Lucene search
K

11 matches found

OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/26 1:42 a.m.10 views

Malicious code in animatecss-postcss-plugin (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6be12cec08d0999c157774b746c3e431825ae61635bb8ddddf36061d4602cec7 [email protected] ships a tiny PostCSS plugin factory whose body contains an obfuscator.io-style string-array + RC4 decoder functions...

5.9AI score
Exploits0References2
OSV
OSV
added 2026/06/26 1:42 a.m.8 views

MAL-2026-6495 Malicious code in animatecss-postcss-plugin (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6be12cec08d0999c157774b746c3e431825ae61635bb8ddddf36061d4602cec7 [email protected] ships a tiny PostCSS plugin factory whose body contains an obfuscator.io-style string-array + RC4 decoder functions...

5.9AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/19 3:0 p.m.10 views

Malicious code in chai-as-attested (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 88e27467366a90f482eb47476458b1f74d5a41ac63371572e527f2e60e4e0b51 Package impersonates a pino-style logger exports module.exports.pino, ships pino-like DEFAULTLEVELS, keywords fast/logger/stream/json but the exporte...

5.9AI score
Exploits0References2
OSV
OSV
added 2026/06/19 3:0 p.m.10 views

MAL-2026-6218 Malicious code in chai-as-attested (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 88e27467366a90f482eb47476458b1f74d5a41ac63371572e527f2e60e4e0b51 Package impersonates a pino-style logger exports module.exports.pino, ships pino-like DEFAULTLEVELS, keywords fast/logger/stream/json but the exporte...

5.9AI score
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.25 views

PT-2026-50147

Name of the Vulnerable Software and Affected Versions Deno versions prior to 2.7.12 Description When running in BYONM mode nodeModulesDir: "manual", the module resolver fails to validate that a package's resolved entrypoint remains within its node modules// directory. A malicious package.json...

5.5CVSS6AI score0.00135EPSS
Exploits1References4
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/13 3:4 a.m.14 views

Malicious code in vite-config-react (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d1f9ee389e1023034a78a4c268db5d48e016565f37b7fb6c514bf095b2dec552 On require/import of the package, the entrypoint chain src/index.js → core/createConfig.js → features/plugins.js side-effect-imports...

6.1AI score
Exploits0References2
OSV
OSV
added 2026/06/13 3:4 a.m.16 views

MAL-2026-5728 Malicious code in vite-config-react (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d1f9ee389e1023034a78a4c268db5d48e016565f37b7fb6c514bf095b2dec552 On require/import of the package, the entrypoint chain src/index.js → core/createConfig.js → features/plugins.js side-effect-imports...

6.2AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/12 7:43 p.m.14 views

Malicious code in vite-plugin-compress-js (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7f7b2710441863a429a2a1833e06f54e9afc23c87d1b40d7ee09e1995c6a65c2 On module load, this Vite plugin performs an HTTP GET to https://www.jsonkeeper.com/b/XVHGD an anonymous, mutable paste host and passes the response'...

6AI score
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/04/22 12:0 a.m.26 views

PT-2026-34613

Name of the Vulnerable Software and Affected Versions Nuclei versions 3.0.0 through 3.7.9 Description A flaw in the JavaScript protocol runtime's module loading system allows JavaScript templates to read local .js and .json files from the host filesystem. This occurs because the require function...

5.5CVSS5.8AI score0.00114EPSS
Exploits0References11
Snyk
Snyk
added 2025/10/10 8:41 p.m.5 views

Arbitrary Code Injection

Overview org.webjars.npm:happy-dom is a Happy DOM is a JavaScript implementation of a web browser without its graphical user interface. It includes many web standards from WHATWG DOM and HTML. Affected versions of this package are vulnerable to Arbitrary Code Injection due to default evaluation o...

9CVSS7.8AI score0.00599EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/08/13 12:0 a.m.5 views

OcoMon 安全漏洞

OcoMon is a helpdesk system by the individual developer Rafael Foster. It is designed to manage integrated inventory control that supports tickets and computing devices. A security vulnerability exists in OcoMon version 4.0, which stems from unknown handling of the file...

6.9CVSS4.6AI score0.00417EPSS
Exploits0References6
Rows per page
Query Builder