Malicious code in node-denv (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1b0701ad772209918c78eb4d038cce43946517f3558cbec1988c121c115a641d node-denv presents itself as a pino-compatible logging middleware index.js exports module.exports.pino = middleware and mimics pino's option shape...

PT-2026-41672

Offline Hospital Management System 5.3.0 allows remote code execution due to an improper Electron renderer configuration. The application enables Node.js integration while disabling context isolation, allowing JavaScript executed in the renderer process to access Node.js APIs and execute arbitrar...

📄 Termius 9.9.0 Remote Code Execution

This Metasploit module demonstrates a remote code execution vulnerability in the Termius Electron application caused by an exposed symbol in the global JavaScript Symbol Registry. By accessing a shared Symbol.for key that unintentionally references preloaded Node.js modules, attacker-controlled...

PT-2023-20508 · Unknown · Keep-Module-Latest

Name of the Vulnerable Software and Affected Versions: keep-module-latest versions all Description: The issue arises due to missing input sanitization or other checks and sandboxes being employed to the installModule function, leading to Command Injection. To potentially exploit this, an attacker...