@4kda/vuetify-cifrum-components (>=0.0.5 <=0.0.51), @4kda/vuetify-cifrum-demo-app (>=0.0.11 <=0.0.55) +1225 more potentially affected by CVE-2025-8082 via vuetify (>=2.0.0 <=3.0.0-beta.7)

vuetify NPM version =2.0.0, =0.0.5, =0.0.11, =0.0.13, =0.0.13, =0.0.13, =1.1.10, =1.0.8, =0.1.0, =0.0.1, =0.3.0, =2.0.5, =0.0.5, =0.1.0, =0.1.29 and more Source cves: CVE-2025-8082 Source advisory: SNYK:JS-VUETIFY-14412705...

Malicious Package

Overview vuejs-accessibility is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

MAL-2025-49064 Malicious code in vuejs-accessibility (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 42a06ba3db5dc9f82ea682ce485a98f9fe76e64ba482445a08306e872524603f Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

EUVD-2025-36763

Malicious code in vuejs-accessibility npm...

Malicious code in vuejs-accessibility (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 42a06ba3db5dc9f82ea682ce485a98f9fe76e64ba482445a08306e872524603f Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

EUVD-2025-17579

Malicious code in bioql PyPI...

CVE-2025-5897

A vulnerability was found in vuejs vue-cli up to 5.0.8. It has been rated as problematic. This issue affects the function HtmlPwaPlugin of the file packages/@vue/cli-plugin-pwa/lib/HtmlPwaPlugin.js of the component Markdown Code Handler. The manipulation leads to inefficient regular expression...

CVE-2025-5897

A vulnerability was found in vuejs vue-cli up to 5.0.8. It has been rated as problematic. This issue affects the function HtmlPwaPlugin of the file packages/@vue/cli-plugin-pwa/lib/HtmlPwaPlugin.js of the component Markdown Code Handler. The manipulation leads to inefficient regular expression...

CVE-2025-5897

CVE-2025-5897 affects the Vue CLI (vue-cli) up to version 5.0.8, specifically the HtmlPwaPlugin.js in the Markdown Code Handler. The issue is an inefficient regular expression handling that can enable a Regular Expression Denial of Service (ReDoS) scenario and may be triggered remotely. Multiple ...

CVE-2025-5897 vuejs vue-cli Markdown Code HtmlPwaPlugin.js HtmlPwaPlugin redos

A vulnerability was found in vuejs vue-cli up to 5.0.8. It has been rated as problematic. This issue affects the function HtmlPwaPlugin of the file packages/@vue/cli-plugin-pwa/lib/HtmlPwaPlugin.js of the component Markdown Code Handler. The manipulation leads to inefficient regular expression...

Malicious code in zoomapps-texteditor-vuejs (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 6b6be9c754c32184fac89d2d416b8d75cc15d7bb20219f8ace3c698d6e415fff Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Bagisto 2.1.2 Client-Side Template Injection

Exploit Title: Bagisto 2.1.2 Client-Side Template InjectionCSTI VueJS Date: 06/18/2024 Exploit Author: tmrswrr Vendor Homepage: https://forums.bagisto.com/ Version: 2.1.2 Tested on: https://demo.bagisto.com/ https://demo.bagisto.com/bagisto-common/search?query=77 49...

Sysreptor - Fully Customisable, Offensive Security Reporting Tool Designed For Pentesters, Red Teamers And Other Security-Related People Alike

Easy and customisable pentest report creator based on simple web technologies. SysReptor is a fully customisable, offensive security reporting tool designed for pentesters, red teamers and other security-related people alike. You can create designs based on simple HTML and CSS, write your reports...

G3W-SUITE 跨站脚本漏洞

G3W-SUITE is G3W-SUITE open source a framework built using Django and VueJs . A security vulnerability exists in G3W-SUITE version 3.5 that allows remote users to inject arbitrary web script or HTML and gain privileges via the description parameter...

Malicious code in meetingsdk-sample-vuejs (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware cb53d02e988a276631d13cbb6486793e2858c3a6f266fb6601d395b5d6fd97d7 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2023-588 Malicious code in meetingsdk-sample-vuejs (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware cb53d02e988a276631d13cbb6486793e2858c3a6f266fb6601d395b5d6fd97d7 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2023-951 Malicious code in vuewjs (npm)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx b899bfc2ad4cc34bb998c5775bb55e7aa7410d54e7fd924f62d666bae1ad40c6 Lazarus Group targeting blockchain and cryptocurrency companies by exploiting software supply chains through malicious npm packages and social engineering...

MAL-2023-737 Malicious code in react-vuejs (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a46729b2313e52604631a44fbc0c9a6e4dea2ce5ceb901b05e055a389bfcdf8e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in react-vuejs (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a46729b2313e52604631a44fbc0c9a6e4dea2ce5ceb901b05e055a389bfcdf8e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2023-435 Malicious code in fe-core-components-vuejs (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware d60e569c72a226b7f460fd4ee1792523d0c53a9206b27aef9a6d2774378754ca Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...