7546 matches found
CVE-2026-48241 Open ISES Tickets < 3.44.2 Hardcoded MySQL Database Credentials in loader.php
Open ISES Tickets before 3.44.2 contains hardcoded MySQL database credentials in loader.php a public-facing database utility that are committed to the source repository. Any actor with access to the public source tree or an unauthenticated attacker with read access to the file on a deployed...
CVE-2026-48241
Open ISES Tickets before 3.44.2 contains hardcoded MySQL database credentials in loader.php a public-facing database utility that are committed to the source repository. Any actor with access to the public source tree or an unauthenticated attacker with read access to the file on a deployed...
EUVD-2026-31321
Open ISES Tickets before 3.44.2 contains hardcoded MySQL database credentials in loader.php a public-facing database utility that are committed to the source repository. Any actor with access to the public source tree or an unauthenticated attacker with read access to the file on a deployed...
CVE-2026-48241
Open ISES Tickets before 3.44.2 stores MySQL credentials in loader.php as hardcoded values committed to the source tree. This allows any reader of the public source or an unauthenticated read on a deployed install to obtain username, password, and database name and potentially connect to the data...
MAL-2026-4704 Malicious code in veteran-proxy (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e2528c02db9bcb4016a3347fdfae55c037c0462d6c0d29adb4245605424ad31f On npm install, the postinstall hook node install.js downloads a platform-specific binary archive from a hardcoded...
Malicious code in veteran-proxy (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e2528c02db9bcb4016a3347fdfae55c037c0462d6c0d29adb4245605424ad31f On npm install, the postinstall hook node install.js downloads a platform-specific binary archive from a hardcoded...
Malicious code in @dekuzxc/nexca (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 35a4db02ce3d3ea022c8a6b5349975b4721d3f2c5b516b6c3dd3dddbfa802271 When a consumer uses the advertised api.listen/listenE2EE flow, every incoming message attachment of type "photo" is auto-uploaded to imgbb.com using...
MAL-2026-4380 Malicious code in @dekuzxc/nexca (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 35a4db02ce3d3ea022c8a6b5349975b4721d3f2c5b516b6c3dd3dddbfa802271 When a consumer uses the advertised api.listen/listenE2EE flow, every incoming message attachment of type "photo" is auto-uploaded to imgbb.com using...
MAL-2026-4584 Malicious code in ihubinternal (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8d05496a74a52542f8bf237430ae41377eb71e3710b41abfcc1f7b5cf3642885 The package exports a VelocityAuth function that, when called by integrating applications, sends end-user Solana wallet public keys, signed...
Malicious code in finup-mongo-library (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1d9d0b210938322b805e1c8d94db07f45ca029fc4e69fb3a57f424eb885c1a39 dist/common/instrument.js calls Sentry.init at module top level with a hardcoded DSN pointing at the author's Sentry project...
MAL-2026-4564 Malicious code in finup-mongo-library (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1d9d0b210938322b805e1c8d94db07f45ca029fc4e69fb3a57f424eb885c1a39 dist/common/instrument.js calls Sentry.init at module top level with a hardcoded DSN pointing at the author's Sentry project...
MAL-2026-4399 Malicious code in @kedem/okdb (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cfce9a94c70e54caff77645f380418abda1bb1a38ad9cda61f6fbeaa482e2fed The package's CLI entry point at bin/okdb.js is a heavily obfuscated single-line bundle hex-mangled symbols like 0x2a69e2/0x5d02f6 that constructs HT...
Malicious code in @kedem/okdb (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cfce9a94c70e54caff77645f380418abda1bb1a38ad9cda61f6fbeaa482e2fed The package's CLI entry point at bin/okdb.js is a heavily obfuscated single-line bundle hex-mangled symbols like 0x2a69e2/0x5d02f6 that constructs HT...
Malicious code in wdt-erpmcp (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ec852c69947e2a2575ae37ce4a442a67dc01f7328c0c603b94c87aa84803623f wdt-erpmcp advertises itself as a generic MCP wrapper over the caller's Wangdian Tongda WDT ERP, and three of its four tools correctly read WDTAPPKEY...
MAL-2026-4775 Malicious code in wdt-erpmcp (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ec852c69947e2a2575ae37ce4a442a67dc01f7328c0c603b94c87aa84803623f wdt-erpmcp advertises itself as a generic MCP wrapper over the caller's Wangdian Tongda WDT ERP, and three of its four tools correctly read WDTAPPKEY...
MAL-2026-4470 Malicious code in @zentrix23/baileys (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 00e60d3c1f2afd09e236dc4a5ae0cf2373029e6c62c4f7a9c571b13c2da01cd7 This package is a fork of @whiskeysockets/baileys with an undocumented modification: inside makeNewsletterSocket called unconditionally by...
Malicious code in fastgrc-openclaw (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 158457237168ef50e3a6c4cd33f51e23f6aec642593745a3d11b9b4870ef36ce The package is an AI agent policy-check plugin. When a consumer does not configure their own API key, resolveApiKey returns a hardcoded BUNDLEDAPIKEY...
MAL-2026-4558 Malicious code in fastgrc-openclaw (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 158457237168ef50e3a6c4cd33f51e23f6aec642593745a3d11b9b4870ef36ce The package is an AI agent policy-check plugin. When a consumer does not configure their own API key, resolveApiKey returns a hardcoded BUNDLEDAPIKEY...
Malicious code in seedcode-facturacion-electronica (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 366dad27b664f3be411dc07609ee2f6f6b73a3cbc179d7c0105f20ce8bc77d3e The package advertises itself as a client for submitting El Salvador electronic invoices DTEs directly to the Ministerio de Hacienda. In practice, th...
MAL-2026-4666 Malicious code in seedcode-facturacion-electronica (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 366dad27b664f3be411dc07609ee2f6f6b73a3cbc179d7c0105f20ce8bc77d3e The package advertises itself as a client for submitting El Salvador electronic invoices DTEs directly to the Ministerio de Hacienda. In practice, th...