javascript
38 articles with this tag
HIGH
INFO
MEDIUM
MEDIUM
MEDIUM
CRITICAL
MEDIUM
CRITICAL
INFO
INFO
MEDIUM
MEDIUM
HIGH
MEDIUM
MEDIUM
MEDIUM
CRITICAL
CRITICAL
HIGH
CRITICAL
CRITICAL
MEDIUM
CRITICAL
CRITICAL
MEDIUM
HIGH
MEDIUM
HIGH
MEDIUM
INFO
LOW
LOW
MEDIUM
HIGH
MEDIUM
INFO
CRITICAL
HIGH
Fake software on GitHub and SourceForge distribute Deno RAT
As AI speeds coding, CVE Lite CLI keeps security deliberately AI-free
CVE-2026-8711 NGINX JavaScript vulnerability
CVE-2026-8723 qs.stringify crashes on null/undefined entries in comma-format arrays under encodeValuesOnly
USN-8276-1: Highlight.js vulnerability
Funnel Builder WordPress plugin bug exploited to steal credit cards
[NEU] [mittel] Angular: Schwachstelle ermöglicht Manipulation von Daten
13 new critical holes in JavaScript sandbox allow execution of arbitrary code
CVE-2026-34043 Serialize JavaScript has CPU Exhaustion Denial of Service via crafted array-like objects
CVE-2026-33916 Handlebars.js has Prototype Pollution Leading to XSS through Partial Template Injection
We analysed almost 100 UK charity websites and found that ~1 in 6 are running vulnerable JavaScript dependencies.
Chromium: CVE-2026-5862 Inappropriate implementation in V8
Chromium: CVE-2026-5873 Out of bounds read and write in V8
Chromium: CVE-2026-5893 Race in V8
CVE-2026-33939 Handlebars.js has Denial of Service via Malformed Decorator Syntax in Template Compilation
CVE-2026-33938 Handlebars.js has JavaScript Injection via AST Type Confusion by tampering @partial-block
Critical flaw in Protobuf library enables JavaScript code execution
[UPDATE] [hoch] Node.js: Mehrere Schwachstellen
[NEU] [mittel] Vercel Next.js: Schwachstelle ermöglicht Denial of Service
Max severity Flowise RCE vulnerability now exploited in attacks
Critical Flowise Vulnerability in Attacker Crosshairs
Cracking a Malvertising DGA From the Device Side
Axios npm Supply Chain Compromise
HUGE supply chain attack
[NEU] [mittel] Node.js: Mehrere Schwachstellen
[NEU] [hoch] Angular: Schwachstelle ermöglicht Cross-Site Scripting
Smashing Security podcast #458: How not to steal $46 million from the US government
New PhantomRaven NPM attack wave steals dev data via 88 packages
GrayCharlie Hijacks Law Firm Sites in Suspected Supply-Chain Attack
What 5 Million Apps Revealed About Secrets in JavaScript
Making sure you're not a bot!
Making sure you're not a bot!
Pastebin comments push ClickFix JavaScript attack to hijack crypto swaps
USN-8041-1: Dottie vulnerability
VU#458422: CASL Ability contains a prototype pollution vulnerability
Pompelmi: Open-source secure file upload scanning for Node.js
Critical RCE bugs expose the n8n automation platform to host‑level compromise
The Next Frontier of Runtime Assembly Attacks: Leveraging LLMs to Generate Phishing JavaScript in Real Time