The product contains code that appears to be malicious in nature.
75 vulnerabilities with CWE-506
CVE-2026-28353
Trivy VSCode Extension 1.8.12 - Code Injection
CVE-2024-10938
MEDIUM
OVRI Payment 1.7.0 - Malicious File Execution
CVSS 6.5
CVE-2025-59374
CRITICALKEV
ASUS Live Update - Unintended Actions
CVSS 9.8
CVE-2018-25117
VestaCP <ee03eff - Code Injection
CVE-2017-20203
NetSarang Xmanager Enterprise/Xshell/Xftp/Xlpd <5.0 - RCE
CVE-2017-20202
Web Developer for Chrome <0.4.9 - Code Injection
CVE-2017-20201
CCleaner v5.33.6162 & CCleaner Cloud v1.07.3191 (32-bit) - RCE
CVE-2025-55556
MEDIUM
TensorFlow <2.18.0 - Info Disclosure
CVSS 6.5
CVE-2025-10894
CRITICAL
Nx < unknown - Code Injection
CVSS 9.6
CVE-2025-59145
color-name <2.0.1 - RCE
CVE-2025-59331
is-arrayish <0.3.3 - Code Injection
CVE-2025-59330
error-ex 1.3.3 - Code Injection
CVE-2025-59162
color-convert 3.1.1 - Command Injection
CVE-2025-59144
debug <4.4.2 - Code Injection
CVE-2025-59143
color <5.0.1 - Code Injection
CVE-2025-59142
color-string 2.1.1 - Open Redirect
CVE-2025-59141
simple-swizzle 0.2.3 - Code Injection
CVE-2025-59140
backlash <0.2.1 - Code Injection
CVE-2025-59039
PUC <1.17.3 - Info Disclosure
CVE-2025-59038
Prebid.js <10.9.2 - Open Redirect
CVE-2025-59037
DuckDB <1.3.3 - Info Disclosure
CVE-2025-8217
MEDIUM
Amazon Q Developer VS Code <1.85.0 - Info Disclosure
CVSS 4.0
CVE-2025-54313
HIGHKEV
eslint-config-prettier <10.1.7 - Code Injection
CVSS 7.5
CVE-2025-32965
xrpl.js <4.2.1-4.2.4, 2.14.2 - Code Injection
CVE-2025-30154
HIGHKEV
reviewdog/action-setup <v1 - RCE
CVSS 8.6
Details
Vulnerabilities
75