Fallos del tipo CWE-506

85 resultados

CVE-2024-3094CRITICALXz: malicious code in distributed sourceEPSS 86.0%CVE-2026-33634CRITICALTrivy ecosystem supply chain briefly compromisedEPSS 60.4%KEV CVE-2025-30066HIGHtj-actions changed-files before 46 allows remote attackers to discover secrets by reading actions logs. (The tags v1 through v45.0.7 were afEPSS 41.0%KEV CVE-2024-4978HIGHMalicious Code in Justice AV Solutions (JAVS) ViewerEPSS 26.9%KEV CVE-2025-54313HIGHeslint-config-prettier 8.10.1, 9.1.1, 10.1.6, and 10.1.7 has embedded malicious code for a supply chain compromise. Installing an affected pEPSS 4.1%KEV CVE-2026-45321CRITICALMalware in 42 @tanstack/* packages exfiltrates cloud credentials, GitHub tokens, and SSH keysEPSS 2.3%KEV CVE-2025-30154HIGHMultiple Reviewdog actions were compromised during a specific time periodEPSS 2.3%KEV CVE-2026-48027CRITICALCompromised Nx Console version 18.95.0EPSS 1.8%KEV CVE-2017-16044—`d3.js` was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.EPSS 1.5%CVE-2017-16128—The module npm-script-demo opened a connection to a command and control server. It has been removed from the npm registry.EPSS 1.5%CVE-2026-8398CRITICALA supply chain attack compromised the official installation packages of DAEMON Tools Lite (Windows versions 12.5.0.2421 through 12.5.0.2434)EPSS 1.4%KEV CVE-2020-15165CRITICALPotentially tampered sources on Play Store for Chameleon Mini Live DebuggerEPSS 1.3%CVE-2017-16081—cross-env.js was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.EPSS 1.3%CVE-2017-16051—`sqliter` was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.EPSS 1.3%CVE-2017-16047—mysqljs was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.EPSS 1.3%CVE-2017-16077—mongose was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.EPSS 1.2%CVE-2017-16054—`nodefabric` was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.EPSS 1.2%CVE-2017-16065—openssl.js was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.EPSS 1.2%CVE-2017-16048—`node-sqlite` was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.EPSS 1.2%CVE-2017-16049—`nodesqlite` was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.EPSS 1.2%

← anteriorpágina 1 / 5siguiente →