CVE-2026-28445

Typebot is a chatbot builder tool. In versions 3.15.2 and prior, the RatingButton component in the embed package renders the user-controlled customIcon.svg field directly via Solid's innerHTML directive without any sanitization, even though DOMPurify is already a dependency and is used elsewhere ...

EUVD-2026-31466

Typebot is a chatbot builder tool. In versions 3.15.2 and prior, the RatingButton component in the embed package renders the user-controlled customIcon.svg field directly via Solid's innerHTML directive without any sanitization, even though DOMPurify is already a dependency and is used elsewhere ...

JLSEC-2026-100 Deno is vulnerable to race condition via interactive permission prompt spoofing

Impact Multi-threaded programs were able to spoof interactive permission prompt by rewriting the prompt to suggest that program is waiting on user confirmation to unrelated action. A malicious program could clear the terminal screen after permission prompt was shown and write a generic message li...

Mozilla Firefox < 58.0

The version of Firefox installed on the remote macOS or Mac OS X host is prior to 58.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2018-02 advisory. - Mozilla developers and community members Calixte Denizet, Christian Holler, Alex Gaynor, Yoshi Huang, Bob...

EUVD-2018-16878

Malware in sbrugna...

EUVD-2010-0191

Malware in sbrugna...

MAL-2025-38981 Malicious code in web-worker-swc-plugin (npm)

The package web-worker-swc-plugin was found to contain malicious code...

Malicious code in web-worker-swc-plugin (npm)

The package web-worker-swc-plugin was found to contain malicious code...

Linux Distros Unpatched Vulnerability : CVE-2023-23602

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A mishandled security check when creating a WebSocket in a WebWorker caused the Content Security Policy connect-src header to be ignored. This could lead to...

Linux Distros Unpatched Vulnerability : CVE-2020-12387

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A race condition when running shutdown code for Web Worker led to a use-after-free vulnerability. This resulted in a potentially exploitable crash. This...

CVE-2023-22499

Deno is a runtime for JavaScript and TypeScript that uses V8 and is built in Rust. Multi-threaded programs were able to spoof interactive permission prompt by rewriting the prompt to suggest that program is waiting on user confirmation to unrelated action. A malicious program could clear the...

OESA-2024-2058 mozjs78 security update

SpiderMonkey is the code-name for Mozilla Firefox's C++ implementation of JavaScript. It is intended to be embedded in other applications that provide host environments for JavaScript. Security Fixes: A mishandled security check when creating a WebSocket in a WebWorker caused the Content Security...

SUSE CVE-2023-22499

Deno is a runtime for JavaScript and TypeScript that uses V8 and is built in Rust. Multi-threaded programs were able to spoof interactive permission prompt by rewriting the prompt to suggest that program is waiting on user confirmation to unrelated action. A malicious program could clear the...

Mozilla: Cross-origin responses could be distinguished between script and non-script content-types

A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes this flaw as follows: When importing resources using Web Workers, error messages would distinguish the difference between application/javascript responses and non-script responses. This could have been abused to learn...

Mozilla: Cross-origin responses could be distinguished between script and non-script content-types

A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes this flaw as follows: When importing resources using Web Workers, error messages would distinguish the difference between application/javascript responses and non-script responses. This could have been abused to learn...

Mozilla: Cross-origin responses could be distinguished between script and non-script content-types

A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes this flaw as follows: When importing resources using Web Workers, error messages would distinguish the difference between application/javascript responses and non-script responses. This could have been abused to learn...

Mozilla: Cross-origin responses could be distinguished between script and non-script content-types

A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes this flaw as follows: When importing resources using Web Workers, error messages would distinguish the difference between application/javascript responses and non-script responses. This could have been abused to learn...

DEBIAN-CVE-2024-4769

When importing resources using Web Workers, error messages would distinguish the difference between application/javascript responses and non-script responses. This could have been abused to learn information cross-origin. This vulnerability affects Firefox 126, Firefox ESR 115.11, and Thunderbird...

PT-2023-27003 · Node.Js +1 · Node.Js +1

Name of the Vulnerable Software and Affected Versions: SES versions 0.13.0 through 0.13.4 SES versions 0.14.0 through 0.14.4 SES versions 0.15.0 through 0.15.23 SES versions 0.16.0 through 0.16.0 SES versions 0.17.0 through 0.17.0 SES versions 0.18.0 through 0.18.6 Description: There is a hole in...

SUSE CVE-2010-0160

The Web Worker functionality in Mozilla Firefox 3.0.x before 3.0.18 and 3.5.x before 3.5.8, and SeaMonkey before 2.0.3, does not properly handle array data types for posted messages, which allows remote attackers to cause a denial of service heap memory corruption and application crash or possibl...