MAL-2026-3177 Malicious code in @cap-js/postgres (npm)

Supply chain compromise of legitimate SAP packages published by threat actor "[email protected]" impersonating SAP toolchain maintainers. All four compromised packages share the same fingerprint: setup.mjs 4.4 KB and execution.js 11.1 MB bundled in the tarball, with a preinstall hook of "node...

CVE-2026-7220

The CVE-2026-7220 entry concerns jackwrichards FastlyMCP (fastly_cli Tool) up to commit 6f3d0b0e654fc51076badc7fa16c03c461f95620, affecting fastly-mcp.mjs. The vulnerability arises from manipulation of the command argument, enabling an OS command injection. It can be exploited remotely, and the e...

CVE-2026-7220 jackwrichards FastlyMCP fastly_cli Tool fastly-mcp.mjs os command injection

A vulnerability has been found in jackwrichards FastlyMCP up to 6f3d0b0e654fc51076badc7fa16c03c461f95620. This impacts an unknown function of the file fastly-mcp.mjs of the component fastlycli Tool. The manipulation of the argument command leads to os command injection. It is possible to initiate...

PT-2026-21358

Name of the Vulnerable Software and Affected Versions Swiper versions 6.5.1 through 12.1.1 Description Swiper is a free and mobile touch slider with hardware accelerated transitions and native behavior. A prototype pollution issue exists in the shared/utils.mjs file, specifically at line 94, wher...

CVE-2023-29570

Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via mjsfficbfree at src/mjsffi.c. This vulnerability can lead to a Denial of Service DoS...

CVE-2023-29569

Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via fficbimplwpwwwww at src/mjsffi.c. This vulnerability can lead to a Denial of Service DoS...

CVE-2023-49553

An issue in Cesanta mjs 2.20.0 allows a remote attacker to cause a denial of service via the mjsdestroy function in the msj.c file...

CVE-2023-49550

An issue in Cesanta mjs 2.20.0 allows a remote attacker to cause a denial of service via the mjs+0x4ec508 component...

CVE-2023-49549

An issue in Cesanta mjs 2.20.0 allows a remote attacker to cause a denial of service via the mjsgetretvalpos function in the msj.c file...

CVE-2010-0340

SQL injection vulnerability in the MJS Event Pro mjseventpro extension 0.2.1 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors...

CVE-2021-33439

An issue was discovered in mjs mJS: Restricted JavaScript engine, ES6 JavaScript version 6. There is Integer overflow in gccompactstrings in mjs.c...

CVE-2021-33448

An issue was discovered in mjsmJS: Restricted JavaScript engine, ES6 JavaScript version 6. There is stack buffer overflow at 0x7fffe9049390...

CVE-2021-33440

An issue was discovered in mjs mJS: Restricted JavaScript engine, ES6 JavaScript version 6. There is NULL pointer dereference in mjsbcodecommit in mjs.c...

CVE-2021-33442

An issue was discovered in mjs mJS: Restricted JavaScript engine, ES6 JavaScript version 6. There is NULL pointer dereference in jsonprintf in mjs.c...

CVE-2021-33437

An issue was discovered in mjs mJS: Restricted JavaScript engine, ES6 JavaScript version 6. There are memory leaks in frozencb in mjs.c...

CVE-2021-33446

An issue was discovered in mjs mJS: Restricted JavaScript engine, ES6 JavaScript version 6. There is NULL pointer dereference in mjsnext in mjs.c...

CVE-2021-33443

An issue was discovered in mjs mJS: Restricted JavaScript engine, ES6 JavaScript version 6. There is stack buffer overflow in mjsexecute in mjs.c...

CVE-2021-33447

An issue was discovered in mjs mJS: Restricted JavaScript engine, ES6 JavaScript version 6. There is NULL pointer dereference in mjsprint in mjs.c...

CVE-2021-33438

An issue was discovered in mjs mJS: Restricted JavaScript engine, ES6 JavaScript version 6. There is stack buffer overflow in jsonparsearray in mjs.c...

CVE-2021-33449

An issue was discovered in mjs mJS: Restricted JavaScript engine, ES6 JavaScript version 6. There is NULL pointer dereference in mjsbcodepartgetbyoffset in mjs.c...