25 matches found
MAL-2026-3489 Malicious code in @tanstack/start-plugin-core (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 49b587e79343875d24fc89fcc4df1fd24b25a111762b0a043ae2d01c30e34db5 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
@ardeora/start-devtools (>=1.0.0 <=1.0.1), @carvajalconsultants/headstart (>=1.0.0 <=1.0.2) +23 more potentially affected by CVE-2026-45321 via @tanstack/start-plugin-core (>=1.121.0-alpha.28 <=1.169.20)
@tanstack/start-plugin-core NPM version =1.121.0-alpha.28, =1.0.0, =1.0.0, =0.1.1, =1.20.3-alpha.1, =1.111.10, =1.121.23, =0.0.1, =1.20.3-alpha.1, =1.114.29, =1.121.23, =1.97.4, =1.111.10, =1.141.0, =0.3.0, =0.7.0 and more Source cves: CVE-2026-45321 Source advisory:...
Authentication Bypass
ajenti.plugin.core is vulnerable to Authentication Bypass. The vulnerability is due to improper enforcement of password authentication when 2FA is enabled, which allows an attacker to bypass login controls and gain unauthorized access...
GHSA-8647-755Q-FW9P ajenti.plugin.core has race conditions in 2FA
Impact If the 2FA was activated, it was possible during a short moment after the authentication of an user to bypass its authentication. Patches This is fixed in the version 0.112. Users should upgrade to this version as soon as possible...
Race Condition
Overview ajenti.plugin.core is a Core Affected versions of this package are vulnerable to Race Condition in the 2FA authentication. An attacker can gain unauthorized access by exploiting a timing issue immediately after user authentication, allowing them to bypass intended security checks...
EUVD-2026-21577
ajenti.plugin.core has race conditions in 2FA...
ajenti.plugin.core has race conditions in 2FA
Impact If the 2FA was activated, it was possible during a short moment after the authentication of an user to bypass its authentication. Patches This is fixed in the version 0.112. Users should upgrade to this version as soon as possible...
User Impersonation
Overview ajenti.plugin.core is a Core Affected versions of this package are vulnerable to User Impersonation via 2FA authentication. An attacker can gain unauthorized access by bypassing password authentication. Remediation Upgrade ajenti.plugin.core to version 0.112 or higher. References - GitHu...
EUVD-2026-21575
ajenti.plugin.core has password bypass when 2FA is activated...
ajenti.plugin.core has password bypass when 2FA is activated
Impact If the 2FA was activated, it was possible to bypass the password authentication Patches This is fixed in the version 0.112. Users should upgrade to this version as soon as possible...
GHSA-3MCX-6WXM-QR8V ajenti.plugin.core has password bypass when 2FA is activated
Impact If the 2FA was activated, it was possible to bypass the password authentication Patches This is fixed in the version 0.112. Users should upgrade to this version as soon as possible...
CVE-2026-40178 ajenti.plugin.core has a race conditions in 2FA
ajenti.plugin.core defines all necessary core elements to allow Ajenti to run properly. Prior to 0.112, if the 2FA was activated, it was possible during a short moment after the authentication of an user to bypass its authentication. This vulnerability is fixed in 0.112...
CVE-2026-40177 Password bypass when 2FA is activated
ajenti.plugin.core defines all necessary core elements to allow Ajenti to run properly. Prior to 0.112, if the 2FA was activated, it was possible to bypass the password authentication This vulnerability is fixed in 0.112...
PT-2026-32032
Name of the Vulnerable Software and Affected Versions ajenti.plugin.core versions prior to 0.112 Description Prior to version 0.112, a timing issue allowed bypassing two-factor authentication 2FA immediately after a user's successful authentication. This occurred during a brief window after...
Malicious Package
Overview strapi-plugin-core is a malicious package. This package contains malicious code that conceals a command-and-control agent and credential harvester. A malicious actor published a coordinated campaign of thirty-six packages disguised as community Strapi CMS plugins. These packages aren't...
Improper Certificate Validation
Overview Affected versions of this package are vulnerable to Improper Certificate Validation via the PKI realm. An attacker can impersonate other users by presenting specially crafted client certificates signed by a trusted Certificate Authority. Note: This is only exploitable if the attacker...
WordPress plugin Core 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security...
WordPress plugin Core 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site...
Malicious code in marley-plugin-core (npm)
The package marley-plugin-core was found to contain malicious code...
MAL-2025-25964 Malicious code in marley-plugin-core (npm)
The package marley-plugin-core was found to contain malicious code...