Lucene search
K

6 matches found

OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/23 11:13 a.m.15 views

Malicious code in @budetzzgantenk/baileys (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 81b1fbb4415cf2858924d511ef2bf96ad5152dda4537a264f45d1b4d847ba25d Package @budetzzgantenk/baileys is a modified fork of @whiskeysockets/baileys that adopts the upstream's homepage...

5.8AI score
Exploits0References1
OSV
OSV
added 2026/05/21 8:32 a.m.7 views

MAL-2026-4588 Malicious code in ionic-insta-api-wrapper (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 44363ea3b97b18ea938430059144fd219a58b93d04149e45da97c60322ff4868 This package presents itself as an Instagram API wrapper but silently forwards caller-supplied Instagram credentials and session data to a hardcoded...

5.5AI score
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/23 1:19 a.m.19 views

CVE-2022-3343

The WPQA Builder WordPress plugin before 5.9.3 which is a companion plugin used with Discy and Himer Discy WordPress themes incorrectly tries to validate that a user already follows another in the wpqafollowingyouajax action, allowing a user to inflate their score on the site by having another us...

3.5CVSS6.6AI score0.00488EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/22 11:24 a.m.6 views

CVE-2013-5726

Tweetbot 1.3.3 for Mac, and 2.8.5 for iPad and iPhone, does not require confirmation of 1 follow or 2 favorite actions, which allows remote attackers to automatically force the user to perform undesired actions, as demonstrated via the tweetbot:///follow/ URL...

6.8CVSS7.1AI score0.01062EPSS
Exploits2References1
Cvelist
Cvelist
added 2023/01/09 10:13 p.m.37 views

CVE-2022-3343 WPQA < 5.9.3 - Missing validation lead to functionality abuse

The WPQA Builder WordPress plugin before 5.9.3 which is a companion plugin used with Discy and Himer Discy WordPress themes incorrectly tries to validate that a user already follows another in the wpqafollowingyouajax action, allowing a user to inflate their score on the site by having another us...

4.3AI score0.00488EPSS
Exploits2References1
Prion
Prion
added 2014/06/08 11:55 p.m.23 views

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in the Profiles component in IBM Connections through 3.0.1.1 CR3 allows remote authenticated users to hijack the authentication of arbitrary users for requests that trigger follow actions...

6CVSS7.1AI score0.00536EPSS
Exploits0References4Affected Software1
Rows per page
Query Builder