2 matches found
MAL-2026-4633 Malicious code in osep-api-hub-service-client-v1 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cd131719d20e013a4627e1ea402ffc26135d66a5d6dd35669b8a3a6fb85e5f76 package.json declares "preinstall": "node index.js", causing index.js to run automatically on npm install. index.js collects host identifiers —...
Design/Logic Flaw
EXCELLENT INFOTEK BiYan v1.57 v2.8 allows an attacker to leak user information without being authenticated, by sending a LOGINID element to the auth/main/asp/checkuserlogininfo.aspx URI, and then reading the response, as demonstrated by the KWEMAIL or KWTEL field...