MAL-2026-4595 Malicious code in koishi-plugin-fusheng-count (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 060196a35f8eb94f7e91f892daf62aee8e293d16130565dfbc837877df264db5 lib/index.js contains a base64-obfuscated hardcoded user ID Buffer.from"Mjc1OTcyMDE2MQ==", "base64".toString"utf-8" decoding to QQ ID 2759720161 whic...

Malicious code in koishi-plugin-fusheng-car (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 35bbb2f7cdae32f1a5012363b81298fd339c96b83718db535d77c0bdc0f936ec lib/index.js contains a hardcoded base64-encoded QQ user ID 'Mjc1OTcyMDE2MQ==' decoding to '2759720161' checked inside the plugin's permission gate...

CVE-2023-27578

Galaxy is an open-source platform for data analysis. All supported versions of Galaxy are affected prior to 22.01, 22.05, and 23.0 are affected by an insufficient permission check. Unsupported versions are likely affected as far back as the functionality of Visualizations/Pages exists. Due to thi...

GHSA-4553-HQ82-8654 Duplicate Advisory: encoded_id-rails potential DOS vulnerability due to URIs with extremely long encoded IDs

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-3px7-jm2p-6h2c. This link is maintained to preserve external references. Original Description encodedid-rails versions before 1.0.0.beta2 are affected by an uncontrolled resource consumption vulnerability. A...

encoded_id-rails Security Vulnerability

encodedid-rails is a library by the individual developer Stephen Ierodiaconou. A security vulnerability exists in versions of encodedid-rails prior to 1.0.0.beta2, which stems from a denial of service due to a long encoded ID of a URI...

GHSA-3PX7-JM2P-6H2C encoded_id-rails potential DOS vulnerability due to URIs with extremely long encoded IDs

Impact The length of URIs and the various parts eg path segments, query parameters is usually limited by the webserver processing the incoming request. In the case of Puma the defaults are : - path segment length: 8192 - Max URI length: 1024 12 - Max query length: 1024 10 See...

Uncontrolled Resource Consumption ('Resource Exhaustion')

Overview Affected versions of this package are vulnerable to Uncontrolled Resource Consumption 'Resource Exhaustion' due to improper hashid limitation. This results in the application spending a significant amount of time decoding the ID and allocating a large amount of memory. Details Denial of...

PT-2023-32940

Name of the Vulnerable Software and Affected Versions encoded id-rails versions before 1.0.0.beta2 Description The issue is an uncontrolled resource consumption vulnerability. A remote and unauthenticated attacker might cause a denial of service condition by sending an HTTP request with an...

Design/Logic Flaw

Galaxy is an open-source platform for data analysis. All supported versions of Galaxy are affected prior to 22.01, 22.05, and 23.0 are affected by an insufficient permission check. Unsupported versions are likely affected as far back as the functionality of Visualizations/Pages exists. Due to thi...

Cross-site Scripting (XSS)

jquery-migrate is vulnerable to Cross-site Scripting XSS. jquery-migrate uses code similar to $location.hash to select an ID value encoded on the page. However, an attacker can create a cross-site scripting injection by using a string similar to and run code to steal user data...

CVE-2006-6268

SQL injection vulnerability in system/core/profile/profile.inc.php in Neocrome Land Down Under LDU 8.x and earlier allows remote authenticated users to execute arbitrary SQL commands via a url-encoded id parameter to users.php that begins with a valid filename, as demonstrated by "default.gif"...