Lucene search
+L

740 matches found

ossf
ossf
added 2026/06/23 3:32 p.m.8 views

Malicious code in mjs-eslint-service (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f7e95cb81c6a1238d751c013def46001948b388083e0d91f7baa5077091ae006 The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...

5.9AI score
Exploits0References2
osv
osv
added 2026/06/23 3:32 p.m.13 views

MAL-2026-6333 Malicious code in mjs-eslint-service (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f7e95cb81c6a1238d751c013def46001948b388083e0d91f7baa5077091ae006 The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...

6.1AI score
Exploits0References2
osv
osv
added 2026/06/19 2:24 p.m.22 views

MAL-2026-6226 Malicious code in new-mjs-eslint (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b4ae24b182a00059424b8ea4800927bbbf662f0e6bf20264af611d37203a3f2e Package is published under the unrelated name 'new-mjs-eslint' but ships a verbatim copy of the big.js decimal-arithmetic library original...

5.9AI score
Exploits0References2
ossf
ossf
added 2026/06/19 2:24 p.m.12 views

Malicious code in new-mjs-eslint (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b4ae24b182a00059424b8ea4800927bbbf662f0e6bf20264af611d37203a3f2e Package is published under the unrelated name 'new-mjs-eslint' but ships a verbatim copy of the big.js decimal-arithmetic library original...

5.9AI score
Exploits0References2
osv
osv
added 2026/06/19 3:59 a.m.9 views

MAL-2026-6190 Malicious code in mjs-eslint-helper (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3320fa37492448acdf24a86f8a8735a3fc4d3b329ad156e299a8089df39e2f28 The package decodes base64 string literals via Buffer.from..., 'base64'.toString and pipes the resulting content into execSync'bash...' and...

6.4AI score
Exploits0References2
ptsecurity
ptsecurity
added 2026/06/18 12:0 a.m.21 views

PT-2026-50733

Name of the Vulnerable Software and Affected Versions piscina versions prior to 6.0.0-rc.2 piscina versions prior to 5.2.0 piscina versions prior to 4.9.3 Description Prototype pollution in the constructor and run paths allows an attacker to control the filename option. When the options object...

8.1CVSS5.9AI score0.00296EPSS
Exploits0References7
osv
osv
added 2026/04/29 10:0 a.m.10 views

MAL-2026-3177 Malicious code in @cap-js/postgres (npm)

Supply chain compromise of legitimate SAP packages published by threat actor "[email protected]" impersonating SAP toolchain maintainers. All four compromised packages share the same fingerprint: setup.mjs 4.4 KB and execution.js 11.1 MB bundled in the tarball, with a preinstall hook of "node...

5.7AI score
Exploits0References2
cve
cve
added 2026/04/28 3:15 a.m.17 views

CVE-2026-7220

The CVE-2026-7220 entry concerns jackwrichards FastlyMCP (fastly_cli Tool) up to commit 6f3d0b0e654fc51076badc7fa16c03c461f95620, affecting fastly-mcp.mjs. The vulnerability arises from manipulation of the command argument, enabling an OS command injection. It can be exploited remotely, and the e...

7.5CVSS5.3AI score0.01338EPSS
Exploits0References5
vulnrichment
vulnrichment
added 2026/04/28 3:15 a.m.5 views

CVE-2026-7220 jackwrichards FastlyMCP fastly_cli Tool fastly-mcp.mjs os command injection

A vulnerability has been found in jackwrichards FastlyMCP up to 6f3d0b0e654fc51076badc7fa16c03c461f95620. This impacts an unknown function of the file fastly-mcp.mjs of the component fastlycli Tool. The manipulation of the argument command leads to os command injection. It is possible to initiate...

7.5CVSS7AI score0.01338EPSS
Exploits0References5
ptsecurity
ptsecurity
added 2026/02/19 12:0 a.m.15 views

PT-2026-21358

Name of the Vulnerable Software and Affected Versions Swiper versions 6.5.1 through 12.1.1 Description Swiper is a free and mobile touch slider with hardware accelerated transitions and native behavior. A prototype pollution issue exists in the shared/utils.mjs file, specifically at line 94, wher...

9.4CVSS5.8AI score0.00397EPSS
Exploits2References16
redhatcve
redhatcve
added 2026/01/09 12:38 p.m.9 views

CVE-2023-29570

Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via mjsfficbfree at src/mjsffi.c. This vulnerability can lead to a Denial of Service DoS...

5.5CVSS7.3AI score0.00287EPSS
Exploits1References1
redhatcve
redhatcve
added 2026/01/09 12:38 p.m.10 views

CVE-2023-29569

Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via fficbimplwpwwwww at src/mjsffi.c. This vulnerability can lead to a Denial of Service DoS...

5.5CVSS7.3AI score0.00276EPSS
Exploits1References1
redhatcve
redhatcve
added 2026/01/09 12:36 p.m.10 views

CVE-2023-49553

An issue in Cesanta mjs 2.20.0 allows a remote attacker to cause a denial of service via the mjsdestroy function in the msj.c file...

7.5CVSS6.8AI score0.00857EPSS
Exploits1References1
redhatcve
redhatcve
added 2026/01/09 12:36 p.m.13 views

CVE-2023-49550

An issue in Cesanta mjs 2.20.0 allows a remote attacker to cause a denial of service via the mjs+0x4ec508 component...

7.5CVSS6.8AI score0.00758EPSS
Exploits1References1
redhatcve
redhatcve
added 2026/01/09 12:35 p.m.10 views

CVE-2023-49549

An issue in Cesanta mjs 2.20.0 allows a remote attacker to cause a denial of service via the mjsgetretvalpos function in the msj.c file...

7.5CVSS6.8AI score0.00758EPSS
Exploits1References1
redhatcve
redhatcve
added 2026/01/09 11:44 a.m.10 views

CVE-2010-0340

SQL injection vulnerability in the MJS Event Pro mjseventpro extension 0.2.1 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors...

7.5CVSS8.9AI score0.01021EPSS
Exploits0References1
redhatcve
redhatcve
added 2026/01/09 11:28 a.m.8 views

CVE-2021-33439

An issue was discovered in mjs mJS: Restricted JavaScript engine, ES6 JavaScript version 6. There is Integer overflow in gccompactstrings in mjs.c...

5.5CVSS7.2AI score0.00302EPSS
Exploits1References1
redhatcve
redhatcve
added 2026/01/09 11:28 a.m.8 views

CVE-2021-33448

An issue was discovered in mjsmJS: Restricted JavaScript engine, ES6 JavaScript version 6. There is stack buffer overflow at 0x7fffe9049390...

5.5CVSS7.4AI score0.00334EPSS
Exploits1References1
redhatcve
redhatcve
added 2026/01/09 11:28 a.m.11 views

CVE-2021-33440

An issue was discovered in mjs mJS: Restricted JavaScript engine, ES6 JavaScript version 6. There is NULL pointer dereference in mjsbcodecommit in mjs.c...

5.5CVSS6.9AI score0.00302EPSS
Exploits1References1
redhatcve
redhatcve
added 2026/01/09 11:28 a.m.9 views

CVE-2021-33442

An issue was discovered in mjs mJS: Restricted JavaScript engine, ES6 JavaScript version 6. There is NULL pointer dereference in jsonprintf in mjs.c...

5.5CVSS6.9AI score0.00302EPSS
Exploits1References1
Rows per page
Query Builder