@ids-sandbox/npm-test (>=0.0.1 <=0.0.6), ids-enterprise (>=4.67.0 <=4.68.6) +1 more potentially affected by unknown CVE via ids-css (=1.5.0)

ids-css NPM version =1.5.0 is affected by a known vulnerability. The following packages have a transitive dependency on ids-css and may be impacted: - @ids-sandbox/npm-test =0.0.1, =4.67.0, =14.3.1, =17.2.1-dev.20240108 Source cves: unknown CVE Source advisory: OSV:MAL-2025-191106...

EUVD-2025-178600

Malicious code in hash-char-new-alert-sandbox npm...

EUVD-2025-37078

Malicious code in epic-web-payment-management-sandbox npm...

Malicious code in sandbox-report-cat-orchestrate-orchestrate (npm)

The package sandbox-report-cat-orchestrate-orchestrate was found to contain malicious code...

Arbitrary Code Execution

Overview sandbox is a nifty javascript sandbox for node.js. Affected versions of this package are vulnerable to Arbitrary Code Execution through this.constructor.constructor. An attacker can execute arbitrary code in the system by evaluating payloads that have access to the main context, such as...