Lucene search
K

25 matches found

EUVD
EUVD
added 2026/06/11 5:53 p.m.9 views

EUVD-2026-36273

KanaDojo before 0.1.18 contains a sandbox escape vulnerability that allows an attacker to execute arbitrary code by exploiting the explicit passing of the global require function into a Node.js vm.runInNewContext sandbox context in the issue-auto-respond.yml workflow. Attackers can submit a pull...

8.5CVSS6.7AI score0.00487EPSS
Exploits0References3
CVE
CVE
added 2026/06/11 5:53 p.m.18 views

CVE-2026-48546

KanaDojo before 0.1.18 contains a sandbox-escape RCE in the issue-auto-respond.yml workflow. The root cause is explicit passing of the global require into a Node.js vm.runInNewContext() sandbox, allowing an attacker to modify messages.cjs to import arbitrary Node.js modules and achieve remote cod...

8.5CVSS6.7AI score0.00487EPSS
Exploits0References3
vulnersOsv
vulnersOsv
added 2026/04/14 12:36 p.m.15 views

cjs-biginteger (=5.0.5) potentially affected by unknown CVE via ts-lint-builds (=1.0.5)

ts-lint-builds NPM version =1.0.5 is affected by a known vulnerability. The following packages have a transitive dependency on ts-lint-builds and may be impacted: - cjs-biginteger =5.0.5 Source cves: unknown CVE Source advisory: OSV:MAL-2026-2883...

5.8AI score
Exploits0
OSV
OSV
added 2026/04/14 12:35 p.m.8 views

MAL-2026-2882 Malicious code in cjs-biginteger (npm)

big.js typosquat campaign - SSH backdoor implantation, credential and crypto wallet theft --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ad18a38aa59b5edbd05dbdf229f4d013446f970fe18b41e54ffc1c24a926d2bd The package cjs-biginteger was found to contain malicious...

5.7AI score
Exploits0References1
OSV
OSV
added 2025/09/26 9:37 a.m.3 views

MAL-2025-47696 Malicious code in node-ts-cjs-web (npm)

--- -= Per source details. Do not edit below this line.=-...

7AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/07/12 5:35 p.m.3 views

Malicious code in node-ts-cjs-auto (npm)

The package communicates with a domain associated with malicious activity...

7AI score
Exploits0
OSV
OSV
added 2025/07/12 5:35 p.m.2 views

MAL-2025-6107 Malicious code in node-ts-cjs-auto (npm)

The package communicates with a domain associated with malicious activity...

7.1AI score
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/22 6:29 p.m.5 views

CVE-2021-29446

jose-node-cjs-runtime is an npm package which provides a number of cryptographic functions. In versions prior to 3.11.4 the AESCBCHMACSHA2 Algorithm A128CBC-HS256, A192CBC-HS384, A256CBC-HS512 decryption would always execute both HMAC tag verification and CBC decryption, if either failed...

5.9CVSS6.8AI score0.01238EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/03/05 12:57 a.m.5 views

CVE-2024-53384

A DOM Clobbering vulnerability in tsup v8.3.4 allows attackers to execute arbitrary code via a crafted script in the import.meta.url to document.currentScript in cjsshims.js components...

5.1CVSS7.6AI score0.00238EPSS
Exploits1References1
Github Security Blog
Github Security Blog
added 2025/03/03 6:31 p.m.13 views

tsup DOM Clobbering vulnerability

A DOM Clobbering vulnerability in tsup v8.3.4 allows attackers to execute arbitrary code via a crafted script in the import.meta.url to document.currentScript in cjsshims.js components...

5.1CVSS7.9AI score0.00238EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2025/03/03 6:15 p.m.4 views

CVE-2024-53384

A DOM Clobbering vulnerability in tsup v8.3.4 allows attackers to execute arbitrary code via a crafted script in the import.meta.url to document.currentScript in cjsshims.js components...

5.1CVSS7.8AI score
Exploits0References1
CVE
CVE
added 2025/03/03 12:0 a.m.49 views

CVE-2024-53384

CVE-2024-53384 affects tsup v8.3.4 with a DOM Clobbering vulnerability that lets an attacker execute arbitrary code via a crafted script in the import.meta.url to document.currentScript in cjs_shims.js components. The CVSS 3.1 vector shows a MEDIUM base score (5.1) with LOCAL attack vector, LOW a...

5.1CVSS7.7AI score0.00238EPSS
Exploits1References1Affected Software1
RedhatCVE
RedhatCVE
added 2024/09/23 4:46 p.m.21 views

CVE-2024-47068

A flaw was found in the Rollup module bundler for JavaScript. Certain versions are susceptible to a DOM Clobbering vulnerability when bundling scripts with properties from import.meta such as import.meta.url in the cjs/umd/iife format. The DOM Clobbering gadget can lead to cross-site scripting XS...

6.4CVSS5.4AI score0.007EPSS
Exploits1References8
Cvelist
Cvelist
added 2024/09/23 3:26 p.m.47 views

CVE-2024-47068 DOM Clobbering Gadget found in rollup bundled scripts that leads to XSS

Rollup is a module bundler for JavaScript. Versions prior to 2.79.2, 3.29.5, and 4.22.4 are susceptible to a DOM Clobbering vulnerability when bundling scripts with properties from import.meta e.g., import.meta.url in cjs/umd/iife format. The DOM Clobbering gadget can lead to cross-site scripting...

6.1CVSS0.007EPSS
Exploits1References5
NVD
NVD
added 2024/09/17 8:15 p.m.54 views

CVE-2024-45812

Vite a frontend build tooling framework for javascript. Affected versions of vite were discovered to contain a DOM Clobbering vulnerability when building scripts to cjs/iife/umd output format. The DOM Clobbering gadget in the module can lead to cross-site scripting XSS in web pages where scriptle...

6.4CVSS0.00636EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2024/08/27 12:0 a.m.8 views

PT-2024-31793 · Vite · Vite

Name of the Vulnerable Software and Affected Versions: Vite versions prior to 3.2.11 Vite versions prior to 4.5.5 Vite versions prior to 5.2.14 Vite versions prior to 5.3.6 Vite versions prior to 5.4.6 Description: A DOM Clobbering vulnerability was discovered in Vite when building scripts to...

10CVSS6.5AI score0.01956EPSS
Exploits10References56
OSSF Malicious Packages
OSSF Malicious Packages
added 2024/06/25 12:56 p.m.4 views

Malicious code in query-string-cjs (npm)

--- -= Per source details. Do not edit below this line.=-...

7AI score
Exploits0References1
vulnersOsv
vulnersOsv
added 2023/08/09 2:43 p.m.5 views

ses-cjs (>=1.0.0 <=1.0.1) potentially affected by CVE-2023-39532 via ses (=0.13.1)

ses NPM version =0.13.1 is affected by a known vulnerability. The following packages have a transitive dependency on ses and may be impacted: - ses-cjs =1.0.0, =1.0.1 Source cves: CVE-2023-39532 Source advisory: OSV:GHSA-9C4H-3F7H-322R...

9.8CVSS7.2AI score0.01234EPSS
Exploits1
OSV
OSV
added 2023/07/12 12:41 a.m.8 views

MAL-2023-168 Malicious code in chalk-animate-cjs (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 516c8dd53eb3c24c892eed50063a6f315dc748a4d2f006d392d7ec6785802d0b Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2023/07/12 12:41 a.m.6 views

Malicious code in chalk-animate-cjs (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 516c8dd53eb3c24c892eed50063a6f315dc748a4d2f006d392d7ec6785802d0b Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.9AI score
Exploits0References1
Rows per page
Query Builder