6 matches found
Malicious code in @budetzzgantenk/baileys (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 81b1fbb4415cf2858924d511ef2bf96ad5152dda4537a264f45d1b4d847ba25d Package @budetzzgantenk/baileys is a modified fork of @whiskeysockets/baileys that adopts the upstream's homepage...
MAL-2026-4588 Malicious code in ionic-insta-api-wrapper (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 44363ea3b97b18ea938430059144fd219a58b93d04149e45da97c60322ff4868 This package presents itself as an Instagram API wrapper but silently forwards caller-supplied Instagram credentials and session data to a hardcoded...
CVE-2022-3343
The WPQA Builder WordPress plugin before 5.9.3 which is a companion plugin used with Discy and Himer Discy WordPress themes incorrectly tries to validate that a user already follows another in the wpqafollowingyouajax action, allowing a user to inflate their score on the site by having another us...
CVE-2013-5726
Tweetbot 1.3.3 for Mac, and 2.8.5 for iPad and iPhone, does not require confirmation of 1 follow or 2 favorite actions, which allows remote attackers to automatically force the user to perform undesired actions, as demonstrated via the tweetbot:///follow/ URL...
CVE-2022-3343 WPQA < 5.9.3 - Missing validation lead to functionality abuse
The WPQA Builder WordPress plugin before 5.9.3 which is a companion plugin used with Discy and Himer Discy WordPress themes incorrectly tries to validate that a user already follows another in the wpqafollowingyouajax action, allowing a user to inflate their score on the site by having another us...
Cross site request forgery (csrf)
Cross-site request forgery CSRF vulnerability in the Profiles component in IBM Connections through 3.0.1.1 CR3 allows remote authenticated users to hijack the authentication of arbitrary users for requests that trigger follow actions...