Lucene search
K

24 matches found

OSV
OSV
added 2026/05/07 3:38 p.m.7 views

GHSA-2XX6-QF7X-GRQH next-npm-version is vulnerable to Command injection

NPM package next-npm-version1.0.1 is vulnerable to Command injection...

9.8CVSS5.8AI score0.01523EPSS
Exploits0References5
vulnersOsv
vulnersOsv
added 2026/04/17 10:15 p.m.9 views

@agentholdings/agent-passport (>=0.1.0 <=0.1.5), @chrysb/alphaclaw (>=0.8.3 <=0.9.0-beta.7) +14 more potentially affected by CVE-2026-42433 via openclaw (>=0.0.1 <=2026.4.1)

openclaw NPM version =0.0.1, =0.1.0, =0.8.3, =0.1.0, =2026.3.25, =2026.3.24-3, =0.14.39, =0.1.1, =2.0.1, =0.0.7, =0.14.6, =0.1.0, =0.1.5 - tokaroo-openclaw-provider =0.1.1 and more Source cves: CVE-2026-42433 Source advisory: OSV:GHSA-7JP6-R74R-995Q...

7.1CVSS5.4AI score0.00295EPSS
Exploits0
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2021-1573

Malware in sbrugna...

8.6CVSS7.8AI score0.01263EPSS
Exploits0References12
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2021-1849

Malware in sbrugna...

8.6CVSS7.1AI score0.0185EPSS
Exploits0References28
OSV
OSV
added 2025/06/19 3:22 p.m.5 views

MAL-2025-5261 Malicious code in drivers-kit (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 0ba30922790421a31176c5d094f9244d7e2c5aefa5a38c9506763c5adb863f66 Any computer that has this package installed or running should be considered...

7AI score
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/05/23 4:41 a.m.9 views

CVE-2023-39655

A host header injection vulnerability exists in the NPM package @perfood/couch-auth versions = 0.20.0. By sending a specially crafted host header in the forgot password request, it is possible to send password reset links to users which, once clicked, lead to an attacker-controlled server and thu...

9.6CVSS7.2AI score0.00521EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/22 5:11 p.m.3 views

CVE-2020-8147

Flaw in input validation in npm package utils-extend version 1.0.8 and earlier may allow prototype pollution attack that may result in remote code execution or denial of service of applications using utils-extend...

9.8CVSS7.8AI score0.03149EPSS
Exploits1References1
OSV
OSV
added 2025/05/12 6:40 a.m.10 views

MAL-2025-3748 Malicious code in @myop/cli (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 1cedbfe96e39f9d1720d4568325348b54f9806c883baab188675958573a2f34b Withdrawn Advisory This advisory has been withdrawn because @myop/cli is not malware. This link is maintained to preserve external references. Original...

7AI score
Exploits0References2
OSV
OSV
added 2025/05/11 8:53 a.m.4 views

MAL-2025-3739 Malicious code in gear-idea-indexer-db (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 0e4383fa116dab4a076fef8694ef177acb72f5e46038222fdc48e6339dc84a6b Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7.2AI score
Exploits0References1
OSV
OSV
added 2025/03/28 8:55 a.m.4 views

MAL-2025-2783 Malicious code in riskchallengeserv-paypal (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 7da27f27f9efcf0b2d496e909e97771157cccea447420e5fb908ed4e912fcce6 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI score
Exploits0References3
OSV
OSV
added 2025/03/25 7:16 a.m.4 views

MAL-2025-2706 Malicious code in sf-intl-sn-prod (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware bb4cc33212e001bc0af0440f49eb0c52cdc0ad223eba555c5cb2afaa9931e5c3 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI score
Exploits0References3
OSV
OSV
added 2025/03/14 1:23 a.m.4 views

MAL-2025-2410 Malicious code in request-draft-ui (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware e20e7c9b27e44bc6a2f406fc1638d5949e6a8ff79801714031432723b004872d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI score
Exploits0References3
OSV
OSV
added 2025/02/22 5:7 p.m.8 views

MAL-2025-1517 Malicious code in quickwit-ui (npm)

This package runs commands on import that exfils sensitive data to a attacker-controlled domain. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ac59f539efc4d8596e823182d97cdc7a461e965894dec0aabb807585cd5c92ea Any computer that has this package installed or running...

7.1AI score
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/12 12:32 a.m.7 views

CVE-2024-57177

A host header injection vulnerability exists in the NPM package of perfood/couch-auth = 0.21.2. By sending a specially crafted host header in the email change confirmation request, it is possible to trigger a SSTI which can be leveraged to run limited commands or leak server-side information...

7.3CVSS7.2AI score0.00293EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/02/10 12:0 a.m.9 views

CVE-2024-57177

A host header injection vulnerability exists in the NPM package of perfood/couch-auth = 0.21.2. By sending a specially crafted host header in the email change confirmation request, it is possible to trigger a SSTI which can be leveraged to run limited commands or leak server-side information...

0.00293EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/01/13 12:0 a.m.6 views

CVE-2023-46942

Lack of authentication in NPM's package @evershop/evershop before version 1.0.0-rc.8, allows remote attackers to obtain sensitive information via improper authorization in GraphQL endpoints...

7.5AI score0.00732EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2022/04/06 12:1 a.m.29 views

Incorrect protocol extraction via \r, \n and \t characters

\r, \n and \t characters in user-input URLs can potentially lead to incorrect protocol extraction when using npm package urijs prior to version 1.19.11. This can lead to XSS when the module is used to prevent passing in malicious javascript: links into HTML or Javascript see following example:...

7.2CVSS1.5AI score0.00663EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2021/04/12 7:1 p.m.60 views

Command Injection in macfromip

All versions of npm package macfromip are affected by a command injection vulnerability. The injection point is located in line 66 in macfromip.js...

9.8CVSS9.3AI score0.02046EPSS
Exploits1References4Affected Software1
Debian CVE
Debian CVE
added 2021/01/13 12:0 a.m.26 views

CVE-2021-21252

The jQuery Validation Plugin provides drop-in validation for your existing forms. It is published as an npm package "jquery-validation". jquery-validation before version 1.19.3 contains one or more regular expressions that are vulnerable to ReDoS Regular Expression Denial of Service. This is fixe...

7.5CVSS5.2AI score0.03532EPSS
Exploits0
Prion
Prion
added 2020/11/23 9:15 p.m.25 views

Code injection

Insufficient RegEx in private-ip npm package v1.0.5 and below insufficiently filters reserved IP ranges resulting in indeterminate SSRF. An attacker can perform a large range of requests to ARIN reserved IP ranges, resulting in an indeterminable number of critical attack vectors, allowing remote...

7.5CVSS9.7AI score0.02949EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder