3 matches found
GHSA-JWQ7-6J4R-2F92 Prebid.js NPM package briefly compromised
Impact NPM users of prebid 10.9.2. The malicious code attempts to redirect crypto transactions on the site to the attackers' wallet. Patches 10.10.0 is solved References https://www.sonatype.com/blog/npm-chalk-and-debug-packages-hit-in-software-supply-chain-attack...
CVE-2025-59038
Prebid.js (npm package) CVE-2025-59038 concerns the 10.9.2 release being briefly compromised by malware that redirected cryptocurrency transactions to the attacker’s wallet. The issue is addressed in version 10.10.0; a workaround is downgrading to 10.9.1. This CVE is tied to the Prebid.js npm pac...
CVE-2025-8023
Mattermost versions 10.8.x = 10.8.3, 10.5.x = 10.5.8, 9.11.x = 9.11.17, 10.9.x = 10.9.2 fails to sanitize path traversal sequences in template file destination paths, which allows a system admin to perform path traversal attacks via malicious path components, potentially enabling malicious file...