This page collects WhisperX intelligence signals tagged #CVE-2026-33750. It is designed for humans, search engines, and AI agents: each item links to a canonical source-backed record with sector, source, timestamp, credibility, and exportable structured data.
开源包 `filesniffer-1.0.3.tgz` 被检测出一个严重安全漏洞,CVSS 评分为 6.5(中等)。该漏洞并非直接存在于 `filesniffer` 本身,而是潜伏在其深层依赖链中——具体路径为 `/node_modules/filehound/node_modules/brace-expansion/package.json`。这意味着任何引入 `filesniffer` 的项目,其安全防线都可能因这个间接依赖而被悄然突破。该漏洞已在 GitHub 仓库 `GarySegal-Mend-DemoCorp/JuiceShop` 的特定提交(55db57ec3f9859e87962c0bf25387e43480847f...
A widely used JavaScript library, 'brace-expansion', is exposing dependent projects to a medium-severity vulnerability with a CVSS score of 6.5. The vulnerability, tracked as CVE-2026-33750, is present in version 2.0.1 of the package, which is a direct dependency in affected projects. This library, which provides shell...
A widely used JavaScript library, 'brace-expansion', has been flagged for two newly disclosed vulnerabilities, with the most severe rated 6.5 on the CVSS scale. The findings, posted to a GitHub repository, indicate that version 2.0.1 of the package is directly affected, posing a potential risk to any project that inclu...
A widely used JavaScript library, brace-expansion, is actively exposing dependent projects to a medium-severity vulnerability with a CVSS score of 6.5. The issue, tracked as CVE-2026-33750, is present in version 2.0.1 of the package, which is a direct dependency in the reported project. This vulnerability is not an iso...
A critical security vulnerability in the widely used `brace-expansion` npm package has prompted an urgent dependency update. The flaw, tracked as CVE-2026-33750, allows a maliciously crafted brace pattern with a zero step value—such as `{1..2..0}`—to trigger an infinite loop in the sequence generation code. This causes...
A critical security vulnerability in the widely used `brace-expansion` npm package has triggered an urgent dependency update. The flaw, tracked as CVE-2026-33750, allows a maliciously crafted brace pattern with a zero step value—such as `{1..2..0}`—to cause the sequence generation loop to run indefinitely. This creates...