11 matches found
MAL-2026-2053 Malicious code in @emilgroup/partner-portal-sdk (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3e6d39860559ec42dbfe2c1b124d8354e3fc7985ea21f2c1a7ae35f874875726 The package @emilgroup/partner-portal-sdk was found to contain malicious code. Source: ghsa-malware...
MAL-2026-2054 Malicious code in @emilgroup/partner-portal-sdk-node (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 79a5c2bcdd0cc7a9c9c9a7b0ba777fad4241aa5fc60e34903bb138a44261c35b The package @emilgroup/partner-portal-sdk-node was found to contain malicious code. Source: ghsa-malware...
Embedded Malicious Code
Overview @emilgroup/partner-portal-sdk is an A new version of the package Affected versions of this package are vulnerable to Embedded Malicious Code. The publishing pipeline of this package was compromised as the result of Trivy's GitHub Actions compromise and a malicious versions were released ...
Accelerate Your Business Success with Akamai Enhanced Partner Portal
...
Shopify: Limited Privilege User Can Create Unauthorized Referrals on partners.shopify.com
A privilege escalation vulnerability was discovered in Shopify's Partner Portal that allowed users without "View referrals" permission to create POS leads by directly accessing the lead creation URL. The backend API lacked proper authorization checks, enabling users to bypass the implemented...
DigitalOcean: Blind XSS via Digital Ocean Partner account creation form.
Summary: Blind Cross-Site Scripting XSS was discovered at Digital Ocean Partners admin panel/dashboard where an attacker can run arbitrary Javascript Code at victims' end. Due to the absence of an HTTPonly cookie, an attacker can successfully steal the cookies of the user and use them to login to...
Valve: Shell command injection in https://partner.steamgames.com/apps/communityitems/ via file extension of item_image_small and item_image_large
Shell command injection in https://partner.steamgames.com/apps/communityitems/ via file extension of itemimagesmall and itemimagelarge. Shell injection was achieved on a publishing gateway through metacharacter injection in an item-upload path...
Shopify: IDOR [partners.shopify.com] - User with ONLY Manage apps permission is able to get shops info and staff names from inside the shop
SUMMARY ---------- Hello, I have found a permission problem in https://partners.shopify.com that allows a member with only "Manage apps" permission to get various show information and also list the staff account from inside that shop without having access the shop's admin area REPLICATION STEPS...
Partner Portal - External URLs, SD-card access, Unsafe deleting vulnerabilities
HackApp vulnerability scanner discovered that application Partner Portal published at the 'play' market has multiple vulnerabilities...
KMC Controls Conquest BACnet Router Vulnerabilities
OVERVIEW This advisory was originally posted to the US-CERT secure Portal library on May 5, 2016, and is being released to the NCCIC/ICS-CERT web site. Independent researcher Maxim Rupp has identified authentication and cross-site request forgery CSRF vulnerabilities in KMC Controls’ Conquest...
Uber: Mass Assignment Vulnerability in partners.uber.com
A driver can change their full name into whatever they want after they are accepted into the Uber driver program. Once the uber driver is accepted, they can "Inspect Element" and change the profiles ... to contain the following information Same thing for last name. They will be given the...