Loading...
Loading...
8,637 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, userspace can read values from audio codec registers.
Lack of copy_from_user and information leak in function "msm_ois_subdev_do_ioctl, file msm_ois.c can lead to a camera crash in all Android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the Linux kernel
Information leak of the ISPIF base address in Android for MSM, Firefox OS for MSM, and QRD Android can occur in the camera driver.
node-jose is a JavaScript implementation of the JSON Object Signing and Encryption (JOSE) for current web browsers and node.js-based servers. node-jose earlier than version 0.9.3 is vulnerable to an invalid curve attack. This allows an att…
The sync-exec module is used to simulate child_process.execSync in node versions <0.11.9. Sync-exec uses tmp directories as a buffer before returning values. Other users on the server have read access to the tmp directory, possibly allowin…
`d3.js` was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.
`jquery.js` was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.
mysqljs was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.
`node-sqlite` was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.
`nodesqlite` was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.
`sqlite.js` was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.
`sqliter` was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.
`node-fabric` was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.
`fabric-js` was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.
`nodefabric` was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.
`sqlserver` was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.
mssql.js was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.
nodemssql was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.
gruntcli was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.
mssql-node was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.
babelcli was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.
tkinter was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.
node-tkinter was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.
node-opensl was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.
node-openssl was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.
openssl.js was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.
opencv.js was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.
node-opencv was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.
ffmepg was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.
nodeffmpeg was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.
nodecaffe was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.
nodemailer-js was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.
nodemailer.js was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.
noderequest was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.
crossenv was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.
http-proxy.js was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.
proxy.js was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.
mongose was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.
shadowsock was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.
smb was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.
nodesass was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.
cross-env.js was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.
The module botbait is a tool to be used to track bot and automated tools usage with-in the npm ecosystem. botbait is known to record and track user information. The module tracks the following information. Source IP process.versions proces…
The cofeescript module exfiltrates sensitive data such as a user's private SSH key and bash history to a third party server during installation.
The coffe-script module exfiltrates sensitive data such as a user's private SSH key and bash history to a third party server during installation.
The jquey module exfiltrates sensitive data such as a user's private SSH key and bash history to a third party server during installation.
The coffescript module exfiltrates sensitive data such as a user's private SSH key and bash history to a third party server during installation.
The cofee-script module exfiltrates sensitive data such as a user's private SSH key and bash history to a third party server during installation.
aegir is a module to help automate JavaScript project management. Version 12.0.0 through and including 12.0.7 bundled and published to npm the user (that performed a aegir-release) GitHub token.
IBM Pulse for QRadar 1.0.0 - 1.0.3 discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM X-Force ID: 133123.
EchelonGraph correlates every CVE — across CWE-200 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →