Malicious code in @budetzz/baileys (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c79c7b873a8ea61831fdfd7b987de0efbf8944d2fd407a8dca4b70042a3d029c This package is a republished fork of @whiskeysockets/baileys that adds two undocumented network behaviors. 1 lib/Socket/newsletter.js line 111...

MAL-2026-4372 Malicious code in @budetzz/baileys (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c79c7b873a8ea61831fdfd7b987de0efbf8944d2fd407a8dca4b70042a3d029c This package is a republished fork of @whiskeysockets/baileys that adds two undocumented network behaviors. 1 lib/Socket/newsletter.js line 111...

CVE-2026-22215

wpDiscuz before 7.6.47 contains a cross-site request forgery vulnerability in the getFollowsPage function that allows attackers to trigger unauthorized actions without nonce validation. Attackers can craft malicious requests to enumerate follow relationships and manipulate user follow data by...

EUVD-2026-11752

wpDiscuz before 7.6.47 contains a cross-site request forgery vulnerability in the getFollowsPage function that allows attackers to trigger unauthorized actions without nonce validation. Attackers can craft malicious requests to enumerate follow relationships and manipulate user follow data by...

CVE-2026-22215

wpDiscuz before 7.6.47 contains a cross-site request forgery vulnerability in the getFollowsPage function that allows attackers to trigger unauthorized actions without nonce validation. Attackers can craft malicious requests to enumerate follow relationships and manipulate user follow data by...

Malicious code in darkig (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 7589c67c4429eabd010f891cb17f893ee11ec3cb873d4a31095cc3592134f762 Instagram hacking tool that also forces the user to follow hardcoded accounts. --- Category: MALICIOUS - The campaign has clearly malicious intent, like...

MAL-2026-1410 Malicious code in ighack (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 889207a729f6b97c385d6c0afe217776d10331cdf7e5dd511f80e0d01e899842 Instagram hacking tool that besides abusing the Instagram API, also automatically uses user's credentials to follow hardcoded accounts. --- Category: MALICIOUS...

CVE-2026-22215 wpDiscuz before 7.6.47 - Missing CSRF Protection on wpdGetFollowsPage

wpDiscuz before 7.6.47 contains a cross-site request forgery vulnerability in the getFollowsPage function that allows attackers to trigger unauthorized actions without nonce validation. Attackers can craft malicious requests to enumerate follow relationships and manipulate user follow data by...

CVE-2026-22215 wpDiscuz before 7.6.47 - Missing CSRF Protection on wpdGetFollowsPage

wpDiscuz before 7.6.47 contains a cross-site request forgery vulnerability in the getFollowsPage function that allows attackers to trigger unauthorized actions without nonce validation. Attackers can craft malicious requests to enumerate follow relationships and manipulate user follow data by...

CVE-2026-22215

wpDiscuz before 7.6.47 contains a cross-site request forgery vulnerability in the getFollowsPage function that allows attackers to trigger unauthorized actions without nonce validation. Attackers can craft malicious requests to enumerate follow relationships and manipulate user follow data by...

CVE-2026-22215

wpDiscuz prior to 7.6.47 is affected by a CSRF flaw in getFollowsPage that allows triggering unauthorized actions without nonce validation. The vulnerability enables an attacker to craft requests to enumerate follow relationships and alter user follow data via the follows page handler. Root cause...

PT-2026-25147

wpDiscuz before 7.6.47 contains a cross-site request forgery vulnerability in the getFollowsPage function that allows attackers to trigger unauthorized actions without nonce validation. Attackers can craft malicious requests to enumerate follow relationships and manipulate user follow data by...

Upgraded Q -> 2 from #112 [1693238992728]

Judge has assessed an item in Issue 112 as 2 risk. The relevant finding follows: A profile can follow itself by receiving a pre-upgrade followNFT and then using the batchMigrateFollows function." --- The text was updated successfully, but these errors were encountered: All reactions...

User can potentially bypass the processFollow call during the migration process and follow users for free

Lines of code Vulnerability details Impact User can potentially follow users that require to pay a fee upon a follow for free during a migration process. Proof of Concept Malicious user can be watching a mempool and wait for the user to migrate his profile to V2. He is specifically watching a...

CVE-2022-3343

The WPQA Builder WordPress plugin before 5.9.3 which is a companion plugin used with Discy and Himer Discy WordPress themes incorrectly tries to validate that a user already follows another in the wpqafollowingyouajax action, allowing a user to inflate their score on the site by having another us...

proteincim.com Cross Site Scripting vulnerability OBB-3096291

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

buergerwelle.de Cross Site Scripting vulnerability OBB-3031510

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

walkerbooks.com.au Cross Site Scripting vulnerability OBB-2922918

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

GSD-2022-1001603 mm/kmemleak: reset tag when compare object pointer

mm/kmemleak: reset tag when compare object pointer This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.16.19 by commit...

cheminsdetravers.fr Cross Site Scripting vulnerability OBB-2444942

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...