794 matches found
EUVD-2025-144549
Malicious code in augis-pomdoi9r-osaissc npm...
EUVD-2025-144824
Malicious code in vishalpandey npm...
EUVD-2025-112978
Malicious code in halley-cressida-gacrux-hyperion npm...
EUVD-2025-103096
Malicious code in patria-gorengan8-riris npm...
EUVD-2025-87395
Malicious code in zul-dradag47-miaww npm...
EUVD-2025-80011
Malicious code in wittyhare0xrequest npm...
EUVD-2025-70356
Malicious code in fitri-sate14-ruro npm...
EUVD-2025-64793
Malicious code in contemporarysquirrelz3n npm...
EUVD-2025-65141
Malicious code in boredmanateez3n npm...
EUVD-2025-52540
Malicious code in purring-coral-grouse npm...
EUVD-2025-56652
Malicious code in vida-teh63-sluey npm...
CVE-2025-64502 Parse Server allows public `explain` queries which may expose sensitive database performance information and schema details
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. The MongoDB explain method provides detailed information about query execution plans, including index usage, collection scanning behavior, and performance metrics. Prior to version 8.5.0-alpha....
CVE-2025-64502
Parse Server vulnerability CVE-2025-64502 arises from public explain() queries being allowed before the 8.5.0-alpha.5 release. The MongoDB Explain() output can reveal database schema, field names, index configurations, query optimization details, and execution statistics, which could aid targeted...
CVE-2025-64502 Parse Server allows public `explain` queries which may expose sensitive database performance information and schema details
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. The MongoDB explain method provides detailed information about query execution plans, including index usage, collection scanning behavior, and performance metrics. Prior to version 8.5.0-alpha....
EUVD-2025-41929
Malicious code in surya-brongkos49-sluey npm...
EUVD-2025-41059
Malicious code in fauzi-donat87-riris npm...
EUVD-2025-40951
Malicious code in tiara-gembus69-miaww npm...
Astra Linux - уязвимость в thunderbird
Matrix Javascript SDK is the Matrix Client-Server SDK for JavaScript. Prior to version 19.7.0, an attacker cooperating with a malicious homeserver can construct messages appearing to have come from another person. Such messages will be marked with a grey shield on some platforms, but this may be...
Malicious Package
Overview chai-utils is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...
Malicious Package
Overview redirect-zoju4g is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...