508 matches found
EUVD-2026-36784
Incorrect access control in the webhook management component of Project Firefly III v6.5.9 allows attackers to scan internal resources via a crafted POST request...
CVE-2026-50886
Incorrect access control in the webhook management component of Project Firefly III v6.5.9 allows attackers to scan internal resources via a crafted POST request...
CVE-2026-50886
Summary: CVE-2026-50886 describes an access-control flaw in the webhook management component of Project Firefly III (version 6.5.9). The root cause is an incorrect access-control implementation, enabling an attacker to scan internal resources by sending a crafted POST request. Affected software: ...
PT-2026-49327
Name of the Vulnerable Software and Affected Versions Project Firefly III version 6.5.9 Description Incorrect access control in the webhook management component allows attackers to scan internal resources by sending a crafted POST request. Recommendations At the moment, there is no information...
CVE-2026-50886
Incorrect access control in the webhook management component of Project Firefly III v6.5.9 allows attackers to scan internal resources via a crafted POST request...
MAL-2026-5517 Malicious code in firefly-utilities-helper (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cadcdda902675162dd9cfabd9d8133986723d4c956437633f36a5a07b776ef59 [email protected] ships an empty stub index.js: module.exports = ; with no description, author, or repository, but declares a single...
Incorrect Authorization
Overview grumpydictator/firefly-iii is a personal finances manager. Affected versions of this package are vulnerable to Incorrect Authorization via the index and show functions in the user management API endpoints, which lack proper role verification. An attacker can access sensitive information...
Malicious code in vertical-crimson-firefly (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9d3c74559c3b3550fcaf2e322a771a25d136c04e8e12f1335706771da8036c38 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
EUVD-2025-117005
Malicious code in vertical-crimson-firefly npm...
EUVD-2025-117077
Malicious code in special-blush-firefly npm...
MAL-2025-139097 Malicious code in vertical-crimson-firefly (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9d3c74559c3b3550fcaf2e322a771a25d136c04e8e12f1335706771da8036c38 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
EUVD-2025-103733
Malicious code in modernfireflyz3n npm...
EUVD-2025-99710
Malicious code in yeastyfireflyz3n npm...
EUVD-2025-100150
Malicious code in damagedfireflyz3n npm...
Malicious code in pale_firefly_z3n (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 497a996f2f950866b2c95470523178c0dab0ceafc90d460c51d870657a969afb This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-125662 Malicious code in damaged_firefly_z3n (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector aa1641ec2131d677be2011c95f112b8c806be240d250bcad96f0c522a8c4f999 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
EUVD-2025-104473
Malicious code in internationalfireflyz3n npm...
EUVD-2025-92122
Malicious code in excitedfireflyz3n npm...
EUVD-2025-74480
Malicious code in lostfireflyaqua-63 npm...
EUVD-2025-77307
Malicious code in combativefirefly-silentdev npm...