Lucene search
K

13 matches found

Github Security Blog
Github Security Blog
added 2026/06/03 9:41 p.m.22 views

Froxlor's API Authentication bypasses 2FA Authentication

Summary Froxlor's API authentication FroxlorRPC::validateAuth does not enforce Two-Factor Authentication. When a user admin or customer enables 2FA on their account, the web UI correctly requires a TOTP code after password verification. However, the API accepts requests authenticated with only an...

9.8CVSS7.3AI score0.01119EPSS
Exploits1References4Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/03 12:0 a.m.10 views

PT-2026-48125

Summary Froxlor's API authentication FroxlorRPC::validateAuth does not enforce Two-Factor Authentication. When a user admin or customer enables 2FA on their account, the web UI correctly requires a TOTP code after password verification. However, the API accepts requests authenticated with only an...

9.8CVSS7.9AI score0.01119EPSS
Exploits1References5
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/04/03 4:10 p.m.6 views

Malicious code in strapi-plugin-server (npm)

strapi-plugin-server is a malicious npm package disguised as a Strapi CMS plugin. On install, it runs a postinstall script that executes an 11-phase attack: stealing .env files, environment variables, Strapi configuration, private keys, Redis data, Docker/Kubernetes secrets, and network topology...

6.1AI score
Exploits0References1
OSV
OSV
added 2024/11/08 12:8 a.m.3 views

MAL-2024-10500 Malicious code in eth-cmeta (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware e390d3f621f6795cefcac7ff48cd9734854f2734360b55599683db6ece8b468d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI score
Exploits0References1
OSV
OSV
added 2024/07/31 2:22 a.m.12 views

MAL-2024-7865 Malicious code in some-dependency-2 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 56bfd6dfa88a2c4dc649901d7693d3996a1297067a93e70d1b3382ff9b1448f2 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI score
Exploits0References1
OSV
OSV
added 2024/07/04 5:10 a.m.4 views

MAL-2024-7102 Malicious code in @zitterorg/ab-fugiat-impedit (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware d432bd9ce4ff557027d8683e72756af43e8b5ee86165974fa36e7991bced1ecc Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI score
Exploits0References1
OSV
OSV
added 2024/07/04 5:10 a.m.7 views

MAL-2024-7225 Malicious code in @zitterorg/illum-perferendis-consectetur (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 26c3bf9aa992411b0245993a478b6e6618a7ceb089afc8b5a9abbc82eb88e72d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI score
Exploits0References1
OSV
OSV
added 2024/07/04 5:10 a.m.6 views

MAL-2024-7382 Malicious code in @zitterorg/sit-vel-delectus (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 54bfa38d2b63aa8984c09de50f43e8a7e6edd21efa7ea6ba17bc4f63a7b4ab69 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI score
Exploits0References1
OSV
OSV
added 2024/01/24 8:23 p.m.8 views

MAL-2024-278 Malicious code in wlwz-2312-1200 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware c0d1964220483403bc04aefa2c67663a5e8f8d7f044b20a8341d5e1fe25a3bb0 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI score
Exploits0References1
OSV
OSV
added 2022/08/16 8:46 a.m.4 views

MAL-2022-6212 Malicious code in some-plugin (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 8156422985121c50c8388169e03a62b1ace6399e2fb83cee3860fa03e57d3e1e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2022/06/20 9:9 p.m.7 views

Malicious code in abu-news-api (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b0e3522803d9a80fcb186ab8177b4349b1fd1ede2f311d263455a07bdf492bfb Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.9AI score
Exploits0References1
OSV
OSV
added 2022/06/20 8:25 p.m.6 views

MAL-2022-6865 Malicious code in useragent-corev2 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 2d6e212f2c61f9a29fd610a2668235854bd6c1a991cc52985782f710b2e33398 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI score
Exploits0References1
OSV
OSV
added 2022/06/20 8:15 p.m.11 views

MAL-2022-652 Malicious code in @tinkoff-react-bui/context-menu (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 2f239b4e149956ae7fcbe368e6040942fc96e8fd6a13a332a4c1e64cffb9747d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI score
Exploits0References1
Rows per page
Query Builder