Malicious code in fca-eryxenx (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7569b032ce4e06251ebfe06b4fc124689f20ca0a7e14b5b2395dc7295bfa18c6 The package's documented login API — loginemail, password, twofactor — POSTs the caller's Facebook email, password, and 2FA secret to...

CVE-2026-34721

Zammad is a web based open source helpdesk/customer support system. Prior to 7.0.1 and 6.5.4, the OAuth callback endpoints for Microsoft, Google, and Facebook external credentials do not validate a CSRF state parameter. This vulnerability is fixed in 7.0.1 and 6.5.4...

CVE-2026-34721

Zammad (web-based helpdesk) has a CSRF vulnerability in the OAuth callback endpoints for external credentials (Microsoft, Google, Facebook). Prior to versions 7.0.1 and 6.5.4, these endpoints do not validate the CSRF state parameter, enabling potential CSRF-like behavior in the OAuth flow. The is...

PT-2026-31418

Name of the Vulnerable Software and Affected Versions Zammad versions prior to 7.0.1 and prior to 6.5.4 Description The OAuth callback endpoints for Microsoft, Google, and Facebook external credentials do not validate a CSRF state parameter. This could allow an attacker to potentially compromise...

CVE-2025-66629

HedgeDoc is an open source, real-time, collaborative, markdown notes application. Prior to 1.10.4, some of HedgeDoc's OAuth2 endpoints for social login providers such as Google, GitHub, GitLab, Facebook or Dropbox lack CSRF protection, since they don't send a state parameter and verify the respon...

CVE-2025-12098 Academy LMS Pro <= 3.3.8 - Unauthenticated Sensitive Information Exposure via 'enqueue_social_login_script'

The Academy LMS – WordPress LMS Plugin for Complete eLearning Solution plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.3.8 via the 'enqueuesocialloginscript' function. This makes it possible for unauthenticated attackers to extract...

WordPress Felan Framework Improper Authentication Vulnerability

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language.WordPress plugin is an application plugin. A vulnerability exists in the WordPress Felan Framework, which is caused by the presence of hard-coded passwords in the fbajaxloginorregister function and t...

EUVD-2025-34721

The Felan Framework plugin for WordPress is vulnerable to improper authentication in versions up to, and including, 1.1.4. This is due to the hardcoded password in the 'fbajaxloginorregister' function and in the 'googleajaxloginorregister' function. This makes it possible for unauthenticated...

CVE-2025-10850 Felan Framework <= 1.1.4 - Hardcoded Credentials

The Felan Framework plugin for WordPress is vulnerable to improper authentication in versions up to, and including, 1.1.4. This is due to the hardcoded password in the 'fbajaxloginorregister' function and in the 'googleajaxloginorregister' function. This makes it possible for unauthenticated...

WordPress plugin Felan Framework 信任管理问题漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language.WordPress plugin is an application plugin. A vulnerability exists in the WordPress Felan Framework, which is caused by the presence of hard-coded passwords in the fbajaxloginorregister function and t...

CVE-2025-11522

The Search & Go - Directory WordPress Theme theme for WordPress is vulnerable to Authentication Bypass via account takeover in all versions up to, and including, 2.7. This is due to insufficient user validation in the searchandgoelatedcheckfacebookuser function This makes it possible for...

CVE-2025-11522

The Search & Go - Directory WordPress Theme theme for WordPress is vulnerable to Authentication Bypass via account takeover in all versions up to, and including, 2.7. This is due to insufficient user validation in the searchandgoelatedcheckfacebookuser function This makes it possible for...

CVE-2025-11522 Search & Go - Directory WordPress Theme <= 2.7 - Authentication Bypass to Privilege Escalation via Account Takeover

The Search & Go - Directory WordPress Theme theme for WordPress is vulnerable to Authentication Bypass via account takeover in all versions up to, and including, 2.7. This is due to insufficient user validation in the searchandgoelatedcheckfacebookuser function This makes it possible for...

CVE-2025-11522 Search & Go - Directory WordPress Theme <= 2.7 - Authentication Bypass to Privilege Escalation via Account Takeover

The Search & Go - Directory WordPress Theme theme for WordPress is vulnerable to Authentication Bypass via account takeover in all versions up to, and including, 2.7. This is due to insufficient user validation in the searchandgoelatedcheckfacebookuser function This makes it possible for...

CVE-2025-11522

CVE-2025-11522 is a high-severity vulnerability in the WordPress theme/plugin “Search & Go – Directory WordPress Theme” up to version 2.7. The root cause is insufficient validation in the search_and_go_elated_check_facebook_user() function, enabling an unauthenticated attacker to bypass authentic...

EUVD-2025-33232

The Search & Go - Directory WordPress Theme theme for WordPress is vulnerable to Authentication Bypass via account takeover in all versions up to, and including, 2.7. This is due to insufficient user validation in the searchandgoelatedcheckfacebookuser function This makes it possible for...

PT-2025-41360

Name of the Vulnerable Software and Affected Versions Search & Go - Directory WordPress Theme versions prior to 2.7 Description The Search & Go - Directory WordPress Theme is susceptible to authentication bypass, potentially leading to account takeover. This occurs due to inadequate user validati...

EUVD-2023-34168

Malicious code in bioql PyPI...

EUVD-2025-25633

Malicious code in bioql PyPI...

EUVD-2023-33554

Malicious code in bioql PyPI...