6598 matches found
go-gh `auth.TokenForHost` violates GitHub host security boundary within a codespace
...
nvmet-auth: assign dh_key to NULL after kfree_sensitive
...
Malicious code in meli-auth (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 2fd228933bfbd22b6537f1ebb684b7d183ba26dc3647c4b9cffb7e5a089ecac1 The OpenSSF Package Analysis project identified 'meli-auth' @ 999.9.9 npm as malicious. It is considered malicious because: - The package...
MAL-2025-547 Malicious code in meli-auth (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 2fd228933bfbd22b6537f1ebb684b7d183ba26dc3647c4b9cffb7e5a089ecac1 The OpenSSF Package Analysis project identified 'meli-auth' @ 999.9.9 npm as malicious. It is considered malicious because: - The package...
Malicious code in lyft-auth (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 2c565f4f063903c396ce391a766b2f2e23376ee54056eed2f91fe4584c931069 The OpenSSF Package Analysis project identified 'lyft-auth' @ 999.9.9 npm as malicious. It is considered malicious because: - The package...
MAL-2025-524 Malicious code in lyft-auth (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 2c565f4f063903c396ce391a766b2f2e23376ee54056eed2f91fe4584c931069 The OpenSSF Package Analysis project identified 'lyft-auth' @ 999.9.9 npm as malicious. It is considered malicious because: - The package...
Malicious code in iberia-auth (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis bd29cd417b8dec54243dc5adc05798a3265ed0ecab1ca348793ac0b61d885e23 The OpenSSF Package Analysis project identified 'iberia-auth' @ 999.9.9 npm as malicious. It is considered malicious because: - The package...
MAL-2025-486 Malicious code in iberia-auth (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis bd29cd417b8dec54243dc5adc05798a3265ed0ecab1ca348793ac0b61d885e23 The OpenSSF Package Analysis project identified 'iberia-auth' @ 999.9.9 npm as malicious. It is considered malicious because: - The package...
Malicious code in godaddy-auth (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis c54464c94638aea7ef7fe1487d3fca93fd814ea21143ed03917174262afebe99 The OpenSSF Package Analysis project identified 'godaddy-auth' @ 999.9.9 npm as malicious. It is considered malicious because: - The package...
MAL-2025-459 Malicious code in godaddy-auth (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis c54464c94638aea7ef7fe1487d3fca93fd814ea21143ed03917174262afebe99 The OpenSSF Package Analysis project identified 'godaddy-auth' @ 999.9.9 npm as malicious. It is considered malicious because: - The package...
MAL-2025-397 Malicious code in bookingcom-auth (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware e7237784b36f09a01626b97a404f66a5ec889f55f623dd7d6e907f48d2b99d69 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in amazon-auth (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 972d775baca466f5fa482d2629c80172c236ea0f349612f1e9e9aa9f00919807 The OpenSSF Package Analysis project identified 'amazon-auth' @ 999.9.9 npm as malicious. It is considered malicious because: - The package...
MAL-2025-371 Malicious code in amazon-auth (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 972d775baca466f5fa482d2629c80172c236ea0f349612f1e9e9aa9f00919807 The OpenSSF Package Analysis project identified 'amazon-auth' @ 999.9.9 npm as malicious. It is considered malicious because: - The package...
Important: tomcat10
Issue Overview: Time-of-check Time-of-use TOCTOU Race Condition vulnerability during JSP compilation in Apache Tomcat permits an RCE on case insensitive file systems when the default servlet is enabled for write non-default configuration. This issue affects Apache Tomcat: from 11.0.0-M1 through...
Malicious code in airbnb-auth (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 569af68d5b2f70cc46c62d3be362723205c02819f13c60a456a6925c2f6d1dd2 The OpenSSF Package Analysis project identified 'airbnb-auth' @ 999.9.9 npm as malicious. It is considered malicious because: - The package...
MAL-2025-357 Malicious code in airbnb-auth (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 569af68d5b2f70cc46c62d3be362723205c02819f13c60a456a6925c2f6d1dd2 The OpenSSF Package Analysis project identified 'airbnb-auth' @ 999.9.9 npm as malicious. It is considered malicious because: - The package...
CVE-2025-23506
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in imsoftware WP IMAP Auth wp-imap-authentication allows Reflected XSS.This issue affects WP IMAP Auth: from n/a through = 4.0.1...
CVE-2025-23506 WordPress WP IMAP Auth plugin <= 4.0.1 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in imsoftware WP IMAP Auth wp-imap-authentication allows Reflected XSS.This issue affects WP IMAP Auth: from n/a through = 4.0.1...
CVE-2025-23506 WordPress WP IMAP Auth plugin <= 4.0.1 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in imsoftware WP IMAP Auth wp-imap-authentication allows Reflected XSS.This issue affects WP IMAP Auth: from n/a through = 4.0.1...
CVE-2025-23506
CVE-2025-23506 is a Reflected XSS in the WP IMAP Auth plugin affecting versions up to 4.0.1 (NotFound WP IMAP Auth). The root cause is improper neutralization of input during web page generation. CVSS 3.1 base score 7.1 (HIGH) with NETWORK attacker, no user privileges, and user interaction requir...