Malicious code in @pmate/utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d918da5fdc17486ed55296e53c1de2f1d976895f77e33dc7f73991e36f393502 The exported detectTextimageBase64 function in src/detectText.ts sends caller-supplied image content to...

Malicious code in @bcrumbs.net/bc-chat (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d4bd9ccff2d027c9982ab41ff4b4417e62475e70aba04212794f267030f63ab0 The exported BCChat React component embeds a hardcoded Azure Blob SAS URL https://bcuserres.blob.core.windows.net/anonymous with a long-lived SAS tok...

CVE-2024-0387

The EDS-4000/G4000 Series prior to version 3.2 includes IP forwarding capabilities that users cannot deactivate. An attacker may be able to send requests to the product and have it forwarded to the target. An attacker can bypass access controls or hide the source of malicious requests...

qt5-qtwebsockets: websocket implementation allows only limited size for frames and messages therefore attacker can cause DOS

In Qt through 5.14.1, the WebSocket implementation accepts up to 2GB for frames and 2GB for messages. Smaller limits cannot be configured. This makes it easier for attackers to cause a denial of service memory consumption...