3 matches found
MAL-2026-3675 Malicious code in 6cc (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4956159952af1b6af08b70ab219d7827988fae1fd82994f29090a1f2bf299094 index.js executes on require as an IIFE that reassigns console.warn/error and adds console.SL/FB/N to forward arguments via fetch to a hardcoded...
CVE-2025-48383 Django-Select2 Vulnerable to Widget Instance Secret Cache Key Leaking
Django-Select2 is a Django integration for Select2. Prior to version 8.4.1, instances of HeavySelect2Mixin subclasses like the ModelSelect2MultipleWidget and ModelSelect2Widget can leak secret access tokens across requests. This can allow users to access restricted query sets and restricted data...
arxius: API leaking infinite amount of valid Tokens.
Hi, I have found a leaking token API for the domain "https://arxius.io/" that is generating infinite amount of random valid tokens. Reproduce: 1. Go to the url: "https://arxius.io/api/account/token" 2. You can see the token generated. 3. Every time you reload the page a new random valid token is...