6552 matches found
MAL-2025-191413 Malicious code in ra-auth-firebase (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4ddebb70a73861543e5a68b94eb70a9b3e2fa3726a977ef776f8ef3fc75f0e76 The package ra-auth-firebase was found to contain malicious code. Source: ghsa-malware d4c20e629d2ccf83a4cc1a771392c0f879de71df77471d5e822fc511e415cb...
MAL-2025-191311 Malicious code in @silgi/better-auth (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 528101596869077cdc065844f592e42299e9806c92d2b4f6f145ccd18194fdd5 The package @silgi/better-auth was found to contain malicious code. Source: ghsa-malware...
EUVD-2025-199293
Malicious code in @silgi/better-auth npm...
Malicious code in @silgi/better-auth (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 528101596869077cdc065844f592e42299e9806c92d2b4f6f145ccd18194fdd5 The package @silgi/better-auth was found to contain malicious code. Source: ghsa-malware...
MAL-2025-191073 Malicious code in better-auth-nuxt (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 63a2c1f5ccee32dc0e1c83e0664d434add6b894caa54c57f137fe0367cba558f The package better-auth-nuxt was found to contain malicious code. Source: ghsa-malware 14fe0837bf9131779e90c6a1e8530acbe2d811b2df09dfa25d2d86c5a151c0...
EUVD-2025-199169
Malicious code in better-auth-nuxt npm...
Malicious code in better-auth-nuxt (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 63a2c1f5ccee32dc0e1c83e0664d434add6b894caa54c57f137fe0367cba558f The package better-auth-nuxt was found to contain malicious code. Source: ghsa-malware 14fe0837bf9131779e90c6a1e8530acbe2d811b2df09dfa25d2d86c5a151c0...
EUVD-2025-199071
Malicious code in itobuz-angular-auth npm...
Malicious code in itobuz-angular-auth (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector afed61db59aa59cee728d1b2cbe413a85ae32a192004efad9e9d126770433bdf The package itobuz-angular-auth was found to contain malicious code. Source: ghsa-malware...
MAL-2025-190972 Malicious code in itobuz-angular-auth (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector afed61db59aa59cee728d1b2cbe413a85ae32a192004efad9e9d126770433bdf The package itobuz-angular-auth was found to contain malicious code. Source: ghsa-malware...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Sha1-hulud supply chain attack, and its content was removed from the official package manager. The malware functions as a self-replicating worm capable of...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Sha1-hulud supply chain attack, and its content was removed from the official package manager. The malware functions as a self-replicating worm capable of...
Malicious code in @trigo/hapi-auth-signedlink (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bed6824ae90bafaade2c426612b295defed6107b61296445aa2d1d728729c23b The package @trigo/hapi-auth-signedlink was found to contain malicious code. Source: ghsa-malware...
EUVD-2025-198848
Malicious code in @trigo/hapi-auth-signedlink npm...
EUVD-2025-198693
Malicious code in @alaan/s2s-auth npm...
CVE-2025-12170 Checkbox <= 2.8.10 - Missing Authorization to Unauthenticated Log Clearing
The Checkbox plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'wpajaxnoprivcheckboxcleanlog' AJAX endpoint in all versions up to, and including, 2.8.10. This makes it possible for unauthenticated attackers to clear log files...
PT-2025-47813
Name of the Vulnerable Software and Affected Versions Langfuse versions 2.95.0 through 2.95.11 Langfuse versions 3.17.0 through 3.130.0 Description Langfuse is a large language model engineering platform. In Single Sign-On SSO provider configurations lacking an explicit AUTH CHECK setting, a...
CVE-2025-60794
Session tokens and passwords in couch-auth 0.21.2 are stored in JavaScript objects and remain in memory without explicit clearing in src/user.ts lines 700-707. This creates a window of opportunity for sensitive data extraction through memory dumps, debugging tools, or other memory access...
CVE-2025-60794
Session tokens and passwords in couch-auth 0.21.2 are stored in JavaScript objects and remain in memory without explicit clearing in src/user.ts lines 700-707. This creates a window of opportunity for sensitive data extraction through memory dumps, debugging tools, or other memory access...
CVE-2025-60794
Session tokens and passwords in couch-auth 0.21.2 are stored in JavaScript objects and remain in memory without explicit clearing in src/user.ts lines 700-707. This creates a window of opportunity for sensitive data extraction through memory dumps, debugging tools, or other memory access...