MAL-2026-3597 Malicious code in @draftlab/auth-router (npm)

--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security 5e1924464368f0c5816ee84e000cc47017f44045140feafbbc9e685d847ed5a5 This package was compromised as part of the "Mini Shai-Hulud is back" worm by the TeamPCP threat actor. The package will steal credentials...

Malicious code in @draftlab/auth-router (npm)

--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security 5e1924464368f0c5816ee84e000cc47017f44045140feafbbc9e685d847ed5a5 This package was compromised as part of the "Mini Shai-Hulud is back" worm by the TeamPCP threat actor. The package will steal credentials...

MAL-2026-3596 Malicious code in @draftlab/auth (npm)

--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security 5e1924464368f0c5816ee84e000cc47017f44045140feafbbc9e685d847ed5a5 This package was compromised as part of the "Mini Shai-Hulud is back" worm by the TeamPCP threat actor. The package will steal credentials...

dnsmasq_2.92_pocs

dnsmasq 2.92 — Proof of Concepts Self-contained reproduction...

Malicious code in @uipath/auth (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b81e35e62a526162bdd6479e8f80cea429ab1ea1ec96b59475750d7fb8cb32e1 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in @beproduct/nestjs-auth (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector eead7b1c6446924fec345e042b8bd966ea184deae755f876326cf99040f5f107 The package @beproduct/nestjs-auth was found to contain malicious code. Source: ghsa-malware...

CVE-2023-27753

CVE-2023-27753 describes an arbitrary file upload vulnerability in MK-Auth 23.01K4.9 that allows attackers to execute arbitrary code by uploading a crafted PHP file. The Red Hat, EUVD, NVD and CVE records corroborate the same description. The core issue is a file upload flaw enabling remote code ...

CVE-2023-27753

An arbitrary file upload vulnerability in MK-Auth 23.01K4.9 allows attackers to execute arbitrary code via uploading a crafted PHP file...

CVE-2023-27753

An arbitrary file upload vulnerability in MK-Auth 23.01K4.9 allows attackers to execute arbitrary code via uploading a crafted PHP file...

CVE-2023-30059

An insecure direct object reference in MK-Auth 23.01K4.9 allows an attacker to access and send support calls for other users by manipulating the chamado parameter via a crafted GET request. The documents do not provide details on exploited versions, specific vectors beyond the parameter manipulat...

Mk-Auth 安全漏洞

Mk-Auth is a Brazilian internet service provider management system developed by Mk-Auth company. It is used to control client access and permissions through a network interface panel. Version 23.01K4.9 of MK-Auth contains a security vulnerability caused by insecure direct object references. This...

MK-AUTH 安全漏洞

MK-AUTH is a set of access control systems developed by Pedro Filho in Brazil. Version 23.01K4.9 of MK-AUTH contains security vulnerabilities. These vulnerabilities stem from arbitrary file uploads, which may allow attackers to execute arbitrary code by uploading specially crafted PHP files...

PT-2026-40532

OAuth State Validation Bypass via error Parameter Causes Local Server DoS in MCP Auth Callback --- Description The OpenClaude MCP authentication flow starts a temporary local HTTP server to handle OAuth callbacks. To prevent CSRF attacks, the server validates a state parameter against an internal...

PT-2026-40331

Cleanuparr is a tool for automating the cleanup of unwanted or blocked files in Sonarr, Radarr, and supported download clients like qBittorrent. Prior to 2.9.10, Cleanuparr's global CORS policy reflects every request Origin and combines it with AllowCredentials. When DisableAuthForLocalAddresses ...

CVE-2023-30059

An insecure direct object reference in MK-Auth 23.01K4.9 allows attackers to access and send support calls for other users via manipulation of the chamado parameter through a crafted GET request...

CVE-2026-42887

Audiobookshelf is a self-hosted audiobook and podcast server. Prior to 2.33.0, a stored cross-site scripting XSS vulnerability exists in the Login Page due to improper sanitization of the authLoginCustomMessage field of the /api/auth-settings endpoint. An attacker with administrative privileges c...

CVE-2026-42887 Audiobookshelf: Stored Cross-Site Scripting in Login Page Custom Message

Audiobookshelf is a self-hosted audiobook and podcast server. Prior to 2.33.0, a stored cross-site scripting XSS vulnerability exists in the Login Page due to improper sanitization of the authLoginCustomMessage field of the /api/auth-settings endpoint. An attacker with administrative privileges c...

CVE-2026-42887

CVE-2026-42887 affects Audiobookshelf before version 2.33.0. The issue is a stored cross-site scripting (XSS) in the Login Page caused by improper sanitization of the authLoginCustomMessage field in the /api/auth-settings endpoint. An attacker with administrative privileges can inject arbitrary H...

CVE-2026-42565

Summary of CVE-2026-42565 : In @workos/authkit-session, prior to version 0.5.1, AuthService.handleCallback decodes and returns the returnPathname derived from the OAuth state parameter without validating origin or scheme. Attackers who influence the state can cause an attacker-controlled URL to b...

GHSA-P3PV-C954-9M6F Duplicate Advisory: OpenClaw: Owner-enforced commands could accept wildcard channel senders as command owners

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-c28g-vh7m-fm7v. This link is maintained to preserve external references. Original Description OpenClaw before 2026.4.21 contains an authorization bypass vulnerability in command-auth.ts that allows non-owner...