MAL-2026-5418 Malicious code in @nstrlabs/api-client (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector de7b47a7f81209dbbaff286599b46f4f030ff992b6d0c25d947cc84739b838d9 @nstrlabs/[email protected] is a hollow package whose only behavior is an install-time exfiltration beacon. package.json declares "preinstall": "node...

Xenforo 安全漏洞

Xenforo is a forum software developed by the Xenforo company. Versions of XenForo prior to 2.3.5 contained security vulnerabilities. These vulnerabilities stemmed from the OAuth2 client application’s ability to request unauthorized scopes, which could allow the client application to obtain access...

PT-2023-26895 · Sentry · Sentry

Name of the Vulnerable Software and Affected Versions: Sentry versions 22.1.0 through 23.7.2 Description: Sentry is an error tracking and performance monitoring platform. An attacker with access to a token with few or no scopes can query "/api/0/api-tokens/" for a list of all tokens created by a...