25 matches found
GHSA-F946-9QP6-VGCH shopper/framework: Authorization bypass in multiple Livewire admin components
Impact Multiple Livewire components in the admin panel allowed an authenticated low-privilege user to mutate data without the required permission: - Order detail Filament actions cancel, mark paid, mark complete, capture payment, archive, start processing were callable with readorders only and di...
Amazon Linux 2023 : perl-YAML-Syck, perl-YAML-Syck-tests (ALAS2023-2026-1517)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1517 advisory. YAML::Syck versions through 1.36 for Perl has several potential security vulnerabilities including a high- severity heap buffer overflow in the YAML emitter. The heap overflow occurs when class names...
MAL-2025-186631 Malicious code in double-decode-encrypt-cache-bundle (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a2dd120085360bd941b6b618bfba167ef9076e6663bd3af7dc247e1b7a6588f5 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in avminh-afgais-fafdosafiaog (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f758e08e22d46c68e7e0fee568a320f6f741e10061a3d952530a8c90615fb23a This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-150229 Malicious code in @mipta1/sdjdjdaa (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 030dfe50577e38de191800e30c696034f868be4816c569af084b3156a505ab18 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in atlas-terser-webpack-plugin-auth-rocket (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4489eef115661ed272d059faf900d257bc44ad702df52cb77224721e10282c6d This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-115467 Malicious code in lina-nasicampur99-miaww (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 455e8ae6d9c28a36699fb932fb2d2682a7436a64c4369e1154446c79ede9349e This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in vast_marmoset-appteadev (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ef27171efadd501272e1b5908110f1108a0e6e7a80282e9d251330a7c04bac98 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-98528 Malicious code in xaver-tempe76-pore (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5e9ec060c919a753eaabcd99af4ca359d2bcfb43aed32894f8ebd2333e12a717 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in liquid_bandicoot_z3n (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d26c972e11c0eb1d439c683fa474fc19b0d910f4b4f844da2c2cd412e099c842 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in nurul-kentang79-sukiwir (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0022247872e7ecb7025b552cccd1e385cc4d4046d878a5e61d3ad176ee368375 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-68167 Malicious code in expected-fuchsia-salmon (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3edb6e0368176708c17544b8a0b9c5b8b61a3294e29e8eb6a506cead781e7ac4 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-66818 Malicious code in appropriate-amaranth-elephant (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d7029ab1e9a8977c5c3ba17f0d4039f3dfe179686d9c423acb2cca25ec9b8766 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in ade-saguer81-sluey (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ef0ba1ee4dfecb08d4ea8a3f4639421609e4e2020b319461ca3ed780ab64d969 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-61217 Malicious code in rival_haddock_z3n (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e1db9916ae6b4085604ce863708151f82b3b5c4aa4600e7f56f5a5a4ff213ef0 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-60826 Malicious code in mathematical_hyena_z3n (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2206ca9b9a0ddf4113455dba2abb3ba4571486a1836cdf01e37e42e4c3092149 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
GHSA-WJG9-V8CF-F5Q2 silverstripe/graphql Cross-Site Request Forgery vulnerability
The GraphQL controller lacked any CSRF protection, meaning authenticated users could be forced or tricked into visiting a URL that would send a GET request to the affected web server that could mutate or destroy data without the user knowing...
silverstripe/graphql Cross-Site Request Forgery vulnerability
The GraphQL controller lacked any CSRF protection, meaning authenticated users could be forced or tricked into visiting a URL that would send a GET request to the affected web server that could mutate or destroy data without the user knowing...
PT-2024-40501 · Packagist · Silverstripe/Graphql
Name of the Vulnerable Software and Affected Versions: No specific software or versions mentioned Description: The issue concerns a lack of CSRF protection in the GraphQL controller. This means that authenticated users could be forced or tricked into visiting a URL that sends a GET request to the...
Fuzztruction - Prototype Of A Fuzzer That Does Not Directly Mutate Inputs (As Most Fuzzers Do) But Instead Uses A So-Called Generator Application To Produce An Input For Our Fuzzing Target
Fuzztruction is an academic prototype of a fuzzer that does not directly mutate inputs as most fuzzers do but instead uses a so-called generator application to produce an input for our fuzzing target. As programs generating data usually produce the correct representation, our fuzzer mutates the...