5 matches found
CVE-2026-48248 Open ISES Tickets < 3.44.2 Disabled TLS Certificate Verification in incs/login.inc.php
Open ISES Tickets before 3.44.2 disables TLS certificate verification in incs/login.inc.php by setting CURLOPTSSLVERIFYPEER to false and not setting CURLOPTSSLVERIFYHOST when issuing outbound HTTPS requests issued during the login/authentication flow. An attacker positioned on the network path...
EUVD-2007-4641
Malware in sbrugna...
Malicious code in flow-security-cart (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis e80dbff81931a20f9f1099da55fe0472b8f30458e4f53f69dc6a26b5aea6a48a The OpenSSF Package Analysis project identified 'flow-security-cart' @ 99.0.2 npm as malicious. It is considered malicious because: - The packag...
MAL-2025-46923 Malicious code in flow-security-cart (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis e80dbff81931a20f9f1099da55fe0472b8f30458e4f53f69dc6a26b5aea6a48a The OpenSSF Package Analysis project identified 'flow-security-cart' @ 99.0.2 npm as malicious. It is considered malicious because: - The packag...
CVE-2024-38371
authentik is an open-source Identity Provider. Access restrictions assigned to an application were not checked when using the OAuth2 Device code flow. This could potentially allow users without the correct authorization to get OAuth tokens for an application and access it. This issue has been...