Lucene search
K

136 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2025/07/14 4:49 p.m.3 views

Security Bulletin: Using untrusted strings with .replace on Babel-compiled regex named capturing groups can lead to performance degradation, which affects IBM watsonx.data

Summary Babel is a compiler for writing next generation JavaScript. When using versions of Babel prior to 7.26.10 and 8.0.0-alpha.17 to compile regular expression named capturing groups, Babel will generate a polyfill for the .replace method that has quadratic complexity on some specific...

6.2CVSS7AI score0.00478EPSS
Exploits0Affected Software1
Tenable Nessus
Tenable Nessus
added 2025/06/25 12:0 a.m.4 views

SUSE SLES15 / openSUSE 15 Security Update : ghc-pandoc (SUSE-SU-2025:02037-1)

The remote SUSE Linux SLES15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2025:02037-1 advisory. - CVE-2024-38526: Fixed Polyfill Supply Chain Attack bsc1227690. Tenable has extracted the preceding description block directly from the...

7.2CVSS8.3AI score0.03832EPSS
Exploits0References4
OSV
OSV
added 2025/06/23 10:41 p.m.5 views

GHSA-H7CP-R72F-JXH6 pbkdf2 returns predictable uninitialized/zero-filled memory for non-normalized or unimplemented algos

Summary This affects both: 1. Unsupported algos e.g. sha3-256 / sha3-512 / sha512-256 2. Supported but non-normalized algos e.g. Sha256 / Sha512 / SHA1 / sha-1 / sha-256 / sha-512 All of those work correctly in Node.js, but this polyfill silently returns highly predictable ouput Under Node.js onl...

9.1CVSS6.3AI score0.00359EPSS
Exploits0References5
OpenVAS
OpenVAS
added 2025/06/23 12:0 a.m.6 views

openSUSE Security Advisory (SUSE-SU-2025:02037-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.2CVSS9.5AI score0.03832EPSS
Exploits0References4
OSV
OSV
added 2025/06/20 9:40 a.m.3 views

SUSE-SU-2025:02037-1 Security update for ghc-pandoc

This update for ghc-pandoc fixes the following issues: - CVE-2024-38526: Fixed Polyfill Supply Chain Attack bsc1227690...

7.2CVSS5.8AI score0.03832EPSS
Exploits0References3
Snyk
Snyk
added 2025/06/13 2:8 p.m.1 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the addPortlet.polyfill.js process. An attacker can execute arbitrary HTML or JavaScript code in the context of a user's browser by editing preference menu heading messages that are rendered without proper...

8.5CVSS5.6AI score0.0035EPSS
Exploits1References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/06/10 3:14 a.m.3 views

Malicious code in media-recorder-polyfill (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 4a0ea0109d577f9df113fa325e2972e99d701b2a51a9453305c09381bd93d902 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.9AI score
Exploits0References3
OSV
OSV
added 2025/06/10 3:14 a.m.2 views

MAL-2025-4850 Malicious code in media-recorder-polyfill (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 4a0ea0109d577f9df113fa325e2972e99d701b2a51a9453305c09381bd93d902 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI score
Exploits0References3
OSV
OSV
added 2025/05/19 8:0 a.m.4 views

MAL-2025-3992 Malicious code in feast-polyfill (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f88382c749d318e08be547eac655736cdeb1c86d92ae6ab6dd46e489e668c86f Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/05/19 8:0 a.m.3 views

Malicious code in feast-polyfill (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f88382c749d318e08be547eac655736cdeb1c86d92ae6ab6dd46e489e668c86f Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.9AI score
Exploits0References3
OSV
OSV
added 2025/04/03 5:36 a.m.6 views

MAL-2025-3126 Malicious code in whatwg-node-fetch-polyfill (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a1f59eebf54f348e9ae3e94af39368c59899516438f8b029e4db2d91f075ac95 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI score
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/03/14 3:56 p.m.15 views

CVE-2025-27789

Babel is a compiler for writing next generation JavaScript. When using versions of Babel prior to 7.26.10 and 8.0.0-alpha.17 to compile regular expression named capturing groups, Babel will generate a polyfill for the .replace method that has quadratic complexity on some specific replacement...

6.2CVSS6.2AI score0.00478EPSS
Exploits0References1
OSV
OSV
added 2025/03/11 8:15 p.m.7 views

UBUNTU-CVE-2025-27789

Babel is a compiler for writing next generation JavaScript. When using versions of Babel prior to 7.26.10 and 8.0.0-alpha.17 to compile regular expression named capturing groups, Babel will generate a polyfill for the .replace method that has quadratic complexity on some specific replacement...

6.2CVSS6.5AI score0.00478EPSS
Exploits0References4
OSV
OSV
added 2025/03/11 7:9 p.m.4 views

CVE-2025-27789 Inefficient RexExp complexity in generated code with .replace when transpiling named capturing groups

Babel is a compiler for writing next generation JavaScript. When using versions of Babel prior to 7.26.10 and 8.0.0-alpha.17 to compile regular expression named capturing groups, Babel will generate a polyfill for the .replace method that has quadratic complexity on some specific replacement...

6.2CVSS6.9AI score0.00478EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/03/11 7:9 p.m.12 views

CVE-2025-27789 Inefficient RexExp complexity in generated code with .replace when transpiling named capturing groups

Babel is a compiler for writing next generation JavaScript. When using versions of Babel prior to 7.26.10 and 8.0.0-alpha.17 to compile regular expression named capturing groups, Babel will generate a polyfill for the .replace method that has quadratic complexity on some specific replacement...

6.2CVSS6.3AI score0.00478EPSS
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2024/12/09 3:12 a.m.2 views

Malicious code in nodes-polyfill-webpack-plugin (npm)

--- -= Per source details. Do not edit below this line.=-...

7AI score
Exploits0
OSV
OSV
added 2024/12/09 3:12 a.m.3 views

MAL-2024-11408 Malicious code in nodes-polyfill-webpack-plugin (npm)

--- -= Per source details. Do not edit below this line.=-...

7.1AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2024/12/09 3:10 a.m.4 views

Malicious code in node-polyfill-webpack-plugins (npm)

--- -= Per source details. Do not edit below this line.=-...

7AI score
Exploits0
OSV
OSV
added 2024/12/09 3:10 a.m.3 views

MAL-2024-11407 Malicious code in node-polyfill-webpack-plugins (npm)

--- -= Per source details. Do not edit below this line.=-...

7.1AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2024/09/18 8:41 p.m.4 views

Malicious code in bsc-stdlib-polyfill (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis df99335a79394c76ec65c4c11bd937510961ba93b67e631d560753ab61a735b6 The OpenSSF Package Analysis project identified 'bsc-stdlib-polyfill' @ 0.0.1 npm as malicious. It is considered malicious because: - The packag...

6.9AI score
Exploits0
Rows per page
Query Builder