2 matches found
CVE-2026-33161
CVE-2026-33161 — Craft CMS : A low-privileged authenticated user could call the assets/image-editor endpoint with the ID of a private asset they cannot view and still receive editor response data, including focalPoint, due to missing per-asset authorization validation. Affected versions: 4.0.0-RC...
Malicious code in aiboa-miloipe-apomapai (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f6860927182dac798db7916c4c247956fb7c037c0a36ba449db8766dd2d9cddb This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...