1387 matches found
EUVD-2025-198068
Incorrect access control in mihomo v1.19.11 allows authenticated attackers with low-level privileges to read arbitrary files with elevated privileges via obtaining the external control key from the config file...
CVE-2025-56499
Incorrect access control in mihomo v1.19.11 allows authenticated attackers with low-level privileges to read arbitrary files with elevated privileges via obtaining the external control key from the config file...
PT-2025-47393
Name of the Vulnerable Software and Affected Versions mihomo version 1.19.11 Description An access control issue exists in mihomo version 1.19.11. Authenticated attackers with limited privileges can read arbitrary files with higher privileges. This is achieved by obtaining an external control key...
CVE-2025-56499
Incorrect access control in mihomo v1.19.11 allows authenticated attackers with low-level privileges to read arbitrary files with elevated privileges via obtaining the external control key from the config file...
CVE-2025-9982
A vulnerability exists in QuickCMS version 6.8 where sensitive admin credentials are hardcoded in a configuration file and stored in plaintext. This flaw allows attackers with access to the source code or the server file system to retrieve authentication details, potentially leading to privilege...
EUVD-2025-197612
A vulnerability exists in QuickCMS version 6.8 where sensitive admin credentials are hardcoded in a configuration file and stored in plaintext. This flaw allows attackers with access to the source code or the server file system to retrieve authentication details, potentially leading to privilege...
CVE-2025-9982 Hard-coded admin credentials in Quick.CMS
A vulnerability exists in QuickCMS version 6.8 where sensitive admin credentials are hardcoded in a configuration file and stored in plaintext. This flaw allows attackers with access to the source code or the server file system to retrieve authentication details, potentially leading to privilege...
PT-2025-46953
Name of the Vulnerable Software and Affected Versions QuickCMS version 6.8 Description A flaw exists where sensitive admin credentials are hardcoded in a configuration file and stored in plaintext. This allows attackers with access to the source code or the server file system to retrieve...
CVE-2025-64726
Socket Firewall is an HTTP/HTTPS proxy server that intercepts package manager requests and enforces security policies by blocking dangerous packages. Socket Firewall binary versions separate from installers prior to 0.15.5 are vulnerable to arbitrary code execution when run in untrusted project...
CVE-2025-64726 External Control of System or Configuration Setting and Uncontrolled Search Path Element in sfw
Socket Firewall is an HTTP/HTTPS proxy server that intercepts package manager requests and enforces security policies by blocking dangerous packages. Socket Firewall binary versions separate from installers prior to 0.15.5 are vulnerable to arbitrary code execution when run in untrusted project...
MAL-2025-190384 Malicious code in xerxes-coronalmassejection-flare-filament (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3eba865e2a9d624b3c624e257f0dd29415c690c76db7f860ba2d9d5944ad28be This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
PT-2025-46904
Name of the Vulnerable Software and Affected Versions Socket Firewall versions prior to 0.15.5 Description Socket Firewall is an HTTP/HTTPS proxy server designed to enforce security policies by blocking dangerous packages. Versions of Socket Firewall prior to 0.15.5 are susceptible to arbitrary...
Malicious code in poliaoz-aiksdfo-alfdaasduggsdion (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b53eef561f1b516428d1b7e17aecbde9bdb410de0bef3d46d1c4a294460a2417 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in imodiov-koifi-cuidcg (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8d687eed4ffb353a798f717155ce5df7a920ae1166cae2af20ef04caf998d8ff This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in nuilava-drae-naha (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 17e50aa127f0c0d68b5c67885366f53a703c73bb10d324892500b7d34b53fa96 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in nokire-kore40 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0000140c3a3bc0594deb109b89a13656ce69ce9dbf86493d793103fa04490d53 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in cindy-tomat8-sluey (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b6bf6116f4e63e0fca65943d0ac151091f1d3a9da54ba2b2908e83165e8fb595 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-138181 Malicious code in yanti-bakwan75-sluey (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 50f2c9712fc5213b5d8c5756529de2c02f4576a7947541194290b8a5892b66b5 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in kiki-nasi33-miaww (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5bfbd4f9c061bb1e9d568dce3db004d74890c446c9c8ab3f981cdf992708aafb This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-116470 Malicious code in prospective_canid_z3n (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 18b8184d6210c4e4d2efc51af929d6da4b33ed14e3310c57d18155d1d3174a01 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...