VDB

GCVE-110-OSM-2026-6941

GCVE-110-OSM-2026-6941
Advisory PublishedCVSS 9.6/10
Vulnetix · Advisory published June 29, 2026
Malicious package detected. Behaviors: obfuscated code. ENTRY cli.js (bin: ./cli.js) OBFUSCATION - Decoded Unicode Escape Content in src/license.jsc (x3) - Hex Encoded Strings in src/license.jsc: ""\x72\x65\x74\x75\x72\x6e\x20\x74\x68\x69\x73"" - Unicode Escape Obfuscation in src/license.jsc: "\u0066\u0072\u006f\u006d\u0043\u006f\u0064\u0065\u0050\u006f\u0069\u006e\u0074" - Decoded Hex Escape Content in src/license.jsc (x2) - recovered 3 domains from decoded/deobfuscated content ADDITIONAL FINDINGS - Very New NPM Publisher Account - Rapid Version Publishing PAYLOAD FILES src/license.jsc INDICATORS (IOCs) - domains: b.pE, b.pw, X.Ga - payloadFileHash: adb8b65aa9afd71d9d164695ef50f71d7ab33860749c273780879ed48451ecdf

Weaknesses (CWE)

CWE-506Embedded Malicious Code

Risk Scores

CVSS 3.1
9.6/10
Critical · CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

Affected Products

VendorProductVersionsPlatforms
unknown@ibrahim1337/baksenall (affected)

References

advisory
vendor

Browse GCVE Records

73,280 records in the GCVE database · Updated July 17, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›