GHSA-VV9J-GJW2-J8WP yeoman-environment Vulnerable to Arbitrary Package Installation without User Confirmation

Impact yeoman-environment versions = 2.9.0 and 6.0.1 install missing local generator packages from caller-supplied package names without user confirmation. In downstream consumers that pass attacker-controlled project configuration into this path, this can result in arbitrary package installation...

MAL-2026-4210 Malicious code in polymarket-auto-trade (npm)

A coordinated supply-chain attack comprising 9 npm packages published by maintainer polymarketdev GitHub actor texsellix, repo texsellix/polymarket-trading-bot within a 2-minute window on 2026-05-20T23:30Z–23:32Z. All packages masquerade as legitimate Polymarket CLOB trading tools while...

MAL-2026-4216 Malicious code in polymarket-trader (npm)

A coordinated supply-chain attack comprising 9 npm packages published by maintainer polymarketdev GitHub actor texsellix, repo texsellix/polymarket-trading-bot within a 2-minute window on 2026-05-20T23:30Z–23:32Z. All packages masquerade as legitimate Polymarket CLOB trading tools while...

MAL-2026-4211 Malicious code in polymarket-bot (npm)

A coordinated supply-chain attack comprising 9 npm packages published by maintainer polymarketdev GitHub actor texsellix, repo texsellix/polymarket-trading-bot within a 2-minute window on 2026-05-20T23:30Z–23:32Z. All packages masquerade as legitimate Polymarket CLOB trading tools while...

Malicious code in crazehub (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 53d37c0e75f63e9da7adcc1f71f8b67a665d080342df6857a15dadc297e4f075 crazehub/init.py performs multiple user-hostile actions at import time. Lines 2-3 unconditionally run os.system"pip install phonenumbers" and...

EUVD-1999-0159

Malware in sbrugna...

CVE-2023-28446

Deno is a simple, modern and secure runtime for JavaScript and TypeScript that uses V8 and is built in Rust. Arbitrary program names without any ANSI filtering allows any malicious program to clear the first 2 lines of a opspawnchild or opkill prompt and replace it with any desired text. This wor...

CVE-1999-0159

Attackers can crash a Cisco IOS router or device, provided they can get to an interactive prompt such as a login. This applies to some IOS 9.x, 10.x, and 11.x releases...

Prompt Injection

pandasai is vulnerable to Prompt Injection. The vulnerability is due to insufficient input validation in the interactive prompt function, allowing prompt injection to execute arbitrary Python code...

Arbitrary Code Injection

Overview pandasai is a Pandas AI is a Python library that integrates generative artificial intelligence capabilities into Pandas, making dataframes conversational. Affected versions of this package are vulnerable to Arbitrary Code Injection through the interactive prompt function. An attacker wit...

CVE-2023-28446 Deno is vulnerable to interactive `run` permission prompt spoofing via improper ANSI neutralization

Deno is a simple, modern and secure runtime for JavaScript and TypeScript that uses V8 and is built in Rust. Arbitrary program names without any ANSI filtering allows any malicious program to clear the first 2 lines of a opspawnchild or opkill prompt and replace it with any desired text. This wor...

CVE-2023-28446 Deno is vulnerable to interactive `run` permission prompt spoofing via improper ANSI neutralization

Deno is a simple, modern and secure runtime for JavaScript and TypeScript that uses V8 and is built in Rust. Arbitrary program names without any ANSI filtering allows any malicious program to clear the first 2 lines of a opspawnchild or opkill prompt and replace it with any desired text. This wor...

CVE-2023-28446 Deno is vulnerable to interactive `run` permission prompt spoofing via improper ANSI neutralization

Deno is a simple, modern and secure runtime for JavaScript and TypeScript that uses V8 and is built in Rust. Arbitrary program names without any ANSI filtering allows any malicious program to clear the first 2 lines of a opspawnchild or opkill prompt and replace it with any desired text. This wor...

PT-2023-2285 · Deno · Deno

Name of the Vulnerable Software and Affected Versions: Deno versions prior to 1.31.2 Description: The issue is related to the lack of filtering for special control characters in Deno, a runtime for JavaScript and TypeScript. This allows a malicious program to clear the first two lines of a prompt...

CVE-2023-22499

Deno is a runtime for JavaScript and TypeScript that uses V8 and is built in Rust. Multi-threaded programs were able to spoof interactive permission prompt by rewriting the prompt to suggest that program is waiting on user confirmation to unrelated action. A malicious program could clear the...

CVE-2023-22499

CVE-2023-22499 (Deno) describes a race-condition vulnerability where multi-threaded code could spoof the interactive permission prompt by rewriting the prompt, potentially clearing the terminal and displaying a generic message. Affected component: Deno runtime (JavaScript/TypeScript, built with R...

CVE-2023-22499 Interactive permission prompt spoofing in Deno

Deno is a runtime for JavaScript and TypeScript that uses V8 and is built in Rust. Multi-threaded programs were able to spoof interactive permission prompt by rewriting the prompt to suggest that program is waiting on user confirmation to unrelated action. A malicious program could clear the...

[SECURITY] Fedora 36 Update: golang-github-c-bata-prompt-0.2.6-4.fc36

A library for building powerful interactive prompts inspired by python-prompt-toolkit, making it easier to build cross-platform command line tools using Go...

PowerShell Runspace Portable Post Exploitation Tool: PowerOPS

PowerShell Runspace Portable Post Exploitation Tool aimed at making Penetration Testing with PowerShell “easier” PowerOPS is an application written in C that does not rely on powershell.exe but runs PowerShell commands and functions within a powershell runspace environment .NET. It intends to...

CVE-1999-0159

The CVE-1999-0159 entry maps to Cisco IOS 9.x–11.x devices where an attacker who can reach an interactive prompt (e.g., login) can cause a crash, degrading availability. Affected component is Cisco IOS; root cause described as a crash when a prompt is accessible, with no additional exploitation d...