170 matches found
PT-2026-3409
CVSSv3.1 Rating: 3.7 LOW Summary This notification is related to the use of specific values for the region input field when calling AWS services. An actor with access to the environment in which the SDK is used could set the region input field to an invalid value. A defense-in-depth enhancement h...
EUVD-2025-203045
Malicious code in cos-js-sdk-v6 npm...
Astra Linux - уязвимость в thunderbird
Matrix Javascript SDK is the Matrix Client-Server SDK for JavaScript. Prior to version 19.7.0, an attacker cooperating with a malicious homeserver can construct messages appearing to have come from another person. Such messages will be marked with a grey shield on some platforms, but this may be...
CVE-2025-62374
Parse Javascript SDK provides access to the powerful Parse Server backend from your JavaScript app. Prior to 7.0.0, injection of malicious payload allows attacker to remotely execute arbitrary code. ParseObject.fromJSON, ParseObject.pin, ParseObject.registerSubclass, ObjectStateMutations internal...
CVE-2025-62374
Parse Javascript SDK provides access to the powerful Parse Server backend from your JavaScript app. Prior to 7.0.0, injection of malicious payload allows attacker to remotely execute arbitrary code. ParseObject.fromJSON, ParseObject.pin, ParseObject.registerSubclass, ObjectStateMutations internal...
CVE-2025-62374 Parse Javascript SDK vulnerable to prototype pollution in `Parse.Object` and internal APIs
Parse Javascript SDK provides access to the powerful Parse Server backend from your JavaScript app. Prior to 7.0.0, injection of malicious payload allows attacker to remotely execute arbitrary code. ParseObject.fromJSON, ParseObject.pin, ParseObject.registerSubclass, ObjectStateMutations internal...
CVE-2025-62374
CVE-2025-62374 affects the Parse JavaScript SDK before 7.0.0. A malicious payload could be injected via several APIs, enabling remote code execution through components such as ParseObject.fromJSON, ParseObject.pin, ParseObject.registerSubclass, ObjectStateMutations (internal), and encode/decode (...
CVE-2025-62374 Parse Javascript SDK vulnerable to prototype pollution in `Parse.Object` and internal APIs
Parse Javascript SDK provides access to the powerful Parse Server backend from your JavaScript app. Prior to 7.0.0, injection of malicious payload allows attacker to remotely execute arbitrary code. ParseObject.fromJSON, ParseObject.pin, ParseObject.registerSubclass, ObjectStateMutations internal...
CVE-2025-62374 Parse Javascript SDK vulnerable to prototype pollution in `Parse.Object` and internal APIs
Parse Javascript SDK provides access to the powerful Parse Server backend from your JavaScript app. Prior to 7.0.0, injection of malicious payload allows attacker to remotely execute arbitrary code. ParseObject.fromJSON, ParseObject.pin, ParseObject.registerSubclass, ObjectStateMutations internal...
PT-2025-42196
Name of the Vulnerable Software and Affected Versions Parse Javascript SDK versions prior to 7.0.0 Description A flaw exists in Parse Javascript SDK that, before version 7.0.0, allows for remote code execution through the injection of malicious payloads. The following components are impacted:...
EUVD-2021-1944
Malware in sbrugna...
EUVD-2023-1517
Malicious code in bioql PyPI...
EUVD-2022-6842
Malicious code in bioql PyPI...
EUVD-2025-29628
Malicious code in bioql PyPI...
EUVD-2024-3188
Malicious code in bioql PyPI...
EUVD-2024-2111
Malicious code in bioql PyPI...
EUVD-2023-0812
Malicious code in bioql PyPI...
EUVD-2023-3320
Malicious code in bioql PyPI...
EUVD-2022-6713
Malicious code in bioql PyPI...
EUVD-2024-2665
Malicious code in bioql PyPI...