Fallos del tipo CWE-506

85 resultados

CVE-2017-16076—proxy.js was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.EPSS 1.1%CVE-2017-16055—`sqlserver` was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.EPSS 1.1%CVE-2017-16073—noderequest was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.EPSS 1.1%CVE-2017-16079—smb was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.EPSS 1.1%CVE-2017-16071—nodemailer-js was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.EPSS 1.1%CVE-2017-16066—opencv.js was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.EPSS 1.1%CVE-2017-16056—mssql.js was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.EPSS 1.1%CVE-2017-16045—`jquery.js` was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.EPSS 1.1%CVE-2017-16078—shadowsock was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.EPSS 1.1%CVE-2017-16057—nodemssql was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.EPSS 1.1%CVE-2017-16205—The coffescript module exfiltrates sensitive data such as a user's private SSH key and bash history to a third party server during installatEPSS 1.1%CVE-2017-16061—tkinter was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.EPSS 1.1%CVE-2025-59374CRITICAL"UNSUPPORTED WHEN ASSIGNED" Certain versions of the ASUS Live Update client were distributed with unauthorized modifications introduced throEPSS 1.1%KEV CVE-2017-16062—node-tkinter was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.EPSS 1.1%CVE-2023-2003CRITICALEmbedded malicious code vulnerability in Unitronics Vision1210EPSS 0.9%CVE-2025-32965CRITICALCompromised xrpl.js versions 4.2.1, 4.2.2, 4.2.3, 4.2.4, and 2.14.2EPSS 0.8%CVE-2017-16207—discordi.js is a malicious module based on the discord.js library that exfiltrates login tokens to pastebin.EPSS 0.7%CVE-2017-20203CRITICALNetSarang v5.0 Malicious Backdoor Supply Chain CompromiseEPSS 0.6%CVE-2026-34424CRITICALSmart Slider 3 Pro 3.5.1.35 Supply Chain Attack Remote Access ToolkitEPSS 0.6%CVE-2025-10894CRITICALNx: nx/devkit: malicious versions of nx and plugins published to npmEPSS 0.5%

← anteriorpágina 3 / 5siguiente →