MAL-2025-149654 Malicious code in xenon-oauth-framework-stream (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 21dce1782e99ecf2a9a1ac060d68897c127bf998539a101ddbcb4e03d4c4e560 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-141711 Malicious code in dotenv-parse-variables-callisto-oauth-framework (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9cb5d62c0d246d9201d77e51324b2e594d0edc2bfeab4f70f8c8bbe9629df860 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

EUVD-2025-114398

Malicious code in dotenv-parse-variables-callisto-oauth-framework npm...

VulnCheck KEV: CVE-2022-22956

VMware Workspace ONE Access has two authentication bypass vulnerabilities CVE-2022-22955 & CVE-2022-22956 in the OAuth2 ACS framework. A malicious actor may bypass the authentication mechanism and execute any operation due to exposed endpoints in the authentication framework...

Slack: Broken Authentication (including Slack OAuth bugs)

Hi, Hope you are doing good! Please have a look at the below report. Description: OAuth Framework Flaw Bypassing redirecturi validation An attacker to exploit this Flaw just needs to find a open redirection flaw in the site which is using Slack's OAuth for logins. Impact: A malicious user can ste...