11160 matches found
Malicious code in chai-presentation (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1d078bac337fe2c1b76c757c29d286fc750be585db65f30f5d696038c2ea0d3a On require, index.js issues an HTTPS GET to https://www.jsonkeeper.com/b/PC5CK and passes the response's cookie field to new Function'require',...,...
MAL-2026-6929 Malicious code in paysafe-sdk (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 ae864f77805fa7e1facccf45d1af67d37603c5a085f55d733d9d3eb8cf4d26c8 When using a provided class, the code exfiltrates basic data and parts of sensitive env variables to a remote host. --- Category: MALICIOUS - The campaign has...
Malicious code in paysafe-sdk (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 12ef2b75345902c9fe851d85e09c4b6680a3685669ab4dcd8b827ebaebb46626 Package metadata claims to be the 'Official Paysafe SDK for Python' by 'Paysafe Developer Team', but the shipped module is a stealer disguised as a...
Malicious code in paysafe-payments (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7e2b7f287703755dab866acf1047a148e321d06a84353238936eaba58b6e7fda Package impersonates the Paysafe payments SDK metadata claims 'Paysafe Developer Team', 'Paysafe Payments processing library' but its advertised...
MAL-2026-6927 Malicious code in paysafe-kyc (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 7089650efc5360b819e8831801bcedf6489945f5b563729e99f036461bd59092 When using a provided class, the code exfiltrates basic data and parts of sensitive env variables to a remote host. --- Category: MALICIOUS - The campaign has...
Malicious code in paysafe-kyc (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8c619e500f8070a5525694f42547c0b73e8189965f8816f1a124190f50bed6f5 The paysafe-kyc package impersonates a legitimate Paysafe KYC/payments SDK author string 'Paysafe Developer Team', base URL https://api.paysafe.com,...
CVE-2026-11405
The web server binary /bin/httpd contains a hidden backdoor authentication mechanism in the login function at 004c88b8. - The function contains a normal authentication path using MD5/hash-based password verification prodencode64/PasswordToMd5/checkrandkey. - After normal authentication fails, it...
EUVD-2026-41919
The web server binary /bin/httpd contains a hidden backdoor authentication mechanism in the login function at 004c88b8. - The function contains a normal authentication path using MD5/hash-based password verification prodencode64/PasswordToMd5/checkrandkey. - After normal authentication fails, it...
CVE-2026-11405
CVE-2026-11405 affects multiple Tenda firmware versions where the web server binary /bin/httpd implements a hidden backdoor authentication in login(): after normal MD5-based verification, if authentication fails it reads a config value via GetValue("sys.rzadmin.password") and compares it to the u...
Malicious code in zod-pino434 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 599a5d533bf699156b78f5296f643227bf3e43d8e46f2adabfe250205a05bd26 Package name zod-pino434 and package.json description Node.js integration layer for Autodesk Forge do not match the shipped code. On npm install, the...
MAL-2026-6794 Malicious code in zod-pino434 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 599a5d533bf699156b78f5296f643227bf3e43d8e46f2adabfe250205a05bd26 Package name zod-pino434 and package.json description Node.js integration layer for Autodesk Forge do not match the shipped code. On npm install, the...
PT-2026-55969
Name of the Vulnerable Software and Affected Versions Tenda firmware US FH1201V1.0BR V1.2.0.14408 EN TD Tenda firmware US W15EV1.0br V15.11.0.51068 1567 841 EN TDE Tenda firmware US AC10V1.0re V15.03.06.46 multi TDE01 Tenda firmware US AC5V1.0RTL V15.03.06.48 multi TDE01 Tenda firmware US...
CVE-2026-14633
A vulnerability was determined in kirilkirkov Ecommerce-CodeIgniter-Bootstrap up to 49b20f53de2b7ec34e920b11c863f1491d911a04. This affects an unknown part of the file /index.php/api/product/set of the component Hidden REST API Endpoint. This manipulation of the argument title/description causes...
CVE-2026-14633 kirilkirkov Ecommerce-CodeIgniter-Bootstrap Hidden REST API Endpoint set cross site scripting
A vulnerability was determined in kirilkirkov Ecommerce-CodeIgniter-Bootstrap up to 49b20f53de2b7ec34e920b11c863f1491d911a04. This affects an unknown part of the file /index.php/api/product/set of the component Hidden REST API Endpoint. This manipulation of the argument title/description causes...
CVE-2026-14633
A vulnerability was determined in kirilkirkov Ecommerce-CodeIgniter-Bootstrap up to 49b20f53de2b7ec34e920b11c863f1491d911a04. This affects an unknown part of the file /index.php/api/product/set of the component Hidden REST API Endpoint. This manipulation of the argument title/description causes...
EUVD-2026-41679
A vulnerability was determined in kirilkirkov Ecommerce-CodeIgniter-Bootstrap up to 49b20f53de2b7ec34e920b11c863f1491d911a04. This affects an unknown part of the file /index.php/api/product/set of the component Hidden REST API Endpoint. This manipulation of the argument title/description causes...
Access Control Bypass
Overview Affected versions of this package are vulnerable to Access Control Bypass in the organization permission APIs due to insufficient visibility checks for hidden members and private organizations. An attacker can access private visibility information by querying these APIs. Remediation...
CVE-2026-25712
Gitea versions before 1.25.5 have insufficient visibility checks in organization permission APIs for hidden members and private organizations...
CVE-2026-25712
Gitea versions before 1.25.5 have insufficient visibility checks in organization permission APIs for hidden members and private organizations...
EUVD-2026-41622
Gitea versions before 1.25.5 have insufficient visibility checks in organization permission APIs for hidden members and private organizations...