MAL-2026-5832 Malicious code in vend-utilities (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 89ed34c4d09a0f8bb373f141d18157203eb73efec9461434a7957dfe17ba72f1 package.json declares preinstall: node index.js, causing index.js to run automatically on npm install. The script collects installer host identity...

Takeover v0.2 - Sub-Domain TakeOver Vulnerability Scanner

Sub-domain takeover vulnerability occur when a sub-domain subdomain.example.com is pointing to a service e.g: GitHub , AWS/S3 ,.. that has been removed or deleted. This allows an attacker to set up a page on the service that was being used and point their page to that sub-domain. For example, if...

Vend VDP: Race Condition : Exploiting the loyalty claim https://xxx.vendhq.com/loyalty/claim/email/xxxxx url and gain x amount of loyalty bonus/cash

Hey Team! I love loyalty bonuses, that turns first time users into returning customers , but sometimes loyalty can be exploited, just like in this chase. LT:DR A firtstime loyalty customer will get x times the amount of loyalty bonus from the story by racing the loyalty link x amount of times in...

Vend VDP: Improper access control on adding a Register to an Outlet

Summary: User without permissions to add a Register to an Outlet can bypass this restriction and add a Register to an Outlet. Description: I do not know which permission exactly controls this action, I tested this against default Cashier role. User with default Cashier role has no permission to a...