707 matches found
NocoBase - VM Sandbox Escape to Remote Code Execution
NocoBase Workflow Script Node executes user-supplied JavaScript inside a Node.js vm sandbox with a custom require allowlist controlled by WORKFLOWSCRIPTMODULES env var. The console object passed into the sandbox context exposes host-realm WritableWorkerStdio stream objects via console.stdout and...
Malicious code in type-plint (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 37979cc60cff25e26406f3426f0dd7aeac12c13e55402c89f78228080cac0ad9 The package advertises itself as a pino-style logger but its exported middleware spawns lib/caller.js as a detached Node child process. lib/caller.js...
Malicious code in vite-pwa-config (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bab1e251883a8eceecc27c935ed05352375d438c1efbbd8727f2b13a766409d0 Package vite-pwa-config impersonates the popular vite-plugin-pwa antfu — the README instructs users to import configJson from vite-plugin-pwa, and...
Malicious code in type-slint (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1b5cd26e040f4f4366ed65cca4b70258d276f781e0aab76b99b5573d4007a97d The npm package [email protected] masquerades as the pino logger copied module layout, exports as module.exports.pino, keywords fast/logger/stream/jso...
httpd: mod_authn_socache: NULL pointer dereference can cause a child process crash
A flaw was found in the modauthnsocache module of httpd. This vulnerability allows an unauthenticated remote user to crash a child process due to a NULL pointer dereference when the server is operating in a caching forward proxy configuration...
Malicious code in express-initial (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a8d292a4664135ed1869f907d62fb6472839ab54a59aedb2f3a88022a0c70095 package.json declares "postinstall": "node index.js", so npm install express-initial automatically runs the package's main script. index.js is heavil...
Malicious code in @nullzero/urlcat (npm)
@nullzero/urlcat version 1.4.2, published by [email protected] is a trojanized npm package belonging to the wshu.net credential-stealer campaign. The campaign published trojanized look-alike utility packages across 12+ scopes whose publisher accounts all follow the pattern [email protected], with...
Malicious code in @chunklab/hexparse (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 56ad779454aa221e4a3d5a13725428059b40edd7cd8a4329ef382348bc493013 Package advertises itself as a small hex/base64/endianness codec library, but every exported encode/decode function encodeHex, decodeHex,...
MAL-2026-6210 Malicious code in @apexcraft/nano-key (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c46938b3634fb4de89ddf44b765e1c766c871a40fb31c54609c1b3526074e65c @apexcraft/nano-key advertises itself as a 12-byte sortable ID generator README and repository metadata are copied from yiwen-ai/xid-ts, an unrelated...
Malicious code in vite-config-field (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8e5dabbc9cf746e153391fbe76f4dc54f9bccb9f7fd467d5b80d07c84ab1fb58 [email protected] impersonates the legitimate vite-plugin-pwa package README copies its banner/badges, funding field points at antfu's GitHub...
MAL-2026-5936 Malicious code in vite-config-field (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8e5dabbc9cf746e153391fbe76f4dc54f9bccb9f7fd467d5b80d07c84ab1fb58 [email protected] impersonates the legitimate vite-plugin-pwa package README copies its banner/badges, funding field points at antfu's GitHub...
Malicious code in chai-as-polished (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b2ea0d46e0bb4382e8d684d025cb72b7f99e37874c571e9946ae1268b70be6cf Package name is a one-edit typosquat of the widely-used chai-as-promised, but the shipped code is unrelated to chai. The exported middleware spawns a...
MAL-2026-5902 Malicious code in chai-as-tokenized (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 55c10da182a0c79ca5eb0f85c6b2e334b7ee4e90946dfcc34feb44e80afa4485 Package name impersonates chai-as-promised, and the README is a copy of pino's documentation, but the actual code is a remote-code-execution dropper...
Malicious code in solana-mev-bot (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e65516d3e042858742ebfee878ff2de6361994ce0155dcbf53c8e0f24cd5fafb bot.js performs a hardcoded HTTPS GET to api.telegram.org's bot sendMessage endpoint, transmitting host fingerprint data collected via os.hostname,...
PT-2026-50146
Name of the Vulnerable Software and Affected Versions Deno versions prior to 2.7.10 Description In the node:child process implementation on Windows, the escapeShellArg helper function fails to properly quote arguments containing cmd.exe metacharacters such as &, |, , ^, !, , and and does not...
Malicious code in neural-network-scan (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 898c75e5a6ae94d115820736ffd2ca4cb948f72655d5c0175a3432cec835768c The package ships a collect.js script that imports childprocess and performs an HTTP POST carrying host identifiers hostname referenced multiple time...
Malicious code in npm-sandbox-research-e9f0 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a18a9932f78294e22aa0a85077b9318233ab0952bc8788ae8987fce3e5002c93 Package declares a postinstall hook "postinstall": "node run.js" that executes automatically on npm install. The tarball ships beacon scripts...
MAL-2026-5762 Malicious code in npm-sandbox-research-e9f0 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a18a9932f78294e22aa0a85077b9318233ab0952bc8788ae8987fce3e5002c93 Package declares a postinstall hook "postinstall": "node run.js" that executes automatically on npm install. The tarball ships beacon scripts...
Malicious code in npm-sandbox-research-9c4e (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 24c86d7d2179375f642423fc8c38f58f5740b543bacab149ba8d4cbdcd7dc4cf On install, package.json runs node run.js via a postinstall lifecycle hook. The package ships beacon scripts beacon9.js, beaconlinux.js that import...
Malicious code in sys-info-cli-app (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1423c435a0e9e86338dd64d138fb1697580751ade2b7486880e21785e1b3eb47 The package's collect.js gathers host identifiers os.hostname, os.homedir along with filesystem and childprocess introspection and POSTs them to a...