Lucene search
K

45 matches found

vulnersOsv
vulnersOsv
added 2026/05/07 4:7 a.m.7 views

org.webjars.npm:degenerator (=4.0.4), org.webjars.npm:pac-resolver (=6.0.2) +1 more potentially affected by CVE-2026-44005 via org.webjars.npm:vm2 (=3.9.19)

org.webjars.npm:vm2 MAVEN version =3.9.19 is affected by a known vulnerability. The following packages have a transitive dependency on org.webjars.npm:vm2 and may be impacted: - org.webjars.npm:degenerator =4.0.4 - org.webjars.npm:pac-resolver =6.0.2 - org.webjars.npm:rocket.chatapps-engine =1.35...

10CVSS6AI score0.00842EPSS
Exploits1
vulnersOsv
vulnersOsv
added 2026/05/07 4:0 a.m.7 views

org.webjars.npm:degenerator (=4.0.4), org.webjars.npm:pac-resolver (=6.0.2) +1 more potentially affected by CVE-2026-43997 via org.webjars.npm:vm2 (=3.9.19)

org.webjars.npm:vm2 MAVEN version =3.9.19 is affected by a known vulnerability. The following packages have a transitive dependency on org.webjars.npm:vm2 and may be impacted: - org.webjars.npm:degenerator =4.0.4 - org.webjars.npm:pac-resolver =6.0.2 - org.webjars.npm:rocket.chatapps-engine =1.35...

10CVSS6AI score0.00976EPSS
Exploits1
vulnersOsv
vulnersOsv
added 2026/05/07 3:54 a.m.12 views

org.webjars.npm:degenerator (=4.0.4), org.webjars.npm:pac-resolver (=6.0.2) +1 more potentially affected by CVE-2026-44006 via org.webjars.npm:vm2 (=3.9.19)

org.webjars.npm:vm2 MAVEN version =3.9.19 is affected by a known vulnerability. The following packages have a transitive dependency on org.webjars.npm:vm2 and may be impacted: - org.webjars.npm:degenerator =4.0.4 - org.webjars.npm:pac-resolver =6.0.2 - org.webjars.npm:rocket.chatapps-engine =1.35...

10CVSS6AI score0.00815EPSS
Exploits1
vulnersOsv
vulnersOsv
added 2026/05/04 6:27 p.m.14 views

org.webjars.npm:degenerator (=4.0.4), org.webjars.npm:pac-resolver (=6.0.2) +1 more potentially affected by CVE-2026-24781 via org.webjars.npm:vm2 (=3.9.19)

org.webjars.npm:vm2 MAVEN version =3.9.19 is affected by a known vulnerability. The following packages have a transitive dependency on org.webjars.npm:vm2 and may be impacted: - org.webjars.npm:degenerator =4.0.4 - org.webjars.npm:pac-resolver =6.0.2 - org.webjars.npm:rocket.chatapps-engine =1.35...

9.8CVSS6AI score0.01186EPSS
Exploits1
vulnersOsv
vulnersOsv
added 2026/05/04 6:27 p.m.8 views

org.webjars.npm:degenerator (=4.0.4), org.webjars.npm:pac-resolver (=6.0.2) +1 more potentially affected by CVE-2026-26332 via org.webjars.npm:vm2 (=3.9.19)

org.webjars.npm:vm2 MAVEN version =3.9.19 is affected by a known vulnerability. The following packages have a transitive dependency on org.webjars.npm:vm2 and may be impacted: - org.webjars.npm:degenerator =4.0.4 - org.webjars.npm:pac-resolver =6.0.2 - org.webjars.npm:rocket.chatapps-engine =1.35...

10CVSS6AI score0.0071EPSS
Exploits1
vulnersOsv
vulnersOsv
added 2026/05/04 6:27 p.m.5 views

org.webjars.npm:degenerator (=4.0.4), org.webjars.npm:pac-resolver (=6.0.2) +1 more potentially affected by CVE-2026-26956 via org.webjars.npm:vm2 (=3.9.19)

org.webjars.npm:vm2 MAVEN version =3.9.19 is affected by a known vulnerability. The following packages have a transitive dependency on org.webjars.npm:vm2 and may be impacted: - org.webjars.npm:degenerator =4.0.4 - org.webjars.npm:pac-resolver =6.0.2 - org.webjars.npm:rocket.chatapps-engine =1.35...

9.8CVSS6AI score0.00921EPSS
Exploits1
vulnersOsv
vulnersOsv
added 2026/05/04 4:29 p.m.8 views

org.webjars.npm:degenerator (=4.0.4), org.webjars.npm:pac-resolver (=6.0.2) +1 more potentially affected by CVE-2026-24118 via org.webjars.npm:vm2 (=3.9.19)

org.webjars.npm:vm2 MAVEN version =3.9.19 is affected by a known vulnerability. The following packages have a transitive dependency on org.webjars.npm:vm2 and may be impacted: - org.webjars.npm:degenerator =4.0.4 - org.webjars.npm:pac-resolver =6.0.2 - org.webjars.npm:rocket.chatapps-engine =1.35...

9.8CVSS6AI score0.00917EPSS
Exploits1
vulnersOsv
vulnersOsv
added 2026/01/26 6:57 p.m.8 views

org.webjars.npm:degenerator (=4.0.4), org.webjars.npm:pac-resolver (=6.0.2) +1 more potentially affected by CVE-2026-22709 via org.webjars.npm:vm2 (=3.9.19)

org.webjars.npm:vm2 MAVEN version =3.9.19 is affected by a known vulnerability. The following packages have a transitive dependency on org.webjars.npm:vm2 and may be impacted: - org.webjars.npm:degenerator =4.0.4 - org.webjars.npm:pac-resolver =6.0.2 - org.webjars.npm:rocket.chatapps-engine =1.35...

10CVSS7.4AI score0.01222EPSS
Exploits1
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2021-2025

Malware in sbrugna...

9.8CVSS9.4AI score0.02863EPSS
Exploits1References8
IBM Security Bulletins
IBM Security Bulletins
added 2021/11/09 6:16 p.m.24 views

Security Bulletin: A security vulnerability in Node.js pac-resolver module affects IBM Cloud Pak for Multicloud Management Managed Services

Summary A security vulnerability in Node.js pac-resolver module affects IBM Cloud Pak for Multicloud Management Managed Services. Vulnerability Details CVEID: CVE-2021-23406 DESCRIPTION: Node.js pac-resolver module could allow a remote attacker to execute arbitrary code on the system, caused by a...

9.8CVSS1.9AI score0.02863EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/10/20 10:28 a.m.20 views

Security Bulletin: IBM App Connect Enterprise Certified Container Integration Servers may be vulnerable to code injection due to CVE-2021-23406

Summary IBM App Connect Enterprise Certified Container Integration Servers may be vulnerable to code injection due to CVE-2021-23406 Vulnerability Details CVEID: CVE-2021-23406 DESCRIPTION: Node.js pac-resolver module could allow a remote attacker to execute arbitrary code on the system, caused b...

9.8CVSS1.7AI score0.02863EPSS
Exploits1Affected Software1
Node.js
Node.js
added 2021/09/20 6:55 p.m.59 views

Code Injection

Overview In pac-resolver before 5.0.0 code-injection can occur when used with untrusted input, due to unsafe PAC file handling. Recommendation Upgrade to version 5.0.0 or later References - CVE - GitHub Advisory - Article...

7.5CVSS3.3AI score0.02863EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/09/16 6:12 p.m.24 views

Security Bulletin: A security vulnerability in Node.js pac-resolver module affects IBM Cloud Automation Manager

Summary A security vulnerability in Node.js pac-resolver module affects IBM Cloud Automation Manager. Vulnerability Details CVEID: CVE-2021-23406 DESCRIPTION: Node.js pac-resolver module could allow a remote attacker to execute arbitrary code on the system, caused by an unsafe PAC file handling. ...

9.8CVSS2.4AI score0.02863EPSS
Exploits1Affected Software1
The Hacker News
The Hacker News
added 2021/09/13 1:48 p.m.40 views

Critical Bug Reported in NPM Package With Millions of Downloads Weekly

A widely used NPM package called 'Pac-Resolver' for the JavaScript programming language has been remediated with a fix for a high-severity remote code execution vulnerability that could be abused to run malicious code inside Node.js applications whenever HTTP requests are sent. The flaw, tracked ...

9.8CVSS9.2AI score0.02863EPSS
Exploits1
OSV
OSV
added 2021/09/02 5:10 p.m.23 views

GHSA-9J49-MFVP-VMHM Code Injection in pac-resolver

This affects the package pac-resolver before 5.0.0. This can occur when used with untrusted input, due to unsafe PAC file handling. NOTE: The fix for this vulnerability is applied in the node-degenerator library, a dependency written by the same maintainer...

8.1CVSS9.3AI score0.02863EPSS
Exploits1References7
vulnersOsv
vulnersOsv
added 2021/09/02 5:10 p.m.3 views

7ghost (>=4.11.0 <=4.11.46), @0x18b2ee/parse-server (>=3.10.1 <=3.11.0) +3383 more potentially affected by CVE-2021-23406 via pac-resolver (>=1.2.6 <=4.2.0)

pac-resolver NPM version =1.2.6, =4.11.0, =3.10.1, =0.1.0, =0.1.0, =0.0.1, =1.6.1, =0.0.1, =1.4.1, =0.2.2, =0.2.2, =0.0.1, =0.1.2 - @adaptcharm/email =1.1.1 and more Source cves: CVE-2021-23406 Source advisory: OSV:GHSA-9J49-MFVP-VMHM...

9.8CVSS7.5AI score0.02863EPSS
Exploits1
Github Security Blog
Github Security Blog
added 2021/09/02 5:10 p.m.49 views

Code Injection in pac-resolver

This affects the package pac-resolver before 5.0.0. This can occur when used with untrusted input, due to unsafe PAC file handling. NOTE: The fix for this vulnerability is applied in the node-degenerator library, a dependency written by the same maintainer...

9.8CVSS2.4AI score0.02863EPSS
Exploits1References7Affected Software2
RedhatCVE
RedhatCVE
added 2021/08/26 5:0 p.m.41 views

CVE-2021-23406

A flaw was found in nodejs-pac-resolver. A remote code execution can occur with untrusted input, due to unsafe PAC file handling. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability...

9.8CVSS3.1AI score0.02863EPSS
Exploits1References6
NVD
NVD
added 2021/08/24 8:15 a.m.13 views

CVE-2021-23406

This affects the package pac-resolver before 5.0.0. This can occur when used with untrusted input, due to unsafe PAC file handling. NOTE: The fix for this vulnerability is applied in the node-degenerator library, a dependency written by the same maintainer...

9.8CVSS0.02863EPSS
Exploits1References5
Prion
Prion
added 2021/08/24 8:15 a.m.16 views

Input validation

This affects the package pac-resolver before 5.0.0. This can occur when used with untrusted input, due to unsafe PAC file handling. NOTE: The fix for this vulnerability is applied in the node-degenerator library, a dependency written by the same maintainer...

7.5CVSS9.4AI score0.02863EPSS
Exploits1References5Affected Software1
Rows per page
Query Builder