14 matches found
EUVD-2025-36969
Malicious code in intaffirmcontrollers npm...
MAL-2025-49097 Malicious code in int_affirm_controllers (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4c121a8e42740e77bf8fbd68555baf163e58d04b145e5ad42bbc0feb3a087628 The package intaffirmcontrollers was found to contain malicious code. Source: ossf-package-analysis...
MAL-2025-14137 Malicious code in affirm-assets (npm)
The package affirm-assets was found to contain malicious code...
Malicious code in affirm-assets (npm)
The package affirm-assets was found to contain malicious code...
MAL-2025-23259 Malicious code in int_affirm_sfra (npm)
The package intaffirmsfra was found to contain malicious code...
MAL-2025-5886 Malicious code in affirm-stories (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware d272936a4eff29177065edbae96d257f877dfa97b8ccc9f9bef126d0b7552659 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in affirm-stories (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware d272936a4eff29177065edbae96d257f877dfa97b8ccc9f9bef126d0b7552659 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in affirm-requests (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 8362ed1e225a9ca3a2a0f89805a87e4e190435fbb30755f6a7602849269c7499 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2024-7924 Malicious code in affirm-requests (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 8362ed1e225a9ca3a2a0f89805a87e4e190435fbb30755f6a7602849269c7499 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Affirm says Evolve Bank data breach also compromised some of its customers
Buy now, pay later payment specialist Affirm has warned that holders of its payment cards had their personal information exposed after a ransomware attack and data breach at Evolve Bank & Trust. In a form 8-K, submitted to the Securities and Exchange Commission SEC, Affirm states: “Because the...
Evolve Bank Data Breach Puts Affirm Cardholders Info at Risk
Affirm cardholders beware! Data breach at Evolve Bank, the issuer of Affirm credit cards, may expose personal information.…...
Affirm: IDOR to view order information of users and personal information
Summary: Broken access control is the method of controlling which users can perform a certain type of action or view set of data. Broken access control is a vulnerability that allows an attacker to circumvent those controls and perform more actions than they are allowed to, or view content they...
Affirm: Subdomain takeover of www█████████.affirm.com
Summary Hi there, assuming you want this report as your policy mentions Affirm resources with third-parties, but the scope was a little unclear. Regardless, www█████.affirm.com points to an AWS S3 bucket affirm-prod-www-cms█████████ that no longer exists. I was able to take control of this bucket...
Affirm: Open Redirect
Open Redirect Vulnerability: URL : https://www.affirm.com/ User can be redirect to malicious site POC:https://www.affirm.com///google.com/?www.affirm.com/?category=interview&page=2 I hope you know the impact of open redirect and more info refer https://cwe.mitre.org/data/definitions/601.html Impa...