Malicious code in 0x2ai-demo10x (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2c4c4b3e66489f3a4383df5e62540498343c5ab3a5ce145df5733b2820efc71b On npm install, scripts/postinstall.cjs runs fs.cpSyncpayload, process.env.INITCWD, recursive: true , copying.mcp.json,...

CVE-2025-69970

FUXA v1.2.7 contains an insecure default configuration vulnerability in server/settings.default.js. The 'secureEnabled' flag is commented out by default, causing the application to initialize with authentication disabled. This allows unauthenticated remote attackers to access sensitive API...

CVE-2025-69970

FUXA v1.2.7 contains an insecure default configuration vulnerability in server/settings.default.js. The 'secureEnabled' flag is commented out by default, causing the application to initialize with authentication disabled. This allows unauthenticated remote attackers to access sensitive API...

PT-2026-5978

Name of the Vulnerable Software and Affected Versions FUXA version 1.2.7 Description The software initializes with authentication disabled due to the 'secureEnabled' flag being commented out in the 'server/settings.default.js' file. This allows unauthenticated remote attackers to access sensitive...

CVE-2025-63783

A Broken Object Level Authorization BOLA vulnerability was discovered in the tRPC project mutation APIs update, delete, add/remove tag of the Onlook web application 0.2.32. The vulnerability exists because the API fails to verify the ownership or membership of the currently authenticated user for...

CVE-2025-63783

Onlook web application 0.2.32 contains a Broken Object Level Authorization (BOLA) in tRPC mutation APIs (update, delete, add/remove tag). The API fails to verify the requester’s ownership/membership for the target project ID, enabling an authenticated attacker to modify, delete, or manipulate tag...

EUVD-2011-0486

Malware in sbrugna...

EUVD-2020-0086

Malware in sbrugna...

EUVD-2022-24803

Malicious code in bioql PyPI...

CVE-2020-15120

In "I hate money" before version 4.1.5, an authenticated member of one project can modify and delete members of another project, without knowledge of this other project's private code. This can be further exploited to access all bills of another project without knowledge of this other project's...

The vulnerability of the Trusted Slot function in Rockwell Automation’s microprogrammed logic controllers models 1756-EN4TR, 1756-EN2T Series A/B/C, 1756-EN2F Series A/B, 1756-EN2TR Series A/B, 1756-EN3TR Series B, 1756-EN2T Series D, 1756-EN2F Series C, 1756-EN2TR Series C, 1756-EN3TR Series B, 1756-EN2TP Series A. This vulnerability allows a attacker to modify user projects and/or device configurations.

The vulnerability of the Trusted Slot function in Rockwell Automation’s microprogrammed logic controllers models 1756-EN4TR, 1756-EN2T Series A/B/C, 1756-EN2F Series A/B, 1756-EN2TR Series A/B, 1756-EN3TR Series B, 1756-EN2T Series D, 1756-EN2F Series C, 1756-EN2TR Series C, 1756-EN3TR Series B,...

PT-2024-29408 · Lunary · Lunary

Name of the Vulnerable Software and Affected Versions: lunary-ai/lunary version v1.2.13 Description: The issue is related to an incorrect authorization vulnerability that allows unauthorized users to access and manipulate projects within an organization they should not have access to. This...

Design/Logic Flaw

MeterSphere is an open source continuous testing platform, covering functions such as test tracking, interface testing, UI testing, and performance testing. This IDOR vulnerability allows the administrator of a project to modify other projects under the workspace. An attacker can obtain some...

MeterSphere 安全漏洞

MeterSphere is MeterSphere's open source one-stop open source continuous testing platform. MeterSphere version 2.9.0 before the security vulnerability , the vulnerability stems from allowing the administrator of a project to modify other projects under the workspace...

SUSE CVE-2011-0466

The API in SUSE openSUSE Build Service OBS 2.0.x before 2.0.8 and 2.1.x before 2.1.6 allows attackers to bypass intended write-access restrictions and modify a 1 package or 2 project via unspecified vectors...

Octopus Server 安全漏洞

Octopus Server is an automated deployment platform. A security vulnerability in all 2021.3.x versions prior to Octopus Server version 2021.3.12725 and all 2022.1.x versions prior to 2022.1.2454 stems from not properly validating permissions in the API for projects that use Git version control. Th...

GitLab Licensing Issue Vulnerability (CNVD-2021-91181)

GitLab is a self-hosted, Git version control system project repository application developed using Ruby on Rails by GitLab, Inc. The application can be used to access a project's file content, commit history, bug list, etc. An authorization issue vulnerability exists in GitLab CE/EE, which can be...

CVE-2020-15120

In "I hate money" before version 4.1.5, an authenticated member of one project can modify and delete members of another project, without knowledge of this other project's private code. This can be further exploited to access all bills of another project without knowledge of this other project's...

CVE-2020-15120

In "I hate money" before version 4.1.5, an authenticated member of one project can modify and delete members of another project, without knowledge of this other project's private code. This can be further exploited to access all bills of another project without knowledge of this other project's...

CVE-2020-15120

CVE-2020-15120 concerns I hate money prior to 4.1.5, where an authenticated member of one project could modify or delete members of another project and access all bills of that project. Root cause involves insufficient project-scoped checks, enabling cross-project membership alterations once an a...