The product contains code that appears to be malicious in nature.
80 vulnerabilities with CWE-506
CVE-2025-30066
HIGH
KEV
tj-actions <46 - Info Disclosure
CVSS 8.6
CVE-2024-10938
MEDIUM
OVRI Payment 1.7.0 - Malicious File Execution
CVSS 6.5
CVE-2024-4978
HIGH
KEV
Justice AV Solutions Viewer Setup <8.3.7.250-1 - Code Injection
CVSS 8.4
CVE-2024-3094
CRITICAL
xz <5.6.0 - Code Injection
CVSS 10.0
CVE-2023-2003
CRITICAL
Vision1210 <4.3 - Code Injection
CVSS 9.1
CVE-2021-22887
LOW
Pulse Secure PSA5000/PSA7000 - Privilege Escalation
CVSS 2.3
CVE-2020-15165
CRITICAL
Chameleon Mini Live Debugger <1.1.6 - Info Disclosure
CVSS 9.3
CVE-2018-25117
CRITICAL
VestaCP <ee03eff - Code Injection
CVE-2017-20203
CRITICAL
NetSarang Xmanager Enterprise/Xshell/Xftp/Xlpd <5.0 - RCE
CVE-2017-20202
CRITICAL
Web Developer for Chrome <0.4.9 - Code Injection
CVE-2017-20201
CRITICAL
CCleaner v5.33.6162 & CCleaner Cloud v1.07.3191 (32-bit) - RCE
CVE-2017-16207
HIGH
discordi.js - Info Disclosure
CVSS 7.3
CVE-2017-16205
HIGH
Coffeescript - Info Disclosure
CVSS 7.5
CVE-2017-16204
HIGH
jQuery - Info Disclosure
CVSS 7.5
CVE-2017-16203
HIGH
Coffe-Script - Info Disclosure
CVSS 7.5
CVE-2017-16202
HIGH
Coffeescript - Info Disclosure
CVSS 7.5
CVE-2017-16128
CRITICAL
npm-script-demo - Command Injection
CVSS 9.8
CVE-2017-16081
HIGH
Cross-env.js - Information Disclosure
CVSS 7.5
CVE-2017-16080
HIGH
Nodesass - Information Disclosure
CVSS 7.5
CVE-2017-16079
HIGH
SMB - Information Disclosure
CVSS 7.5
CVE-2017-16078
HIGH
Shadowsock - Information Disclosure
CVSS 7.5
CVE-2017-16077
HIGH
Mongose - Information Disclosure
CVSS 7.5
CVE-2017-16076
HIGH
Proxy.js - Information Disclosure
CVSS 7.5
CVE-2017-16075
HIGH
Http-proxy.js - Information Disclosure
CVSS 7.5
CVE-2017-16074
HIGH
Crossenv - Information Disclosure
CVSS 7.5
Details
Vulnerabilities
80