Lucene search
K

14 matches found

OSV
OSV
added 2026/06/22 6:16 p.m.3 views

DEBIAN-CVE-2026-49356

Babel is a compiler for writing next generation JavaScript. Prior to 8.0.0-rc.6 and 7.29.6, @babel/core affected by an arbitrary file read via a sourceMappingURL comment. Using @babel/core to compile maliciously crafted code can allow an attacker to read any source map from the system that is...

3.6CVSS6AI score0.00116EPSS
Exploits0References1
NVD
NVD
added 2026/06/22 6:16 p.m.9 views

CVE-2026-49356

Babel is a compiler for writing next generation JavaScript. Prior to 8.0.0-rc.6 and 7.29.6, @babel/core affected by an arbitrary file read via a sourceMappingURL comment. Using @babel/core to compile maliciously crafted code can allow an attacker to read any source map from the system that is...

3.6CVSS0.00116EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/22 4:7 p.m.30 views

CVE-2026-49356 Babel: Arbitrary File Read via sourceMappingURL Comment in @babel/core

Babel is a compiler for writing next generation JavaScript. Prior to 8.0.0-rc.6 and 7.29.6, @babel/core affected by an arbitrary file read via a sourceMappingURL comment. Using @babel/core to compile maliciously crafted code can allow an attacker to read any source map from the system that is...

3.2CVSS0.00116EPSS
Exploits0References1
CVE
CVE
added 2026/06/22 4:7 p.m.64 views

CVE-2026-49356

CVE-2026-49356 affects @babel/core (Babel) prior to versions 8.0.0-rc.6 and 7.29.6. The issue allows an arbitrary file read via a sourceMappingURL comment in the input code, enabling reading of source maps from the system running Babel when the attacker controls the input source code and knows th...

3.6CVSS6AI score0.00116EPSS
Exploits0References1Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/15 5:14 p.m.102 views

@babel/core: Arbitrary File Read via sourceMappingURL Comment

Impact Using @babel/core to compile maliciously crafted code can allow ab attacker to read any source map from the system that is running Babel, if these conditions are all true: - the attacker controls the input source code - the attacker can read the output source code - the attacker knows the...

3.6CVSS5.3AI score0.00116EPSS
Exploits0References3Affected Software1
CNNVD
CNNVD
added 2026/05/26 12:0 a.m.10 views

Bugsink 安全漏洞

Bugsink is an open-source, self-hosted bug tracking software developed by Bugsink. Versions of Bugsink prior to 2.2.0 contained security vulnerabilities. These vulnerabilities stemmed from the source mapping and debugging file searching mechanisms, which did not limit the scope of the projects. A...

4.3CVSS5.8AI score0.00178EPSS
Exploits0References2
Gitee
Gitee
added 2025/09/13 8:20 a.m.82 views

browserify-sourcemap-poc

This is a proof-of-concept repository for browserify source mapping. The repository contains a index.js file that reads the contents of three JavaScript files foo.js, bar.js, and sub/foo.js and creates a source map for each file. The source map is then used to map the original source code to the...

7AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2025/08/18 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2021-23382

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The package postcss before 8.2.13 are vulnerable to Regular Expression Denial of Service ReDoS via getAnnotationURL and loadAnnotation in lib/previous-map.js. T...

7.5CVSS6.7AI score0.02508EPSS
Exploits1References2
CNNVD
CNNVD
added 2024/09/10 12:0 a.m.5 views

IBM OpenPages 安全漏洞

IBM OpenPages is an AI-driven, highly scalable governance, risk and compliance GRC solution from International Business Machines IBM. A security vulnerability exists in IBM OpenPages versions 8.3 and 9.0 that stems from the potential to disclose information about client source code to unauthorize...

4.3CVSS6.4AI score0.00304EPSS
Exploits0References3
OSV
OSV
added 2023/06/02 5:15 p.m.2 views

CVE-2023-29540

Using a redirect embedded into sourceMappingUrls could allow for navigation to external protocol links in sandboxed iframes without allow-top-navigation-to-custom-protocols. This vulnerability affects Firefox for Android 112, Firefox 112, and Focus for Android 112...

6.1CVSS7AI score0.00315EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2023/06/02 5:15 p.m.3 views

CVE-2023-29540

Using a redirect embedded into sourceMappingUrls could allow for navigation to external protocol links in sandboxed iframes without allow-top-navigation-to-custom-protocols. This vulnerability affects Firefox for Android 112, Firefox 112, and Focus for Android 112...

6.1CVSS6.7AI score0.00315EPSS
Exploits0References3
OSV
OSV
added 2023/04/12 12:0 a.m.7 views

UBUNTU-CVE-2023-29540

Using a redirect embedded into sourceMappingUrls could allow for navigation to external protocol links in sandboxed iframes without allow-top-navigation-to-custom-protocols. This vulnerability affects Firefox for Android 112, Firefox 112, and Focus for Android 112...

6.1CVSS6.7AI score0.00315EPSS
Exploits0References4
OSV
OSV
added 2022/01/07 12:21 a.m.5 views

GHSA-566M-QJ78-RWW5 Regular Expression Denial of Service in postcss

The package postcss versions before 7.0.36 or between 8.0.0 and 8.2.13 are vulnerable to Regular Expression Denial of Service ReDoS via getAnnotationURL and loadAnnotation in lib/previous-map.js. The vulnerable regexes are caused mainly by the sub-pattern regex /\s sourceMappingURL=. PoC js var...

5.3CVSS7.1AI score0.02508EPSS
Exploits1References5
ATTACKERKB
ATTACKERKB
added 2021/04/26 3:23 p.m.0 views

CVE-2021-23382

The package postcss before 8.2.13 are vulnerable to Regular Expression Denial of Service ReDoS via getAnnotationURL and loadAnnotation in lib/previous-map.js. The vulnerable regexes are caused mainly by the sub-pattern /\s sourceMappingURL=...

7.5CVSS5.4AI score0.02508EPSS
Exploits1References4
Rows per page
Query Builder