18 matches found
Hades PyPI Attack: 19 Packages Poisoned to Auto-Run Bun Credential Stealer
The Miasma supply chain campaign has sparked a fresh attack wave called Hades , this time involving 37 malicious wheel artifacts across 19 packages in the Python Package Index PyPI registry, as the Mini Shai-Hulud-style attacks continue to be refined and splintered to target specific ecosystems...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Shai-Hulud / Miasma software supply chain campaign, a large scale operation that has affected numerous packages across open source ecosystems. The malicio...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code containing a malicious binding.gyp file that drops and runs a self-propagating cloud secret stealer. The malicious code attempts to exfiltrate AWS, GCP, Azure, Vault, and Kubernetes credentials, as well as npm an...
CVE-2026-6621
A vulnerability was determined in 1024bit extend-deep up to 0.1.6. The impacted element is an unknown function of the file index.js. This manipulation of the argument proto causes improperly controlled modification of object prototype attributes. Remote exploitation of the attack is possible. The...
NPM: node-ts-ocr is vulnerable to OS Command Injection via the invokeImageOcr function in src/index.js
NPM: node-ts-ocr is vulnerable to OS Command Injection via the invokeImageOcr function in src/index.js vulnerability discovered by ? in WordPress Npm node-ts-ocr versions 1.0.15...
GHSA-8JH2-3MW6-6PFM node-ts-ocr is vulnerable to OS Command Injection via the invokeImageOcr function in src/index.js
NPM package node-ts-ocr 1.0.15 is vulnerable to OS Command Injection via the invokeImageOcr function in src/index.js...
CVE-2025-63705
NPM package node-ts-ocr 1.0.15 is vulnerable to OS Command Injection via the invokeImageOcr function in src/index.js...
CVE-2026-6621
A vulnerability was determined in 1024bit extend-deep up to 0.1.6. The impacted element is an unknown function of the file index.js. This manipulation of the argument proto causes improperly controlled modification of object prototype attributes. Remote exploitation of the attack is possible. The...
CVE-2026-3959
A vulnerability was found in 0xKoda WireMCP up to 7f45f8b2b4adeb76be8c6227eefb38533fdd6b1e. Impacted is the function server.tool of the file index.js of the component Tshark CLI Command Handler. The manipulation results in os command injection. The attack needs to be approached locally. The explo...
CVE-2026-3959 0xKoda WireMCP Tshark CLI index.js server.tool os command injection
A vulnerability was found in 0xKoda WireMCP up to 7f45f8b2b4adeb76be8c6227eefb38533fdd6b1e. Impacted is the function server.tool of the file index.js of the component Tshark CLI Command Handler. The manipulation results in os command injection. The attack needs to be approached locally. The explo...
CVE-2025-61140
The value function in jsonpath 1.1.1 lib/index.js is vulnerable to Prototype Pollution...
CVE-2025-61140
The value function in jsonpath 1.1.1 lib/index.js is vulnerable to Prototype Pollution...
EUVD-2021-0486
Malware in sbrugna...
EUVD-2020-0543
Malware in sbrugna...
CVE-2024-36578
akbr update 1.0.0 is vulnerable to Prototype Pollution via update/index.js...
OESA-2022-1665 nodejs-minimist security update
This module is the guts of optimist's argument parser without all the fanciful decoration. Security Fixes: Minimist =1.2.5 is vulnerable to Prototype Pollution via file index.js, function setKey lines 69-95.CVE-2021-44906...
GHSA-4RV9-5VC4-88CG Command injection in node-ps
This affects all versions of package node-ps. The injection point is located in line 72 in lib/index.js...
Neekey node-ps injection vulnerability
Neekey node-ps is a lookup tool from the US-based individual developer Neekey. It is provided to find running processes. An injection vulnerability exists in Neekey node-ps, which stems from a lack of proper validation of user input data in lib/index.js, which is not filtered or does not correctl...