MAL-2026-4651 Malicious code in pulse-axios (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c64dad53e23f7fcba3813e9ae6caee3f9461f5e52194165da668e5332e78bb99 [email protected] declares a postinstall hook node./lib/core/eval.js that on npm install issues fetch'http://localhost:3000/download/data', reads th...

CVE-2025-7974

rocket.chat Incorrect Authorization Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of rocket.chat. Authentication is not required to exploit this vulnerability. The specific flaw exists within the web...

CVE-2025-7974

rocket.chat Incorrect Authorization Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of rocket.chat. Authentication is not required to exploit this vulnerability. The specific flaw exists within the web...

CVE-2025-7974

rocket.chat Incorrect Authorization Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of rocket.chat. Authentication is not required to exploit this vulnerability. The specific flaw exists within the web...

CVE-2025-7974 rocket.chat Incorrect Authorization Information Disclosure Vulnerability

rocket.chat Incorrect Authorization Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of rocket.chat. Authentication is not required to exploit this vulnerability. The specific flaw exists within the web...

CVE-2025-7974 rocket.chat Incorrect Authorization Information Disclosure Vulnerability

rocket.chat Incorrect Authorization Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of rocket.chat. Authentication is not required to exploit this vulnerability. The specific flaw exists within the web...

CVE-2025-7974

CVE-2025-7974 affects rocket.chat. The vulnerability is an incorrect authorization flaw in the web service (listening on TCP port 3000 by default) that allows remote attackers to disclose sensitive information without authentication. The issue is documented with the ZDI advisory (ZDI-25-627) and ...

PT-2025-30358

Name of the Vulnerable Software and Affected Versions rocket.chat affected versions not specified Description This issue allows remote attackers to disclose sensitive information on affected installations of rocket.chat. Authentication is not required to exploit this issue. The flaw exists within...

CVE-2023-31634

In TeslaMate before 1.27.2, there is unauthorized access to port 4000 for remote viewing and operation of user data. After accessing the IP address for the TeslaMate instance, an attacker can switch the port to 3000 to enter Grafana for remote operations. At that time, the default username and...

CVE-2024-1863

Sante PACS Server Token Endpoint SQL Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Sante PACS Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within th...

CVE-2024-1863

Sante PACS Server Token Endpoint SQL Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Sante PACS Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within th...

CVE-2024-1863

Summary : CVE-2024-1863 affects Sante PACS Server. The vulnerability lies in the token endpoint handling HTTP requests on port 3000, where the token parameter is not properly validated before being used in SQL queries, enabling unauthenticated remote code execution in the context of NETWORK SERVI...

TeslaMate 安全漏洞

TeslaMate is an open source project, a self-hosted data logger for Tesla. A security vulnerability exists in versions of TeslaMate prior to 1.27.2. After accessing the IP address of a TeslaMate instance, an attacker could switch port to 3000 and enter Grafana to perform remote operations...

CVE-2023-31634

CVE-2023-31634 affects TeslaMate before 1.27.2, where an attacker can access port 4000 for remote viewing/operation and then switch to port 3000 to reach Grafana, using default Grafana credentials to enter the management console without authentication. This mirrors a related issue (CVE-2022-23126...

PT-2024-12286 · Teslamate +1 · Teslamate +1

Name of the Vulnerable Software and Affected Versions: TeslaMate versions prior to 1.27.2 Description: The issue allows unauthorized access to port 4000 for remote viewing and operation of user data. An attacker can access the IP address for the TeslaMate instance, switch the port to 3000 to ente...

PT-2024-18372 · Unknown · Sante Pacs Server

Name of the Vulnerable Software and Affected Versions: Sante PACS Server affected versions not specified Description: This issue allows remote attackers to execute arbitrary code on affected installations of Sante PACS Server. Authentication is not required to exploit this issue. The specific fla...

Sante PACS Server Token Endpoint SQL Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Sante PACS Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of HTTP requests on port 3000. When parsing the token parameter, the...

Delta Electronics InfraSuite Device Master Device-DataCollect Deserialization of Untrusted Data Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics InfraSuite Device Master. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Device-DataCollect service, which listens on TCP port 300...

Delta Electronics InfraSuite Device Master Device-DataCollect Deserialization of Untrusted Data Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics InfraSuite Device Master. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Device-DataCollect service, which listens on TCP port 300...

Delta Industrial Automation InfraSuite Device Master Device-DataCollect Service Deserialization of Untrusted Data Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Industrial Automation InfraSuite Device Master. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Device-DataCollect service, which listens on TC...