Lucene search
+L

4 matches found

OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/09 5:43 p.m.14 views

Malicious code in exodus-secure-container (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 92bc77b12251baa18392bd90e84d6bdc57aaef9a8c774f8cb29a0066e80f76b5 On npm install, the package runs node src/canary.js as a postinstall hook. That script performs a DNS lookup and HTTPS GET to the hardcoded host...

5.4AI score
Exploits0References1
Snyk
Snyk
added 2026/03/17 4:17 p.m.6 views

Allocation of Resources Without Limits or Throttling

Overview next is a react framework. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling due to the lack of an upper bound on the disk cache used by the image optimization. An attacker can exhaust disk storage by generating a large number of...

7.5CVSS5.8AI score0.00683EPSS
Exploits0References2
Snyk
Snyk
added 2026/03/17 3:29 p.m.17 views

Missing Origin Validation in WebSockets

Overview next is a react framework. Affected versions of this package are vulnerable to Missing Origin Validation in WebSockets in the internal dev endpoint when the Origin header is set to null. An attacker can interact with internal development websocket traffic by connecting from...

5.4CVSS5.8AI score0.00171EPSS
Exploits1References2
NVD
NVD
added 2024/11/04 6:15 p.m.27 views

CVE-2024-48336

The install function of ProviderInstaller.java in Magisk App before canary version 27007 does not verify the GMS app before loading it, which allows a local untrusted app with no additional privileges to silently execute arbitrary code in the Magisk app and escalate privileges to root via a craft...

8.4CVSS0.00519EPSS
Exploits1References2
Rows per page
Query Builder