Malicious code in fulcrum-sessions (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f3971399e0fb1bd6c61f5306557512ed22dc0605747526b600b08626a50eb31e src/config.js hardcodes a live Telegram bot token bot id 8656735452 and a default groupId -1003974755050 pointing at a chat owned by the package...

MAL-2026-4568 Malicious code in fulcrum-sessions (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f3971399e0fb1bd6c61f5306557512ed22dc0605747526b600b08626a50eb31e src/config.js hardcodes a live Telegram bot token bot id 8656735452 and a default groupId -1003974755050 pointing at a chat owned by the package...

MAL-2026-4554 Malicious code in ethers-wallet-packages (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector beda1480a40189cc8177ace4e3d6fd9773ad81f4cbe5a6c07e3004427846dc8d The package impersonates the legitimate @ethersproject/wallet source files are otherwise verbatim copies, including the internal version string...

Malicious code in wallet-agent-ai-radix (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 60a953d7785091650f4f48e0b038e71ad79788102ffd652bff4bb0e8bf40ea21 dist/agent.js contains a hardcoded Telegram Bot API endpoint https://api.telegram.org reached via fetch with a POST body that includes values from...

CVE-2024-9821

The Bot for Telegram on WooCommerce plugin for WordPress is vulnerable to sensitive information disclosure due to missing authorization checks on the 'stmwpcftogetsettings' AJAX action in all versions up to, and including, 1.2.7. This makes it possible for authenticated attackers, with...

CVE-2024-9627

The TeploBot - Telegram Bot for WP plugin for WordPress is vulnerable to sensitive information disclosure due to missing authorization checks on the 'serviceprocess' function in all versions up to, and including, 1.3. This makes it possible for unauthenticated attackers to view the Telegram Bot...

CVE-2024-9627

The TeploBot - Telegram Bot for WP plugin for WordPress is vulnerable to sensitive information disclosure due to missing authorization checks on the 'serviceprocess' function in all versions up to, and including, 1.3. This makes it possible for unauthenticated attackers to view the Telegram Bot...

CVE-2024-9627 TeploBot - Telegram Bot for WP <= 1.3 - Telegram Bot Token Disclosure

The TeploBot - Telegram Bot for WP plugin for WordPress is vulnerable to sensitive information disclosure due to missing authorization checks on the 'serviceprocess' function in all versions up to, and including, 1.3. This makes it possible for unauthenticated attackers to view the Telegram Bot...

CVE-2024-9627

CVE-2024-9627 concerns the WordPress plugin “TeploBot – Telegram Bot for WP.” The vulnerability is a missing authorization check in the service_process function across all versions up to and including 1.3, allowing unauthenticated attackers to disclose the Telegram Bot Token (secret for bot contr...

CVE-2024-9821

The Bot for Telegram on WooCommerce plugin for WordPress is vulnerable to sensitive information disclosure due to missing authorization checks on the 'stmwpcftogetsettings' AJAX action in all versions up to, and including, 1.2.7. This makes it possible for authenticated attackers, with...

CVE-2024-9821

CVE-2024-9821 : The WordPress plugin “Bot for Telegram on WooCommerce” is vulnerable to sensitive information disclosure due to missing authorization checks on the stm_wpcfto_get_settings AJAX action, affecting all versions up to 1.2.4. Authenticated attackers with subscriber-level access and abo...

CVE-2024-9821 Bot for Telegram on WooCommerce <= 1.2.7 - Authenticated (Subscriber+) Telegram Bot Token Disclosure to Authentication Bypass

The Bot for Telegram on WooCommerce plugin for WordPress is vulnerable to sensitive information disclosure due to missing authorization checks on the 'stmwpcftogetsettings' AJAX action in all versions up to, and including, 1.2.7. This makes it possible for authenticated attackers, with...

CVE-2024-9821 Bot for Telegram on WooCommerce <= 1.2.7 - Authenticated (Subscriber+) Telegram Bot Token Disclosure to Authentication Bypass

The Bot for Telegram on WooCommerce plugin for WordPress is vulnerable to sensitive information disclosure due to missing authorization checks on the 'stmwpcftogetsettings' AJAX action in all versions up to, and including, 1.2.7. This makes it possible for authenticated attackers, with...

GHSA-94PR-W968-H923 Jenkins Telegram Bot Plugin stores the Telegram Bot token in plaintext

Jenkins Telegram Bot Plugin 1.4.0 and earlier stores the Telegram Bot token unencrypted in its global configuration file jenkinsci.plugins.telegrambot.TelegramBotGlobalConfiguration.xml on the Jenkins controller as part of its configuration. This token can be viewed by users with access to the...

CVE-2024-34147

Jenkins Telegram Bot Plugin 1.4.0 and earlier stores the Telegram Bot token unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system...

Plaintext Storage of a Password in Jenkins Build Notifications Plugin

Build Notifications Plugin 1.5.0 and earlier stores multiple tokens unencrypted in its global configuration files on the Jenkins controller as part of its configuration:- Pushover Application Token in tools.devnull.jenkins.plugins.buildnotifications.PushoverNotifier.xml\n- Slack Bot Token in...