EUVD-2024-34200

Malicious code in bioql PyPI...

@oconva/qvikchat (>=1.0.0 <=2.0.0-alpha.4), genkit-intro (=1.0.0) +3 more potentially affected by unknown CVE via @genkit-ai/firebase (=0.5.17)

@genkit-ai/firebase NPM version =0.5.17 is affected by a known vulnerability. The following packages have a transitive dependency on @genkit-ai/firebase and may be impacted: - @oconva/qvikchat =1.0.0, =0.0.1, =1.0.0 Source cves: unknown CVE Source advisory: SNYK:JS-GENKITAIFIREBASE-12671227...

CVE-2024-11785

CVE-2024-11785 (Integrate Firebase, WordPress) stores cross-site scripting in the Firebase integration plugin for WordPress. The vulnerability arises from insufficient input sanitization and output escaping on user-supplied attributes in the plugin’s firebase_show shortcode, affecting all version...

0utmailauth (=1.0.0), @1023-ventures/merope2 (>=0.2.1 <=0.2.9) +1695 more potentially affected by CVE-2024-11023 via firebase (>=0.5.4 <=10.8.1)

firebase NPM version =0.5.4, =0.2.1, =0.5.2, =0.5.2, =0.5.0, =3.2.4, =1.0.0, =1.0.0, =1.0.9-beta.0, =0.5.21, =0.5.21, =0.1.0, =0.1.5 - @aivue/chatbot-storage =1.0.1 and more Source cves: CVE-2024-11023 Source advisory: OSV:GHSA-3WF4-68GX-MPH8...