EUVD-2025-37260

Malicious code in salli-tg-api npm...

CVE-2023-37260

league/oauth2-server is an implementation of an OAuth 2.0 authorization server written in PHP. Starting in version 8.3.2 and prior to version 8.5.3, servers that passed their keys to the CryptKey constructor as as string instead of a file path will have had that key included in a LogicException...

CVE-2024-37260

Server-Side Request Forgery SSRF vulnerability in Theme-Ruby Foxiz.This issue affects Foxiz: from n/a through 2.3.5...

CVE-2024-37260 WordPress Foxiz Theme theme <= 2.3.5 - Server Side Request Forgery (SSRF) vulnerability

Server-Side Request Forgery SSRF vulnerability in Theme-Ruby Foxiz.This issue affects Foxiz: from n/a through 2.3.5...

WordPress Foxiz Theme <= 2.3.5 is vulnerable to Server Side Request Forgery (SSRF)

Software Foxiz Type Theme Vulnerable versions = 2.3.5 Fixed in 2.3.6 OWASP Top 10 A10: Server-Side Request Forgery SSRF Classification Server Side Request Forgery SSRF CVE CVE-2024-37260 Patch priority Medium CVSS severity Medium 7.2 Developer Claim ownership PSID 150ccfe5f306 Credits luc Require...

CVE-2023-37260

creationtimestamp| type| source ---|---|--- 2023-07-06 20:20:35+00:00| seen| https://t.me/cibsecurity/66146...

CVE-2023-37260

The CVE-2023-37260 issue affects league/oauth2-server (PHP). Root cause: when a server passed a CryptKey as a string instead of a file path and no valid pass phrase was provided, the key could be exposed in a LogicException message. Impact stated: potential exposure of the key in exception messag...

CVE-2023-37260 league/oauth2-server key exposed in exception message when passing as string and providing invalid pass phrase

league/oauth2-server is an implementation of an OAuth 2.0 authorization server written in PHP. Starting in version 8.3.2 and prior to version 8.5.3, servers that passed their keys to the CryptKey constructor as as string instead of a file path will have had that key included in a LogicException...

@basket/get (>=1.1.0 <=1.2.2), @bitovi/incremental (>=1.0.0 <=1.0.2) +50 more potentially affected by CVE-2022-37260 via steal (>=0.12.9 <=2.3.0)

steal NPM version =0.12.9, =1.1.0, =1.0.0, =1.0.0, =0.0.0, =0.1.0, =0.1.0, =0.0.1, =0.0.1-0, =0.3.0, =1.0.0, =0.4.0, =0.7.3 and more Source cves: CVE-2022-37260 Source advisory: OSV:GHSA-7F3X-2WCX-HWW8...

CVE-2022-37260

A Regular Expression Denial of Service ReDoS flaw was found in stealjs steal 2.2.4 via the input variable in main.js...

CVE-2022-37260

CVE-2022-37260 describes a Regular Expression Denial of Service (ReDoS) in the StealJS module loader, specifically in steal 2.2.4 via the input variable in main.js. The CVSS 3.1 base score is 7.5 (HIGH), with attack vector NETWORK, attack complexity LOW, and no privileges or user interaction requ...