VDB

GCVE-110-OSM-2026-5997

GCVE-110-OSM-2026-5997
Advisory PublishedCVSS 9.6/10
Vulnetix · Advisory published June 15, 2026
Malicious package detected. Behaviors: code execution. ADDITIONAL FINDINGS - Global Require Alias in src/bootstrap.js: "global['r']=require" PAYLOAD FILES src/bootstrap.js INDICATORS (IOCs) - blockchain: - TRON wallet #1: TMfKQEd7TJJa5xNZJZ2Lep838vrzrs7mAP - TRON wallet #2: TXfxHUet9pJVU1BgVkBAbrES4YUc1nGzcG - Hash #1: 0xbe037400670fbf1c32364f762975908dc43eeb38759263e7dfcdabc76380811e - Hash #2: 0x3f0e5781d0855fb460661ac63257376db1941b2bb522499e4757ecb3ebd5dce3 - urls: https://www.mbparvez.me - domains: www.mbparvez.me - payloadFileHash: 8c031bc55a321bae573f52f953e383c949b57225cc004d1f3c15300f770c0af3

Weaknesses (CWE)

CWE-506Embedded Malicious Code

Risk Scores

CVSS 3.1
9.6/10
Critical · CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

Affected Products

VendorProductVersionsPlatforms
unknowntailwind-color-shadesall (affected)

Browse GCVE Records

73,280 records in the GCVE database · Updated July 17, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›