EUVD-2025-199458

Malicious code in @oku-ui/tooltip npm...

@oku-ui/alert-dialog (>=0.0.1 <=0.6.1), @oku-ui/dialog (>=0.4.0 <=0.6.1) +6 more potentially affected by unknown CVE via @oku-ui/portal (=0.6.1)

@oku-ui/portal NPM version =0.6.1 is affected by a known vulnerability. The following packages have a transitive dependency on @oku-ui/portal and may be impacted: - @oku-ui/alert-dialog =0.0.1, =0.4.0, =0.4.0, =0.6.0, =0.4.0, =0.4.0, =0.4.0-alpha.6, =0.4.0, =0.6.1 Source cves: unknown CVE Source...

@oku-ui/hover-card (>=0.4.0 <=0.6.1), @oku-ui/primitives (>=0.4.0 <=0.6.1) +2 more potentially affected by unknown CVE via @oku-ui/visually-hidden (=0.6.1)

@oku-ui/visually-hidden NPM version =0.6.1 is affected by a known vulnerability. The following packages have a transitive dependency on @oku-ui/visually-hidden and may be impacted: - @oku-ui/hover-card =0.4.0, =0.4.0, =0.4.0, =0.4.0, =0.6.1 Source cves: unknown CVE Source advisory:...

Malicious code in @oku-ui/tooltip (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a877d67aa9ecc5ce75cbb742bfc5ec14376ac9423b13080e69cda80ce1f536e1 The package @oku-ui/tooltip was found to contain malicious code. Source: google-open-source-security...

Malicious code in @frozen-ui/tooltip (npm)

The package @frozen-ui/tooltip was found to contain malicious code...

Malicious code in @gthwebdev/ui-tooltip (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 62aaab200b33789e76005a82f8665eaec345f6c173d63c8fdae72dff0cc2855d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2024-10282 Malicious code in ui-tooltip (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 4ec8e71cd55c69aa20854cfdc8a408f5591d35551b0d09cfa0bbdd9f148a7401 The OpenSSF Package Analysis project identified 'ui-tooltip' @ 1.1.2 npm as malicious. It is considered malicious because: - The package...

Malicious code in ui-tooltip (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 4ec8e71cd55c69aa20854cfdc8a408f5591d35551b0d09cfa0bbdd9f148a7401 The OpenSSF Package Analysis project identified 'ui-tooltip' @ 1.1.2 npm as malicious. It is considered malicious because: - The package...

jquery-ui: XSS vulnerability in default content in Tooltip widget

Cross-site scripting XSS vulnerability in the default content option in jquery.ui.tooltip.js in the Tooltip widget in jQuery UI before 1.10.0 allows remote attackers to inject arbitrary web script or HTML via the title attribute, which is not properly handled in the autocomplete combo box demo...

DEBIAN-CVE-2012-6662

Cross-site scripting XSS vulnerability in the default content option in jquery.ui.tooltip.js in the Tooltip widget in jQuery UI before 1.10.0 allows remote attackers to inject arbitrary web script or HTML via the title attribute, which is not properly handled in the autocomplete combo box demo...