315 matches found
EUVD-2022-5453
Malicious code in bioql PyPI...
EUVD-2025-16588
Malicious code in bioql PyPI...
EUVD-2024-2762
Malicious code in bioql PyPI...
EUVD-2025-20840
Malicious code in bioql PyPI...
EUVD-2022-3762
Malicious code in bioql PyPI...
EUVD-2023-1966
Malicious code in bioql PyPI...
EUVD-2021-30007
Malicious code in bioql PyPI...
CVE-2025-55191
Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Versions between 2.1.0 and 2.14.19, 3.2.0-rc1, 3.1.0-rc1 through 3.1.7, and 3.0.0-rc1 through 3.0.18 contain a race condition in the repository credentials handler that can cause the Argo CD server to panic and crash when...
CVE-2025-55191 Repository Credentials Race Condition Crashes Argo CD Server
Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Versions between 2.1.0 and 2.14.19, 3.2.0-rc1, 3.1.0-rc1 through 3.1.7, and 3.0.0-rc1 through 3.0.18 contain a race condition in the repository credentials handler that can cause the Argo CD server to panic and crash when...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code. Compromised versions of this package contain a file called bundle.js that exfiltrates secrets from the user's accounts, including credentials and API tokens. It also downloads malicious files and repackages them...
GO-2025-3934 Argo CD's Project API Token Exposes Repository Credentials in github.com/argoproj/argo-cd
Argo CD's Project API Token Exposes Repository Credentials in github.com/argoproj/argo-cd...
CVE-2025-58401
Obsidian GitHub Copilot Plugin versions prior to 1.1.7 store Github API token in cleartext form. As a result, an attacker may perform unauthorized operations on the linked Github account...
Linux Distros Unpatched Vulnerability : CVE-2025-0194
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in GitLab CE/EE affecting all versions starting from 17.4 prior to 17.5.5, starting from 17.6 prior to 17.6.3, and starting from 17.7...
CVE-2025-9036
A security issue in the runtime event system allows unauthenticated connections to receive a reusable API token. This token is broadcasted over a WebSocket and can be intercepted by any local client listening on the connection...
CVE-2025-9036
Rockwell Automation FactoryTalk Action Manager (v1.0.0 Runtime) is affected by a vulnerability in its runtime event system that permits unauthenticated local access to a reusable API token. The token is broadcast over a WebSocket and can be intercepted by any local client listening on the connect...
CVE-2025-53674
Jenkins Sensedia Api Platform tools Plugin 1.0 does not mask the Sensedia API Manager integration token on the global configuration form, increasing the potential for attackers to observe and capture it...
CVE-2025-53106 Graylog vulnerable to privilege escalation through API tokens
Graylog is a free and open log management platform. In versions 6.2.0 to before 6.2.4 and 6.3.0-alpha.1 to before 6.3.0-rc.2, Graylog users can gain elevated privileges by creating and using API tokens for the local Administrator or any other user for whom the malicious user knows the ID. For the...
Privilege Escalation
Graylog is vulnerable to Privilege Escalation. The vulnerability is due to insufficient permission checks due to a flaw in the Graylog REST API that allows authenticated users to create and use API tokens for other users, such as the local Administrator, if they know the target user's ID...
PT-2025-27497 · Graylog · Graylog
Name of the Vulnerable Software and Affected Versions: Graylog versions prior to 6.2.4 Graylog versions prior to 6.3.0-rc.2 Description: A flaw in Graylog allows authenticated users to escalate privileges via API token abuse. This issue can be exploited by creating and using API tokens for the...
CVE-2025-3415
A flaw exists in Grafana Alerting, where the DingDing contact-point integration URL can be revealed in plain text to users with viewer-level permissions due to misconfigured access control. This disclosure permits unauthorized users to view sensitive webhook URLs, including API tokens or keys,...