44 matches found
MAL-2026-3181 Malicious code in period-newline (npm)
Malicious npm package published by threat actor "ryanmccollum1" impersonating a benign text-formatting utility. Part of the same supply chain attack campaign as redeem-onchain-sdk, which collects SSH keys, AWS credentials, .npmrc tokens, Docker auth, Chrome saved logins, .env files, and git...
MAL-2026-3151 Malicious code in apple-cloud-infrastructure-monitor (npm)
Malicious npm package published by threat actor "raya4321" as part of a coordinated typosquatting campaign impersonating Apple internal infrastructure services authentication, PKI, telemetry, CloudKit, and cloud infrastructure. All packages in this campaign execute credential-theft payloads durin...
GHSA-96PQ-HXPW-RGH8 Craft CMS: save_images_Asset graphql mutation can be abused to exfiltrate AWS credentials of underlying host
Summary - The saveimagesAsset graphql mutation allows a user to give a url of an image to download. Url must use a domain, not a raw IP. - Attacker sets up domain attacker.domain with an A record of something like 169.254.169.254 special AWS metadata IP - Attacker invokes saveimagesAsset with url...
CVE-2026-25492
Craft CMS versions 3.5.0–4.16.17 and 5.0.0-RC1–5.8.21 are affected. The save_images_Asset GraphQL mutation can be abused to fetch internal URLs by supplying a domain resolving to an internal IP, bypassing hostname validation. If a non-image file extension (e.g., .txt) is allowed, downstream image...
CVE-2025-64709 Typebot May Expose AWS EKS Credentials via Server Side Request Forgery in Webhook Block
Typebot is an open-source chatbot builder. In versions prior to 3.13.1, a Server-Side Request Forgery SSRF vulnerability in the Typebot webhook block HTTP Request component functionality allows authenticated users to make arbitrary HTTP requests from the server, including access to AWS Instance...
PT-2025-46903
Name of the Vulnerable Software and Affected Versions Typebot versions prior to 3.13.1 Description Typebot is an open-source chatbot builder. A Server-Side Request Forgery SSRF issue exists in the Typebot webhook block HTTP Request component functionality. This allows authenticated users to make...
Typebot 代码问题漏洞
Typebot is an open source chatbot builder by the individual developer Baptiste Arnaud. A code issue vulnerability exists in versions prior to Typebot 3.13.1 that stems from a server-side request forgery in the Typebot webhook block functionality, which could lead to the extraction of AWS IAM...
CVE-2025-59434 Critical Multi-Tenant Variable Disclosure in Flowise Cloud via Custom JavaScript Function
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to August 2025 Cloud-Hosted Flowise, an authenticated vulnerability in Flowise Cloud allows any user on the free tier to access sensitive environment variables from other tenants via the Custom JavaScri...
CVE-2025-59434
Flowise Cloud prior to August 2025 was vulnerable to a cross-tenant data exposure through the Custom JavaScript Function node, allowing authenticated users on the free tier to access environment variables from other tenants (e.g., OpenAI keys, cloud credentials, and tokens). The issue has been pa...
PT-2025-39070
Name of the Vulnerable Software and Affected Versions Flowise versions prior to August 2025 Cloud-Hosted Flowise Description Flowise is a drag & drop user interface used to build customized large language model flows. A vulnerability in Flowise Cloud, prior to the August 2025 release, allows...
PT-2025-34035 · Jetbrains · Teamcity
Name of the Vulnerable Software and Affected Versions: TeamCity versions prior to 2025.07.1 Description: TeamCity was affected by an issue where AWS credentials were exposed in Docker script files. Recommendations: Update to TeamCity version 2025.07.1 or later...
Malicious code in bh-25-req-ase (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 ddd759ada90b89401904e23b4e8cbe6a3021baf3c34495150b4a713ca7063be0 If run, the package exfiltrates AWS credentials. Though it's described as test, the exfiltration really happens --- Category: MALICIOUS - The campaign has...
MAL-2025-191692 Malicious code in bh-usa-req-ase (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 8c83e1a14cfb125b4cfcb3e1ca52afd31fb170b78ade2aa3fd31cc846b8ac7da If run, the package exfiltrates AWS credentials. Though it's described as test, the exfiltration really happens --- Category: MALICIOUS - The campaign has...
Malicious code in bh-usa-automate-req-ase (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 b0340aadb507418f2d21cfa7d568f133db23a6392a2ec64411540ec4ce5456d7 If run, the package exfiltrates AWS credentials. Though it's described as test, the exfiltration really happens --- Category: MALICIOUS - The campaign has...
Malicious code in req-pre-automate (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 6ce39a0e7a45f8d70e0e7e0d0e597b5029dcfcdd422ec0fec324921c5021a9ca If run, the package exfiltrates AWS credentials. Though it's described as test, the exfiltration really happens --- Category: MALICIOUS - The campaign has...
MAL-2025-191853 Malicious code in req-ase (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 6058bfefce274f953708b9c8ba745b15525a3f573da10dac8597285eac526fd4 If run, the package exfiltrates AWS credentials. Though it's described as test, the exfiltration really happens --- Category: MALICIOUS - The campaign has...
Malicious code in ase-jreq (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 53d3ded73c297df3a6a010b08188ed7b3fab13570e8d72492803ae3903a49939 If run, the package exfiltrates AWS credentials. Though it's described as test, the exfiltration really happens --- Category: MALICIOUS - The campaign has...
Malicious code in jsonreq-ase (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 b2470d0f1bf1493c176d8622368f7f975be80c5f8a2acfa1dcae8199bc54e7ed If run, the package exfiltrates AWS credentials. Though it's described as test, the exfiltration really happens --- Category: MALICIOUS - The campaign has...
MAL-2025-191768 Malicious code in jsonreq-ase (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 b2470d0f1bf1493c176d8622368f7f975be80c5f8a2acfa1dcae8199bc54e7ed If run, the package exfiltrates AWS credentials. Though it's described as test, the exfiltration really happens --- Category: MALICIOUS - The campaign has...
DEBIAN-CVE-2014-6274
git-annex had a bug in the S3 and Glacier remotes where if embedcreds=yes was set, and the remote used encryption=pubkey or encryption=hybrid, the embedded AWS credentials were stored in the git repository in effectively plaintext, not encrypted as they were supposed to be. This issue affects...