20 matches found
Improper Authorization
Overview Affected versions of this package are vulnerable to Improper Authorization in the authentication process. An attacker can maintain unauthorized access to resources by using valid API tokens, CalDAV credentials, or OpenID Connect authentication even after the account has been disabled or...
Replay Attack
Overview Affected versions of this package are vulnerable to Replay Attack via the TOTP authentication process. An attacker can bypass authentication controls by reusing a valid TOTP code within its validity window. Remediation Upgrade code.vikunja.io/api/pkg/user to version 2.2.1 or higher...
Missing Authorization
Overview Affected versions of this package are vulnerable to Missing Authorization due to insufficient enforcement of account disablement in the api process. An attacker can regain access to a previously disabled account by bypassing administrator-imposed restrictions. Remediation Upgrade...
Malicious code in virtualize-long-deserialize-permission-user (npm)
The package virtualize-long-deserialize-permission-user was found to contain malicious code...
Malicious code in discord.js-user (npm)
The package discord.js-user was found to contain malicious code...
MAL-2025-1894 Malicious code in meli-user (npm)
--- -= Per source details. Do not edit below this line.=-...
Malicious code in google-user (npm)
--- -= Per source details. Do not edit below this line.=-...
Malicious code in coinbase-user (npm)
--- -= Per source details. Do not edit below this line.=-...
Malicious code in amazon-user (npm)
--- -= Per source details. Do not edit below this line.=-...
Malicious code in apple-user (npm)
The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 3a8912d51500c8587f94c4a95668a15c6225ed1285c96f5daa159488cdcffd77 Any computer that has this package installed or running should be considered...
MAL-2025-1018 Malicious code in apple-user (npm)
The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 3a8912d51500c8587f94c4a95668a15c6225ed1285c96f5daa159488cdcffd77 Any computer that has this package installed or running should be considered...
MAL-2025-567 Malicious code in airbnb-user (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f07949285a0d1add8d97f855b50c15882889463a482eb03f4ea66453dfcb601f Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2025-542 Malicious code in lyft-user (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis a2f01e05b592462f5cd8959f49eb75aea1f7e08d9c9c2a1e817953e0c06e3c84 The OpenSSF Package Analysis project identified 'lyft-user' @ 999.9.9 npm as malicious. It is considered malicious because: - The package...
Malicious code in linkedin-user (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis e782ae9b14ef40a792bc55c6f60693da134e9e77e9f74d07336fcd40de0dfbc4 The OpenSSF Package Analysis project identified 'linkedin-user' @ 999.9.9 npm as malicious. It is considered malicious because: - The package...
MAL-2025-518 Malicious code in linkedin-user (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis e782ae9b14ef40a792bc55c6f60693da134e9e77e9f74d07336fcd40de0dfbc4 The OpenSSF Package Analysis project identified 'linkedin-user' @ 999.9.9 npm as malicious. It is considered malicious because: - The package...
MAL-2025-476 Malicious code in godaddy-user (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 0952faaa9e03380da7ca100f669bfd7d1c69d691664ec13c1c10bfad931a5b43 The OpenSSF Package Analysis project identified 'godaddy-user' @ 999.9.9 npm as malicious. It is considered malicious because: - The package...
ASB-A-272042183
In various functions of AppStandbyController.java, there is a possible way to break manageability scenarios due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...
MAL-2022-6346 Malicious code in suer (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 2d0568838b7bd7d608e8f85b4c24ff81002c26ec5aaceeba6d6476148925a3be Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in wechat-user (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ed674eef3c547c5b88c4d1f78f844e5bc4653a001ad23538ade6652afb5feb0d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Vulnerabilities of the Debian GNU/Linux operating system that allow a remote attacker to compromise the accessibility of protected information
The multiple vulnerabilities in the krb5-user package of the Debian GNU/Linux operating system may lead to a violation of the accessibility of protected information. These vulnerabilities can be exploited remotely...