MAL-2026-5441 Malicious code in exodus-secure-container (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 92bc77b12251baa18392bd90e84d6bdc57aaef9a8c774f8cb29a0066e80f76b5 On npm install, the package runs node src/canary.js as a postinstall hook. That script performs a DNS lookup and HTTPS GET to the hardcoded host...

EUVD-2015-6370

Malware in sbrugna...

CVE-2023-46729 Sentry Next.js vulnerable to SSRF via Next.js SDK tunnel endpoint

sentry-javascript provides Sentry SDKs for JavaScript. An unsanitized input of Next.js SDK tunnel endpoint allows sending HTTP requests to arbitrary URLs and reflecting the response back to the user. This issue only affects users who have Next.js SDK tunneling feature enabled. The problem has bee...

CVE-2023-46729

CVE-2023-46729 affects the Sentry JavaScript SDK for Next.js tunneling. An unsanitized input in the Next.js SDK tunnel endpoint allows making HTTP requests to arbitrary URLs and reflecting the response back to the user, exposing potential SSRF risks. This issue is limited to users who have the Ne...

Design/Logic Flaw

When the F5 BIG-IP 12.1.0-12.1.1, 11.6.0-11.6.1, 11.5.1-11.5.5, or 11.2.1 system is configured with a wildcard IPSec tunnel endpoint, it may allow a remote attacker to disrupt or impersonate the tunnels that have completed phase 1 IPSec negotiations. The attacker must possess the necessary...