Lucene search
K

17 matches found

OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/09 4:7 p.m.11 views

Malicious code in @0xlr/prisma-client-js (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b993c29d90c2ecfffaa9ed55b99c38e5351052e619b79ad2a385d6c72376f0f4 On npm install, postinstall.js enumerates all of process.env, collects hostname, username, homedir, cwd, argv, platform/arch/release, memory and CPU...

5.5AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/26 8:46 a.m.15 views

Malicious code in react-json-chalk (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1a2b0f9e236c71a3da2c36dd19a90a0a3e096503e79754d25ce2a13eb5d72d77 The package is published as react-json-chalk but its main entry pino.js impersonates the pino logger homepage https://getpino.io, bundled pino source...

6AI score
Exploits0References3
OSV
OSV
added 2026/05/26 8:46 a.m.12 views

MAL-2026-4792 Malicious code in react-json-chalk (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1a2b0f9e236c71a3da2c36dd19a90a0a3e096503e79754d25ce2a13eb5d72d77 The package is published as react-json-chalk but its main entry pino.js impersonates the pino logger homepage https://getpino.io, bundled pino source...

6AI score
Exploits0References3
OSV
OSV
added 2026/05/23 3:47 a.m.6 views

MAL-2026-4415 Malicious code in @onerjs/smart-filters-blocks (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e772d7a844409df378591a5a587c7cc8045e0ec0e8cb493912f0da8fa594c169 This package is published as @onerjs/smart-filters-blocks but its README, repository URL git+https://github.com/BabylonJS/Babylon.js.git, description...

5.8AI score
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/01/09 11:25 a.m.5 views

CVE-2021-28114

Froala WYSIWYG Editor 3.2.6-1 is affected by XSS due to a namespace confusion during parsing...

5.4CVSS6AI score0.52037EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2021-1491

Malware in sbrugna...

5.4CVSS5.4AI score0.52037EPSS
Exploits0References5
Veracode
Veracode
added 2024/12/12 10:14 a.m.12 views

Cross Site Scripting

rails-html-sanitizer is vulnerable to Cross Site Scripting. The vulnerability is due to improper handling of namespaced elements in math or svg contexts due to a lack of checks for namespace-specific tags, which can lead to namespace confusion andallows attackers to exploit this by injecting...

6.1CVSS6.5AI score0.00462EPSS
Exploits0References3Affected Software1
The Hacker News
The Hacker News
added 2022/10/13 12:0 p.m.36 views

New Timing Attack Against NPM Registry API Could Expose Private Packages

A novel timing attack discovered against the npm's registry API can be exploited to potentially disclose private packages used by organizations, putting developers at risk of supply chain threats. "By creating a list of possible package names, threat actors can detect organizations' scoped privat...

0.5AI score
Exploits0
OSV
OSV
added 2021/07/19 9:21 p.m.45 views

GHSA-RR6V-H7M8-WC9F Cross-site Scripting in Froala WYSIWYG Editor

Froala WYSIWYG Editor 3.2.6-1 is affected by XSS due to a namespace confusion during parsing...

5.4CVSS5.2AI score0.52037EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2021/07/19 9:21 p.m.74 views

Cross-site Scripting in Froala WYSIWYG Editor

Froala WYSIWYG Editor 3.2.6-1 is affected by XSS due to a namespace confusion during parsing...

5.4CVSS1.8AI score0.52037EPSS
Exploits0References4Affected Software1
NVD
NVD
added 2021/07/16 1:15 p.m.22 views

CVE-2021-28114

Froala WYSIWYG Editor 3.2.6-1 is affected by XSS due to a namespace confusion during parsing...

5.4CVSS0.52037EPSS
Exploits0References3
OSV
OSV
added 2021/07/16 1:15 p.m.18 views

CVE-2021-28114

Froala WYSIWYG Editor 3.2.6-1 is affected by XSS due to a namespace confusion during parsing...

5.4CVSS5.9AI score
Exploits0References3
Prion
Prion
added 2021/07/16 1:15 p.m.13 views

Type confusion

Froala WYSIWYG Editor 3.2.6-1 is affected by XSS due to a namespace confusion during parsing...

3.5CVSS5.2AI score0.52037EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2021/07/16 12:16 p.m.66 views

CVE-2021-28114

CVE-2021-28114 affects Froala WYSIWYG Editor 3.2.6-1 with an XSS flaw caused by a namespace confusion during parsing. Red Hat, CNVD, OSV, and others report the issue and, in CNVD, an attacker could obtain an administrator cookie. The initial entry provides the vulnerability description and CVSS m...

5.4CVSS5.2AI score0.52037EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2021/07/16 12:16 p.m.19 views

CVE-2021-28114

Froala WYSIWYG Editor 3.2.6-1 is affected by XSS due to a namespace confusion during parsing...

5.4AI score0.52037EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2021/06/03 12:0 a.m.5 views

PT-2021-17750 · Froala · Froala Wysiwyg Editor

Name of the Vulnerable Software and Affected Versions: Froala WYSIWYG Editor version 3.2.6-1 Description: The issue is related to a namespace confusion during parsing, which leads to a cross-site scripting XSS problem. Recommendations: For Froala WYSIWYG Editor version 3.2.6-1, update to a versio...

5.4CVSS5.2AI score0.52037EPSS
Exploits0References12
0day.today
0day.today
added 2010/12/15 12:0 a.m.20 views

Internet Explorer 8 CSS Parser Exploit

Exploit for windows platform in category remote exploits ====================================== Internet Explorer 8 CSS Parser Exploit ====================================== !/usr/bin/env ruby Source: http://www.breakingpointsystems.com/community/blog/ie-vulnerability/ Author: Nephi Johnson...

7.1AI score
Exploits0
Rows per page
Query Builder