/03/27 8:43 p.m.30 views

CVE-2026-33891 Forge has Denial of Service via Infinite Loop in BigInteger.modInverse() with Zero Input

Forge also called node-forge is a native implementation of Transport Layer Security in JavaScript. Prior to version 1.4.0, a Denial of Service DoS vulnerability exists in the node-forge library due to an infinite loop in the BigInteger.modInverse function inherited from the bundled jsbn library...

7.5CVSS0.00596EPSS
Exploits1References2
osv
osv
added 2026/03/27 8:43 p.m.4 views

CVE-2026-33891 Forge has Denial of Service via Infinite Loop in BigInteger.modInverse() with Zero Input

Forge also called node-forge is a native implementation of Transport Layer Security in JavaScript. Prior to version 1.4.0, a Denial of Service DoS vulnerability exists in the node-forge library due to an infinite loop in the BigInteger.modInverse function inherited from the bundled jsbn library...

7.5CVSS5.9AI score0.00596EPSS
Exploits1References12
Rows per page
Query Builder