Lucene search
K

5 matches found

OSV
OSV
added 2026/06/17 12:0 p.m.9 views

MAL-2026-6160 Malicious code in firebase-readability (npm)

The npm package firebase-readability published by npm user sproger, [email protected] is a deceptive React Native component and part of a coordinated 37-package campaign across two attacker-controlled domains surrprisingcoompanny.lol and barbellmate.xyz. On component mount it registers...

5.5AI score
Exploits0References1
CVE
CVE
added 2026/05/14 6:11 p.m.20 views

CVE-2026-44586

SiYuan (desktop) Bazaar marketplace before 3.7.0 renders package author metadata into HTML without escaping, enabling stored XSS. Because Electron windows are created with nodeIntegration: true and contextIsolation: false, a successful payload could access Node.js APIs and run code on the host. A...

8.3CVSS6AI score0.00307EPSS
Exploits0References1
OSV
OSV
added 2025/08/14 6:52 p.m.5 views

MAL-2025-8022 Malicious code in @hishprorg/dolorum-aut (npm)

The package @hishprorg/dolorum-aut was found to contain malicious code...

7.2AI score
Exploits0
Github Security Blog
Github Security Blog
added 2020/06/10 7:40 p.m.44 views

Phar unserialization vulnerability in phpMussel

Impact What kind of vulnerability is it? Who is impacted? Anyone using = v1.0.0 = v1.6.0 the earliest safe version will resolve the problem. However, as multiple new major versions have been released since that version, upgrading to the latest available version is recommended, in order to protect...

9.8CVSS2.4AI score0.02597EPSS
Exploits0References7Affected Software2
Node.js
Node.js
added 2017/03/06 9:27 p.m.49 views

Unsafe eval()

Overview Affected versions of summit allow attackers to execute arbitrary commands via collection names when using the PouchDB driver. Recommendation No direct patch is available at this time. Currently, the best option to mitigate the issue is to avoid using the PouchDB driver, as the package...

7.5CVSS6.3AI score0.02497EPSS
Exploits0Affected Software1
Rows per page
Query Builder