Lucene search
K

1582 matches found

OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/11 5:6 a.m.13 views

Malicious code in webpack-cache-cycle (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 82fa37e2478a7109e376e3a062ccb203806511033930eb7390e45fe7ef404b81 On npm install, package.json's postinstall hook runs node -e "require'./loader.js'". loader.js spawns a detached node process that decodes a...

5.5AI score
Exploits0References1
OSV
OSV
added 2026/06/11 5:6 a.m.15 views

MAL-2026-5579 Malicious code in webpack-cache-cycle (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 82fa37e2478a7109e376e3a062ccb203806511033930eb7390e45fe7ef404b81 On npm install, package.json's postinstall hook runs node -e "require'./loader.js'". loader.js spawns a detached node process that decodes a...

5.5AI score
Exploits0References1
OSV
OSV
added 2026/06/11 5:6 a.m.10 views

MAL-2026-5581 Malicious code in webpack-patch (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d0f5ce3525e99528190ba5217a777184e302d46050fc23bef173de6fda240eba Package impersonates the webpack ecosystem but is unrelated to webpack. When the exported middleware is invoked, index.js spawns a detached node...

6.2AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/11 5:6 a.m.10 views

Malicious code in webpack-patch (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d0f5ce3525e99528190ba5217a777184e302d46050fc23bef173de6fda240eba Package impersonates the webpack ecosystem but is unrelated to webpack. When the exported middleware is invoked, index.js spawns a detached node...

6.2AI score
Exploits0References1
OSV
OSV
added 2026/06/11 5:6 a.m.24 views

MAL-2026-5578 Malicious code in webpack-cache-clean (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8f8656d094ec59721c08eb72a1ec8f1530cd07985edf705032926dd9a19461d9 On npm install, the package runs a postinstall hook node -e "require'./loader.js'" that spawns a detached child process. The child decodes an...

6.3AI score
Exploits0References1
OSV
OSV
added 2026/06/04 9:4 p.m.3 views

ROOT-APP-NPM-CVE-2024-29180 CVE-2024-29180 in @rootio/webpack-dev-middleware - Patched by Root

Root has patched CVE-2024-29180 in the @rootio/webpack-dev-middleware package for Root:npm. Multiple fixed versions available...

7.5CVSS8.3AI score0.01199EPSS
Exploits1
Snyk
Snyk
added 2026/06/03 1:43 p.m.12 views

Malicious Package

Overview webpack-json is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.5AI score
Exploits0References2
OSV
OSV
added 2026/06/03 1:43 p.m.10 views

MAL-2026-5175 Malicious code in webpack-json (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware abd3559fc62e362d5e4d5068126317096f7e2e483d97bba9f59e192a9d49a363 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.8AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/03 1:43 p.m.13 views

Malicious code in webpack-json (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware abd3559fc62e362d5e4d5068126317096f7e2e483d97bba9f59e192a9d49a363 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.8AI score
Exploits0References1
Snyk
Snyk
added 2026/06/01 3:43 p.m.7 views

Malicious Package

Overview xarc-webpack-cli is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.8AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/25 10:0 p.m.15 views

Malicious code in xarc-webpack-cli (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b29d869051afe04db57e24dad1092c70992f83465d60989f5120e17d7fa20310 The package ships a preinstall hook node poc.js || true that runs on every npm install. poc.js collects host fingerprint data hostname, username,...

5.9AI score
Exploits0References2
OSV
OSV
added 2026/05/25 10:0 p.m.10 views

MAL-2026-4352 Malicious code in xarc-webpack-cli (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b29d869051afe04db57e24dad1092c70992f83465d60989f5120e17d7fa20310 The package ships a preinstall hook node poc.js || true that runs on every npm install. poc.js collects host fingerprint data hostname, username,...

5.9AI score
Exploits0References2
Snyk
Snyk
added 2026/05/19 3:51 p.m.7 views

Exposed Dangerous Method or Function

Overview @nuxt/webpack-builder is a Webpack bundler for Nuxt Affected versions of this package are vulnerable to Exposed Dangerous Method or Function when using webpack or rspack builder and navigating to a malicious website. An attacker can inject a script tag to request a classic script, which ...

5.9CVSS5.6AI score0.00325EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/05/19 12:0 a.m.15 views

PT-2026-41963

Name of the Vulnerable Software and Affected Versions @nuxt/rspack-builder versions 3.15.4 through 3.21.5 @nuxt/rspack-builder versions 4.0.0-alpha.1 through 4.4.5 @nuxt/webpack-builder versions 3.15.4 through 3.21.5 @nuxt/webpack-builder versions 4.0.0-alpha.1 through 4.4.5 Description An...

5.9CVSS5.3AI score0.00208EPSS
Exploits1References9
Github Security Blog
Github Security Blog
added 2026/05/18 1:31 p.m.32 views

webpack-dev-server vulnerable to cross-origin source code exposure on non-HTTPS origins

Impact When webpack-dev-server is running on a non-HTTPS origin the default, cross-origin requests from malicious websites can load the dev server's JavaScript bundles via tags. The fix introduced in v5.2.1 CVE-2025-30359 relied on Sec-Fetch-Mode and Sec-Fetch-Site request headers to block these...

6.5CVSS6.5AI score0.00427EPSS
Exploits2References6Affected Software1
OSV
OSV
added 2026/05/18 1:31 p.m.7 views

GHSA-79CF-XCQC-C78W webpack-dev-server vulnerable to cross-origin source code exposure on non-HTTPS origins

Impact When webpack-dev-server is running on a non-HTTPS origin the default, cross-origin requests from malicious websites can load the dev server's JavaScript bundles via tags. The fix introduced in v5.2.1 CVE-2025-30359 relied on Sec-Fetch-Mode and Sec-Fetch-Site request headers to block these...

5.3CVSS5.9AI score0.00216EPSS
Exploits0References6
Patchstack
Patchstack
added 2026/05/18 1:31 p.m.11 views

NPM: webpack-dev-server vulnerable to cross-origin source code exposure on non-HTTPS origins

NPM: webpack-dev-server vulnerable to cross-origin source code exposure on non-HTTPS origins vulnerability discovered by ? in WordPress Npm webpack-dev-server versions = 5.2.3...

6.5CVSS5.9AI score0.00216EPSS
Exploits0References6Affected Software1
EUVD
EUVD
added 2026/05/18 1:31 p.m.29 views

EUVD-2026-29404

webpack-dev-server vulnerable to cross-origin source code exposure on non-HTTPS origins...

6.5CVSS5.8AI score0.00216EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2026/05/18 12:0 a.m.72 views

Linux Distros Unpatched Vulnerability : CVE-2026-6402

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - webpack-dev-server versions up to and including 5.2.3 are vulnerable to cross-origin source code exposure when serving over a non-potentially trustworthy origin...

6.5CVSS5.8AI score0.00216EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2026/05/13 2:26 p.m.10 views

SUSE CVE-2026-6402

webpack-dev-server versions up to and including 5.2.3 are vulnerable to cross-origin source code exposure when serving over a non-potentially trustworthy origin such as plain HTTP. The previous fix relied on the Sec-Fetch-Mode and Sec-Fetch-Site request headers, which browsers omit for...

5.3CVSS5.8AI score0.00216EPSS
Exploits0References3
Rows per page
Query Builder