8226 matches found
MAL-2025-145583 Malicious code in nodemon-middleware-non-blocking-eclipse (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0911c18dba18f41ddc05e9ca6f4eb53d1a1290db69de8d120a48d8b7b16b0d46 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-146663 Malicious code in prompts-elara-neptune-middleware (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e88763e4db6d89db36b23e397b116aa485ef8cc5797796b29504d0df8bdf70c1 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-140813 Malicious code in cli-ursa-lyra-middleware (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 404b7635e00676f5a1f01eb0daf4d7a14be165f5c23502d43264abd963cd7c7f This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-140218 Malicious code in bulma-middleware-procyon-buffer (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a2da90094f5a03de39c5fd357369364e0b32f35ff16c2eb61f23441b9e23f3d8 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-148009 Malicious code in slidev-mongoose-middleware-pegasus (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e740fbc701afa1668b536493648225563f609e28680c2dced973d44fa761e5ff This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
CVE-2025-64502
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. The MongoDB explain method provides detailed information about query execution plans, including index usage, collection scanning behavior, and performance metrics. Prior to version 8.5.0-alpha....
SAP Business Connector 操作系统命令注入漏洞
SAP Business Connector is a middleware from SAP, Germany. SAP Business Connector suffers from an operating system command injection vulnerability that stems from OS command injection and could lead to the execution of arbitrary operating system commands...
CVE-2025-64502 Parse Server allows public `explain` queries which may expose sensitive database performance information and schema details
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. The MongoDB explain method provides detailed information about query execution plans, including index usage, collection scanning behavior, and performance metrics. Prior to version 8.5.0-alpha....
VulnCheck KEV: CVE-2025-54123
Hoverfly is an open source API simulation tool. In versions 1.11.3 and prior, the middleware functionality in Hoverfly is vulnerable to command injection vulnerability at /api/v2/hoverfly/middleware endpoint due to insufficient validation and sanitization in user input. The vulnerability exists i...
EUVD-2025-37960
Improper authentication in the API authentication middleware of HCL DevOps Loop allows authentication tokens to be accepted without proper validation of their expiration and cryptographic signature. As a result, an attacker could potentially use expired or tampered tokens to gain unauthorized...
CVE-2025-55278
Improper authentication in the API authentication middleware of HCL DevOps Loop allows authentication tokens to be accepted without proper validation of their expiration and cryptographic signature. As a result, an attacker could potentially use expired or tampered tokens to gain unauthorized...
CVE-2025-55278
CVE-2025-55278 affects HCL DevOps Loop. Concrete details across sources show improper authentication in the API authentication middleware, allowing tokens to be accepted without proper validation of expiration or cryptographic signature. Affected component is the API authentication layer; root ca...
HCL DevOps Loop 安全漏洞
HCL DevOps Loop is a suite of code development platforms from HCL India. A security vulnerability exists in HCL DevOps Loop that stems from the API authentication middleware not properly validating token expiration times and cryptographic signatures, which could lead to the use of expired or...
Malicious code in epic-okta-express-middleware (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 236ca6a4112270418e1024dd6136da781ae916d8e5e2db49347e687cd5c85ac0 The package epic-okta-express-middleware was found to contain malicious code...
EUVD-2025-37117
Malicious code in epic-okta-express-middleware npm...
MAL-2025-49176 Malicious code in epic-okta-express-middleware (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 236ca6a4112270418e1024dd6136da781ae916d8e5e2db49347e687cd5c85ac0 The package epic-okta-express-middleware was found to contain malicious code...
Open Redirect
Overview Affected versions of this package are vulnerable to Open Redirect via manipulation of the Forwarded or X-Forwarded-Host headers used to construct password reset confirmation links. An attacker can gain unauthorized access to user accounts by tricking users into clicking a password reset...
EUVD-2025-36363
PILOS Platform for Interactive Live-Online Seminars is a frontend for BigBlueButton. PILOS before 4.8.0 includes a Cross-Origin Resource Sharing CORS misconfiguration in its middleware: it reflects the Origin request header back in the Access-Control-Allow-Origin response header without proper...
GHSA-Q7JF-GF43-6X6P Hono vulnerable to Vary Header Injection leading to potential CORS Bypass
Summary A flaw in the CORS middleware allowed request Vary headers to be reflected into the response, enabling attacker-controlled Vary values and potentially affecting cache behavior. Details The middleware previously copied the Vary header from the request when origin was not set to "". Since...
Vulnerabilities fixed in Oracle Commerce
Oracle has fixed vulnerabilities in several subcomponents of Oracle Commerce products, including Oracle Middleware Common Libraries, Oracle Documaker, Oracle WebCenter Forms Recognition, Oracle WebLogic Server, and Oracle Application Testing Suite. The vulnerabilities allow unauthenticated...