Malicious code in internal-api (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a3d884505401eed92805f1ab05ea82f7cb8f024bd1bc32a575f2068814a90a69 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-5160 Malicious code in internal-api (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a3d884505401eed92805f1ab05ea82f7cb8f024bd1bc32a575f2068814a90a69 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

PT-2025-50081

Name of the Vulnerable Software and Affected Versions Qualcomm embedded platform firmware affected versions not specified Description An issue exists in Qualcomm embedded platform firmware related to the disclosure of system data to a controlled area. Exploitation of this issue may allow an...

CVE-2022-29556

The iot-manager microservice 1.0.0 in Northern.tech Mender Enterprise before 3.2.2 allows SSRF because the Azure IoT Hub integration provides several SSRF primitives that can execute cross-tenant actions via internal API endpoints...

CVE-2016-3131

Cloudera CDH before 5.6.1 allows authorization bypass via direct internal API calls...

Insufficient Session Expiration

Overview Affected versions of this package are vulnerable to Insufficient Session Expiration through the Session API. An attacker can authenticate on behalf of the user by repeatedly using idp intents to retrieve the id and token from the application's URI. Remediation Upgrade...

CVE-2025-43703

An issue was discovered in Ankitects Anki through 25.02. A crafted shared deck can result in attacker-controlled access to the internal API even though the attacker has no knowledge of an API key through approaches such as scripts or the SRC attribute of an IMG element. NOTE: this issue exists...

CVE-2025-43703

An issue was discovered in Ankitects Anki through 25.02. A crafted shared deck can result in attacker-controlled access to the internal API even though the attacker has no knowledge of an API key through approaches such as scripts or the SRC attribute of an IMG element. NOTE: this issue exists...

CVE-2025-43703

An issue was discovered in Ankitects Anki through 25.02. A crafted shared deck can result in attacker-controlled access to the internal API even though the attacker has no knowledge of an API key through approaches such as scripts or the SRC attribute of an IMG element. NOTE: this issue exists...

CVE-2025-43703

An issue was discovered in Ankitects Anki through 25.02. A crafted shared deck can result in attacker-controlled access to the internal API even though the attacker has no knowledge of an API key through approaches such as scripts or the SRC attribute of an IMG element. NOTE: this issue exists...

CVE-2025-43703

An issue was discovered in Ankitects Anki through 25.02. A crafted shared deck can result in attacker-controlled access to the internal API even though the attacker has no knowledge of an API key through approaches such as scripts or the SRC attribute of an IMG element. NOTE: this issue exists...

PT-2025-16910 · Ankitects · Anki

Name of the Vulnerable Software and Affected Versions: Ankitects Anki versions prior to 25.02 Description: The issue allows for attacker-controlled access to the internal API through a crafted shared deck, even without knowledge of an API key. This can be achieved through various methods, includi...

CVE-2025-43703

Anki (Ankitects) up to version 25.02 is affected by CVE-2025-43703, which allows attacker-controlled access to the internal API via a crafted shared deck, even without knowledge of an API key. The issue stems from an incomplete fix for CVE-2024-32484 and can be triggered through methods such as s...

CVE-2024-58061

In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: prohibit deactivating all links In the internal API this calls this is a WARNON, but that should remain since internally we want to know about bugs that may cause this. Prevent deactivating all links in the debugf...

CVE-2024-58061 wifi: mac80211: prohibit deactivating all links

In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: prohibit deactivating all links In the internal API this calls this is a WARNON, but that should remain since internally we want to know about bugs that may cause this. Prevent deactivating all links in the debugf...

Remote Code Execution (RCE)

mitmproxy is vulnerable to Remote Code Execution RCE. The vulnerability is due to mitmweb's proxy server allowing access to its internal API, allowing an attacker to perform SSRF and potentially escalate to remote code execution...

CVE-2025-23217

mitmproxy is a interactive TLS-capable intercepting HTTP proxy for penetration testers and software developers and mitmweb is a web-based interface for mitmproxy. In mitmweb 11.1.1 and below, a malicious client can use mitmweb's proxy server bound to :8080 by default to access mitmweb's internal...

SUSE CVE-2025-23217

mitmproxy is a interactive TLS-capable intercepting HTTP proxy for penetration testers and software developers and mitmweb is a web-based interface for mitmproxy. In mitmweb 11.1.1 and below, a malicious client can use mitmweb's proxy server bound to :8080 by default to access mitmweb's internal...

DEBIAN-CVE-2025-23217

mitmproxy is a interactive TLS-capable intercepting HTTP proxy for penetration testers and software developers and mitmweb is a web-based interface for mitmproxy. In mitmweb 11.1.1 and below, a malicious client can use mitmweb's proxy server bound to :8080 by default to access mitmweb's internal...

UBUNTU-CVE-2025-23217

mitmproxy is a interactive TLS-capable intercepting HTTP proxy for penetration testers and software developers and mitmweb is a web-based interface for mitmproxy. In mitmweb 11.1.1 and below, a malicious client can use mitmweb's proxy server bound to :8080 by default to access mitmweb's internal...