28 matches found
GHSA-2QQC-P94C-HXWH Flowise: Weak Default Express Session Secret
Detection Method: Kolega.dev Deep Code Scan | Attribute | Value | |---|---| | Location | packages/server/src/enterprise/middleware/passport/index.ts:55 | | Practical Exploitability | High | | Developer Approver | [email protected] | Description Express session secret has a weak default value...
Flowise: Weak Default Express Session Secret
Detection Method: Kolega.dev Deep Code Scan | Attribute | Value | |---|---| | Location | packages/server/src/enterprise/middleware/passport/index.ts:55 | | Practical Exploitability | High | | Developer Approver | [email protected] | Description Express session secret has a weak default value...
MAL-2026-2526 Malicious code in request-js-validator (npm)
Copy of 'request' library with injected payload. Spawns detached child process that fetches stage-2 and executes via new Function.constructor'require', payload. Same pattern as express-session-js. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector...
Malicious code in request-js-validator (npm)
Copy of 'request' library with injected payload. Spawns detached child process that fetches stage-2 and executes via new Function.constructor'require', payload. Same pattern as express-session-js. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector...
MAL-2026-2419 Malicious code in express-session-js (npm)
Package impersonates legitimate express-session package; initPlugin downloads and executes attacker-controlled remote code on startup via new Function.constructor --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector...
Malicious code in express-session-js (npm)
Package impersonates legitimate express-session package; initPlugin downloads and executes attacker-controlled remote code on startup via new Function.constructor --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector...
MAL-2026-2128 Malicious code in express-session-vailidator (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 559c32a7f4713a1d785b35766355cf1a29ef437a0dc8e5285b980c9611175cff The package express-session-vailidator was found to contain malicious code. Source: ghsa-malware...
Malicious code in express-session-validator (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3beac16c32c8776482bafbb2ad95b50b7b18bf6e93fbf712238f60a4d7ae363d The package express-session-validator was found to contain malicious code. Source: ghsa-malware...
Malicious Package
Overview express-session-vailidator is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...
Malicious code in express-session-vailidator (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 559c32a7f4713a1d785b35766355cf1a29ef437a0dc8e5285b980c9611175cff The package express-session-vailidator was found to contain malicious code. Source: ghsa-malware...
Malicious Package
Overview express-session-validator is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...
MAL-2026-2129 Malicious code in express-session-validator (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3beac16c32c8776482bafbb2ad95b50b7b18bf6e93fbf712238f60a4d7ae363d The package express-session-validator was found to contain malicious code. Source: ghsa-malware...
Hospital Management System session function hard-coded key vulnerability
Hospital Management System a hospital management system. Hospital Management System has a hard-coded key vulnerability that arises from the incorrect manipulation of the secret parameter by the session function in the express-session component, for which no detailed vulnerability details are...
CVE-2025-11609
A flaw has been found in code-projects Hospital Management System 1.0. Affected is the function session of the component express-session. This manipulation of the argument secret with the input secret causes use of hard-coded cryptographic key . The attack can be initiated remotely. The attack is...
EUVD-2025-33870
A flaw has been found in code-projects Hospital Management System 1.0. Affected is the function session of the component express-session. This manipulation of the argument secret with the input secret causes use of hard-coded cryptographic key . The attack can be initiated remotely. The attack is...
CVE-2025-11609
A flaw has been found in code-projects Hospital Management System 1.0. Affected is the function session of the component express-session. This manipulation of the argument secret with the input secret causes use of hard-coded cryptographic key . The attack can be initiated remotely. The attack is...
CVE-2025-11609
A flaw has been found in code-projects Hospital Management System 1.0. Affected is the function session of the component express-session. This manipulation of the argument secret with the input secret causes use of hard-coded cryptographic key . The attack can be initiated remotely. The attack is...
CVE-2025-11609 code-projects Hospital Management System express-session hard-coded key
A flaw has been found in code-projects Hospital Management System 1.0. Affected is the function session of the component express-session. This manipulation of the argument secret with the input secret causes use of hard-coded cryptographic key . The attack can be initiated remotely. The attack is...
CVE-2025-11609 code-projects Hospital Management System express-session hard-coded key
A flaw has been found in code-projects Hospital Management System 1.0. Affected is the function session of the component express-session. This manipulation of the argument secret with the input secret causes use of hard-coded cryptographic key . The attack can be initiated remotely. The attack is...
CVE-2025-11609
CVE-2025-11609 affects code-projects Hospital Management System 1.0, specifically the session function of the express-session component. The vulnerability arises from manipulation of the secret argument, causing use of a hard-coded cryptographic key. A remote attack is possible and the issue is d...