6 matches found
CVE-2026-45688
The CVE-2026-45688 entry describes a pre-auth NoSQL injection in Rocket.Chat’s CAS login handler. Before versions 8.5.0, 8.4.1, 8.3.3, 8.2.3, 8.1.4, 8.0.5, 7.13.7, and 7.10.11, the handler forwards client-supplied options.cas.credentialToken directly into a MongoDB findOne({_id: …}) query without...
Malicious code in @service-user-notifications/set_notifications_not_removable (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a890f1cd8313de802c1425ca5603b7d1fabaf84cb1e47b582a4633dae34ccf14 On npm install, scripts/postinstall.js fetches a platform-specific binary from https://oob.moika.tech/payload/linux|mac|win, writes it to a hidden te...
MAL-2026-3763 Malicious code in exxpress-utils (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector dfa81f7c144d5feeea9c49254fbeec68f8271460d4a51efd5757a62b251c05f2 The package declares scripts.postinstall pointing at postinstall.js, which runs automatically on npm install. The script performs three...
n8n Has a Cross-user Authorization Bypass in Dynamic Credential OAuth Endpoints
Impact The OAuth1 and OAuth2 credential reconnect endpoints authorized access using credential:read rather than credential:update. An authenticated user with read-only access to a shared credential could initiate an OAuth reconnect flow and overwrite the stored token material for that credential...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a credential stealer worm. A malicious actor managed to extract a GitHub Actions OIDC token from the runner process and publish tampered versions of 42 @tanstack/ packages to npm, which then spread ...
OpenStack 安全漏洞
OpenStack is a cloud platform management program of the National Aeronautics and Space Administration NASA. OpenStack suffers from a security vulnerability that stems from the fact that application credential tokens can be used even after they have expired. Resulting in an authenticated remote...