1270 matches found
EUVD-2024-37886
Malicious code in bioql PyPI...
EUVD-2023-1545
Malicious code in bioql PyPI...
EUVD-2025-9534
Malicious code in bioql PyPI...
EUVD-2024-25864
Malicious code in bioql PyPI...
EUVD-2025-6849
Malicious code in bioql PyPI...
EUVD-2024-20948
Malicious code in bioql PyPI...
EUVD-2025-9530
Malicious code in bioql PyPI...
EUVD-2024-49958
Malicious code in bioql PyPI...
EUVD-2024-0610
Malicious code in bioql PyPI...
CVE-2025-57266
An issue was discovered in file AssistantController.java in ThriveX Blogging Framework 2.5.9 thru 3.1.3 allowing unauthenticated attackers to gain sensitive information such as API Keys via the /api/assistant/list endpoint...
CVE-2025-57266
ThriveX Blogging Framework versions 2.5.9 through 3.1.3 contain an unauthenticated information disclosure in AssistantController.java, exposing sensitive data (e.g., API Keys) via the /api/assistant/list endpoint. Publicly available documents (NVD, Red Hat, CVE listings) corroborate the issue and...
CVE-2025-53884
NeuVector stores user passwords and API keys using a simple, unsalted hash. This method is vulnerable to rainbow table attack offline attack where hashes of known passwords are precomputed...
CVE-2025-53884
NeuVector stores user passwords and API keys using a simple, unsalted hash. This method is vulnerable to rainbow table attack offline attack where hashes of known passwords are precomputed...
CVE-2025-53884
CVE-2025-53884 concerns NeuVector, where passwords and API keys are stored using a simple, unsalted hash. The provided documents state this scheme is vulnerable to rainbow table attacks (offline hash precomputation), enabling potential credential exposure if hashes are compromised. The NVD entry ...
Linux Distros Unpatched Vulnerability : CVE-2021-37937
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was found with how API keys are created with the Fleet-Server service account. When an API key is created with a service account, it is possible that t...
CVE-2025-57806 Local Deep Research's API keys are stored in plain text
Local Deep Research is an AI-powered research assistant for deep, iterative research. Versions 0.2.0 through 0.6.7 stored confidential information, including API keys, in a local SQLite database without encryption. This behavior was not clearly documented outside of the database architecture page...
Local Deep Research's API keys are stored in plain text
Affected Versions: 0.2.0 and = 1.0.0 Description: The library stored confidential information, including API keys, in a local SQLite database without encryption. This behavior was not clearly documented outside of the database architecture page. Users were not given the ability to configure the...
Linux Distros Unpatched Vulnerability : CVE-2020-7009
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Elasticsearch versions from 6.7.0 before 6.8.8 and 7.0.0 before 7.6.2 contain a privilege escalation flaw if an attacker is able to create API keys. An attacker...
Malicious Package
Overview enumer-iam is a malicious package. This package contains malicious code disguised as a legitimate cloud client utility, and its content has been removed from the official package manager. Its primary purpose is to steal cloud-related secrets, such as API keys and access tokens. The packa...
Malicious Package
Overview acloud-client-uses is a malicious package. This package contains malicious code disguised as a legitimate cloud client utility, and its content has been removed from the official package manager. Its primary purpose is to steal cloud-related secrets, such as API keys and access tokens. T...