241 matches found
CVE-2026-36719
An information disclosure vulnerability in the /api/v1/user/info endpoint of AgentChat v2.3.0 allows unauthenticated attackers to obtain sensitive information, including SHA256 password hashes, via enumerating user IDs...
CVE-2026-36719
An information disclosure vulnerability in the /api/v1/user/info endpoint of AgentChat v2.3.0 allows unauthenticated attackers to obtain sensitive information, including SHA256 password hashes, via enumerating user IDs...
Malicious code in @klapp-otp/routes (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9246974efd1a626094dd3f2027df2e8f1468ce45ebcba42e5207a06c5c9e16ee On npm install, this package auto-executes index.js via the preinstall lifecycle hook. The script collects os.hostname, os.userInfo, dirname,...
CVE-2026-9185
CVE-2026-9185 affects the WordPress plugin 6Storage Rentals (versions
CVE-2026-36719
An information disclosure vulnerability in the /api/v1/user/info endpoint of AgentChat v2.3.0 allows unauthenticated attackers to obtain sensitive information, including SHA256 password hashes, via enumerating user IDs...
CVE-2026-36719
AgentChat v2.3.0 contains an information disclosure vulnerability in the /api/v1/user/info endpoint. The flaw allows unauthenticated attackers to enumerate user IDs and access sensitive data, including SHA-256 password hashes. Publicly available documents do not provide a confirmed root cause or ...
PT-2026-47684
The 6Storage Rentals plugin for WordPress is vulnerable to Authorization Bypass Through User-Controlled Key in all versions up to and including 2.22.0 via the userId parameter of the six storage get user info and six storage update profile AJAX actions. This is due to the six storage getUserInfo...
CVE-2026-36719
An information disclosure vulnerability in the /api/v1/user/info endpoint of AgentChat v2.3.0 allows unauthenticated attackers to obtain sensitive information, including SHA256 password hashes, via enumerating user IDs...
BIT-NEO4J-2026-1471 Caching of authentication context
Excessive caching of authentication context in Neo4j Enterprise edition versions prior to 2026.1.4 leads to authenticated users inheriting the context of the first user who authenticated after restart. The issue is limited to certain non-default configurations of SSO UserInfo endpoint. We recomme...
Malicious code in itc-actors-api (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 22687e1f7601dde1753d3775925d62d040892631394937e56e9b9fba74fb85c6 The package contains callback.js which collects host identifiers and user information os.hostname, os.userInfo, os.platform, cwd and transmits them v...
MAL-2026-4633 Malicious code in osep-api-hub-service-client-v1 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cd131719d20e013a4627e1ea402ffc26135d66a5d6dd35669b8a3a6fb85e5f76 package.json declares "preinstall": "node index.js", causing index.js to run automatically on npm install. index.js collects host identifiers —...
Malicious code in omnius (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2aceac0879b587bc711c3f156bf0de4bab90f3774816a6cbeb36a2cf9bb03e12 The package's postinstall lifecycle hook launches dist/postinstall-daemon.cjs, which combines childprocess.execSync, os.userInfo, filesystem probes,...
org.keycloak/keycloak-services: Open redirect when using wildcard valid redirect URIs in Keycloak
A flaw was found in Keycloak's URL validation logic during redirect operations. By crafting a malicious request, an attacker could bypass validation to redirect users to unauthorized URLs, potentially leading to the exposure of sensitive information within the domain or facilitating further...
org.keycloak/keycloak-services: Open redirect when using wildcard valid redirect URIs in Keycloak
A flaw was found in Keycloak's URL validation logic during redirect operations. By crafting a malicious request, an attacker could bypass validation to redirect users to unauthorized URLs, potentially leading to the exposure of sensitive information within the domain or facilitating further...
MAL-2026-4418 Malicious code in @pluxee-connect/api-client (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0f5056dda18e9a9f440db7379d09fa1f9f7ff087ac00d6684170cddd40c240e9 On npm install, postinstall.js collects os.hostname, os.userInfo, and process.version and transmits them over plain HTTP to...
Malicious code in @pluxee-connect/api-client (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0f5056dda18e9a9f440db7379d09fa1f9f7ff087ac00d6684170cddd40c240e9 On npm install, postinstall.js collects os.hostname, os.userInfo, and process.version and transmits them over plain HTTP to...
Keycloak: Open redirect when using wildcard valid redirect URIs in Keycloak
A flaw was found in Keycloak's URL validation logic during redirect operations. By crafting a malicious request, an attacker could bypass validation to redirect users to unauthorized URLs, potentially leading to the exposure of sensitive information within the domain or facilitating further...
CVE-2026-7504
A flaw was found in Keycloak's URL validation logic during redirect operations. By crafting a malicious request, an attacker could bypass validation to redirect users to unauthorized URLs, potentially leading to the exposure of sensitive information within the domain or facilitating further...
CVE-2026-7504 Org.keycloak/keycloak-services: open redirect when using wildcard valid redirect uris in keycloak
A flaw was found in Keycloak's URL validation logic during redirect operations. By crafting a malicious request, an attacker could bypass validation to redirect users to unauthorized URLs, potentially leading to the exposure of sensitive information within the domain or facilitating further...
CVE-2026-7504
A flaw was found in Keycloak's URL validation logic during redirect operations. By crafting a malicious request, an attacker could bypass validation to redirect users to unauthorized URLs, potentially leading to the exposure of sensitive information within the domain or facilitating further...