@01.software/sdk (>=0.0.1-251022.145258 <=0.2.3), @adenta/cms (>=0.0.6 <=1.1.1-0) +75 more potentially affected by CVE-2026-34748 via @payloadcms/ui (>=3.0.0-alpha.0 <=3.78.0-internal.5219978)

@payloadcms/ui NPM version =3.0.0-alpha.0, =0.0.1-251022.145258, =0.0.6, =3.70.0, =0.0.3, =3.39.2, =1.0.1-beta.3, =0.1.2, =0.0.1, =1.0.0, =0.1.0, =0.1.2, =1.0.0, =1.1.29 and more Source cves: CVE-2026-34748 Source advisory: SNYK:JS-PAYLOADCMSUI-15873862...

MAL-2026-483 Malicious code in public-site-cms-ui (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3ab3fee105c88cb2417b79efd376d25e9f23afaaef354d5f154635820c702079 The package public-site-cms-ui was found to contain malicious code...

Malicious code in cms-ui-components (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 2e5d43978f9860bd618fa68a993d8fa1b0b3f1ba27d64c713c37ae2234e0093d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in cms-ui-views (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 636cafa99151c70813b92018c04a866bf889ce49006e1f029efa7f5facd17639 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2023-196 Malicious code in cms-ui-views (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 636cafa99151c70813b92018c04a866bf889ce49006e1f029efa7f5facd17639 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in cms-ui-presentationlogic (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware d1ed28c883575b30f00714232f671ed736feb78c5dcc8ab6326d2d6eacc20466 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2023-195 Malicious code in cms-ui-redux (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 9b762909fe644f0cec406dc5042d82e4b93fda0f4259313f2884b3cf4ed92cce Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2023-194 Malicious code in cms-ui-presentationlogic (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware d1ed28c883575b30f00714232f671ed736feb78c5dcc8ab6326d2d6eacc20466 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious Package

Overview cms-ui-presentationlogic is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this...

Malicious Package

Overview cms-ui-redux is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this package was...

Malicious Package

Overview cms-ui-views is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this package was...

Malicious Package

Overview cms-ui-components is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this package...

Cross-Site Scripting (XSS)

Apache Sling - CMS UI is vulnerable to cross-site scripting. The vulnerability exists due to improper neutralization, allowing an attacker to inject and execute malicious HTML and script code through the taxonomy management feature...