VYPR
Vendor

Nrwl

Products
2
CVEs
9
Across products
9
Status
Private

Products

2

Recent CVEs

9
  • CVE-2026-48027CriKEVMay 27, 2026
    risk 0.84cvss 9.8epss 0.02

    Nx Console is the user interface for Nx & Lerna. On 19 May 2026, a malicious version of Nx Console, 18.95.0, was published at 12:30 PM UTC and removed soon after at 12:48 PM UTC, leaving it available for ~18 minutes in Visual Studio Marketplace. For OpenVSX, the problem was…

  • CVE-2025-36852CriJun 10, 2025
    risk 0.61cvss epss 0.00

    A critical security vulnerability exists in remote cache extensions for common build systems utilizing bucket-based remote cache (such as those using Amazon S3, Google Cloud Storage, or similar object storage) that allows any contributor with pull request privileges to inject…

  • CVE-2025-10894CriSep 24, 2025
    risk 0.55cvss 9.6epss 0.01

    Malicious code was inserted into the Nx (build system) package and several related plugins. The tampered package was published to the npm software registry, via a supply-chain attack. Affected versions contain code that scans the file system, collects credentials, and posts them…

  • CVE-2024-41908HigAug 13, 2024
    risk 0.51cvss 7.8epss 0.00

    A vulnerability has been identified in NX (All versions < V2406.3000). The affected applications contains an out of bounds read vulnerability while parsing specially crafted PRT files. This could allow an attacker to crash the application or execute code in the context of the…

  • CVE-2025-40800HigDec 9, 2025
    risk 0.48cvss 7.4epss 0.00

    A vulnerability has been identified in COMOS V10.6 (All versions < V10.6.1), COMOS V10.6 (All versions < V10.6.1), NX V2412 (All versions < V2412.8700), NX V2506 (All versions < V2506.6000), Simcenter 3D (All versions < V2506.6000), Simcenter Femap (All versions < V2506.0002),…

  • CVE-2024-7608MedAug 27, 2024
    risk 0.38cvss 5.9epss 0.00

    An authenticated user can access the restricted files from NX, EX, FX, AX, IVX and CMS using path traversal.

  • CVE-2023-31179May 8, 2023
    risk 0.00cvss epss 0.01

    AgilePoint NX v8.0 SU2.2 & SU2.3 - Path traversal - Vulnerability allows path traversal and downloading files from the server, by an unspecified request.

  • CVE-2023-31178May 8, 2023
    risk 0.00cvss epss 0.01

    AgilePoint NX v8.0 SU2.2 & SU2.3 – Arbitrary File Delete Vulnerability allows arbitrary file deletion, by an unspecified request.

  • CVE-2023-24507May 8, 2023
    risk 0.00cvss epss 0.01

    AgilePoint NX v8.0 SU2.2 & SU2.3 – Insecure File Upload - Vulnerability allows insecure file upload, by an unspecified request.