6 matches found
MAL-2026-4789 Malicious code in ggk-happy (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d747cc7acd8bbc1defbf475aa3202fd332fd43135a6fedddfcc37356ce02eb54 Package presents itself as the legitimate slopus/happy CLI README instructs npm install -g happy; homepage, repository, bugs, and author fields all...
EUVD-2020-17788
Malware in sbrugna...
EUVD-2024-3098
Malicious code in bioql PyPI...
CVE-2020-25096
LogRhythm Platform Manager PM 7.4.9 has Incorrect Access Control. Users within LogRhythm can be delegated different roles and privileges, intended to limit what data and services they can interact with. However, no access control is enforced for WebSocket-based communication to the PM application...
CVE-2024-50347 Laravel Reverb has Missing API Signature Verification
Laravel Reverb provides a real-time WebSocket communication backend for Laravel applications. Prior to 1.4.0, there is an issue where verification signatures for requests sent to Reverb's Pusher-compatible API were not being verified. This API is used in scenarios such as broadcasting a message...
Weak Hashing Algorithm
bsock is vulnerable to a Weak Hashing Algorithm. The vulnerable is due to the libraries usage of weak hashing algorithm MD5, SHA1 within vendor\faye-websocket.js. This could allow an attacker to break the confidentiality of the websocket communication...