Malicious code in firebase-server-miranda-jupiter (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector beb4a7fb178cd7eadc112d909aa87f187fb04dd8148d9afd9a0ff5227a5d61e5 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

EUVD-2025-113596

Malicious code in firebase-server-miranda-jupiter npm...

EUVD-2023-43880

Malicious code in bioql PyPI...

CVE-2023-3202

The MStore API plugin for WordPress is vulnerable to Cross-Site Request Forgery due to missing nonce validation on the mstoreupdatefirebaseserverkey function. This makes it possible for unauthenticated attackers to update the firebase server key to push notification when order status changed via ...

CVE-2023-3202

The MStore API plugin for WordPress is vulnerable to Cross-Site Request Forgery due to missing nonce validation on the mstoreupdatefirebaseserverkey function. This makes it possible for unauthenticated attackers to update the firebase server key to push notification when order status changed via ...

Cross site request forgery (csrf)

The MStore API plugin for WordPress is vulnerable to Cross-Site Request Forgery due to missing nonce validation on the mstoreupdatefirebaseserverkey function. This makes it possible for unauthenticated attackers to update the firebase server key to push notification when order status changed via ...

CVE-2023-3202 MStore API <= 3.9.6 - Cross-Site Request Forgery to Firebase Server Key Update

The MStore API plugin for WordPress is vulnerable to Cross-Site Request Forgery due to missing nonce validation on the mstoreupdatefirebaseserverkey function. This makes it possible for unauthenticated attackers to update the firebase server key to push notification when order status changed via ...

CVE-2023-3202

CVE-2023-3202: The MStore API WordPress plugin is vulnerable to CSRF due to missing nonce validation on mstore_update_firebase_server_key, enabling unauthenticated attackers to alter the Firebase server key and push notifications when an order status changes via forged requests. Impact is limited...

MStore API < 3.9.7 - Multiple CSRF

The plugin does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks, such as Order Status Update, Order Title Update, Product Limit Update, Order Message Update, and Firebase Server Key Update...

PHP 7.3.x < 7.3.29 Multiple Vulnerabilities

According to its self-reported version number, the version of PHP installed on the remote host is 7.3.x prior to 7.3.29, 7.4.x prior to 7.4.21, or 8.x prior to 8.0.8. It is, therefore, affected by multiple vulnerabilities: - Server-Side Request Forgery SSRF bypass in FILTERVALIDATEURL...

PHP 7.4.x < 7.4.21 Multiple Vulnerabilities

According to its self-reported version number, the version of PHP installed on the remote host is 7.3.x prior to 7.3.29, 7.4.x prior to 7.4.21, or 8.x prior to 8.0.8. It is, therefore, affected by multiple vulnerabilities: - Server-Side Request Forgery SSRF bypass in FILTERVALIDATEURL...

Denial Of Service

php7 is vulnerable to denial of service. The vulnerability exists due to the system allowing a malicious firebase server or man-in-the-middle attacker to crash PHP...