Malicious code in libjs-cqs (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector aed1ca0473a0b4d14330082b90a8fa15e7f1dfc671361ad4ef8c2dac38b130b0 The package libjs-cqs was found to contain malicious code...

MAL-2026-1770 Malicious code in libjs-cqs (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector aed1ca0473a0b4d14330082b90a8fa15e7f1dfc671361ad4ef8c2dac38b130b0 The package libjs-cqs was found to contain malicious code...

EUVD-2025-14653

Malicious code in bioql PyPI...

CVE-2025-47154

LibJS in Ladybird before f5a6704 mishandles the freeing of the vector that argumentslist references, leading to a use-after-free, and allowing remote attackers to execute arbitrary code via a crafted .js file. NOTE: the GitHub README says "Ladybird is in a pre-alpha state, and only suitable for u...

CVE-2025-47154

LibJS in Ladybird before f5a6704 mishandles the freeing of the vector that argumentslist references, leading to a use-after-free, and allowing remote attackers to execute arbitrary code via a crafted .js file. NOTE: the GitHub README says "Ladybird is in a pre-alpha state, and only suitable for u...

CVE-2025-47154

LibJS in Ladybird before f5a6704 mishandles the freeing of the vector that argumentslist references, leading to a use-after-free, and allowing remote attackers to execute arbitrary code via a crafted .js file. NOTE: the GitHub README says "Ladybird is in a pre-alpha state, and only suitable for u...

CVE-2025-47154

CVE-2025-47154 affects the LibJS component of the Ladybird browser, specifically versions prior to f5a6704. The root cause is improper freeing of the vector referenced by arguments_list, causing a use-after-free. This can allow remote attackers to execute arbitrary code by feeding a crafted .js f...

CVE-2025-47154

LibJS in Ladybird before f5a6704 mishandles the freeing of the vector that argumentslist references, leading to a use-after-free, and allowing remote attackers to execute arbitrary code via a crafted .js file. NOTE: the GitHub README says "Ladybird is in a pre-alpha state, and only suitable for u...

Ubuntu 16.04 ESM : semver vulnerability (USN-4776-1)

The remote Ubuntu 16.04 ESM host has packages installed that are affected by a vulnerability as referenced in the USN-4776-1 advisory. It was discovered that semver incorrectly handled certain inputs. A remote attacker could possibly use this issue to cause a denial of service. Tenable has...

Integer overflow

A vulnerability was found in SerenityOS. It has been rated as critical. Affected by this issue is the function initializetypedarrayfromarraybuffer in the library Userland/Libraries/LibJS/Runtime/TypedArray.cpp. The manipulation leads to integer overflow. The exploit has been disclosed to the publ...

CVE-2021-4327 SerenityOS TypedArray.cpp initialize_typed_array_from_array_buffer integer overflow

A vulnerability was found in SerenityOS. It has been rated as critical. Affected by this issue is the function initializetypedarrayfromarraybuffer in the library Userland/Libraries/LibJS/Runtime/TypedArray.cpp. The manipulation leads to integer overflow. The exploit has been disclosed to the publ...

CVE-2021-4327

CVE-2021-4327 (SerenityOS) affects SerenityOS, specifically the function initialize_typed_array_from_array_buffer in Userland/Libraries/LibJS/Runtime/TypedArray.cpp. The vulnerability is an integer overflow, with the patch identified as f6c6047e49f1517778f5565681fb64750b14bf60. The exploit has be...

Debian DSA-4883-1 : underscore - security update

It was discovered that missing input sanitising in the template function of the Underscore JavaScript library could result in the execution of arbitrary code. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Debian Security Advisory...

Debian DLA-2613-1 : underscore security update

node-underscore and libjs-underscore are vulnerable to Arbitrary Code Execution via the template function, particulary when a variable property is passed as an argument as it is not sanitized. For Debian 9 stretch, this problem has been fixed in version 1.8.3dfsg-1+deb9u1. We recommend that you...

[SECURITY] [DSA 2901-3] wordpress regression update

------------------------------------------------------------------------- Debian Security Advisory DSA-2901-3 [email protected] http://www.debian.org/security/ Salvatore Bonaccorso April 21, 2014 http://www.debian.org/security/faq -...