15 matches found
EUVD-2013-0934
Malware in sbrugna...
CVE-2025-59363
In One Identity OneLogin before 2025.3.0, a request returns the OIDC client secret with GET Apps API v2 even though this secret should only be returned when an App is first created,...
CVE-2025-59363
In One Identity OneLogin prior to 2025.3.0, the GET /api/2/apps endpoint returned OIDC client_secret values alongside app metadata, enabling disclosure of sensitive credentials. This is caused by excessive data being returned by the Apps API v2 and constitutes a breach of confidentiality for OIDC...
Malicious Package
Overview @epc-apps/api-ingestor is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this...
Malicious Package
Overview @epc-apps/api-version-test is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if thi...
Malicious code in @epc-apps/api-management-plan (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware dcba229feeeaecf4b840caf01dc046b860329625fbae49197bcdbb35289561d6 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in @epc-apps/api-generic-plan (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware e3783a587d271aec0c7725f7a4d384068e3ea63c385265d50717808837ae390a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2022-234 Malicious code in @epc-apps/api-outages (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 52303d5ff48784b5ed46373ac7162f5ddc5ed3c8c629c696ccacba4c15d8e587 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
ScratchOAuth2 授权问题漏洞
Kenny2github ScratchOAuth2 is a Kenny2github open source application. Verify that a Scratch account is authentic for authorization or identification purposes. ScratchOAuth2 has a security vulnerability that stems from a problem with the key authorization mechanism in the SpecificApps REST API,...
MS15-131: Description of the security update for Word 2013: December 8, 2015
Resolves vulnerabilities in Office that could allow remote code execution if a user opens a specially crafted Office file.SummaryThis security update resolves vulnerabilities in Microsoft Office that could allow remote code execution if a user opens a specially crafted Office file. To learn more...
CVE-2013-0923
The USB Apps API in Google Chrome before 26.0.1410.43 allows remote attackers to cause a denial of service memory corruption via unspecified vectors...
Memory corruption
The USB Apps API in Google Chrome before 26.0.1410.43 allows remote attackers to cause a denial of service memory corruption via unspecified vectors...
CVE-2013-0923
The USB Apps API in Google Chrome before 26.0.1410.43 allows remote attackers to cause a denial of service memory corruption via unspecified vectors...
CVE-2013-0923
CVE-2013-0923 is a memory safety issue in Google Chrome’s USB Apps API. The vulnerability is described as a memory corruption (remote) condition exploitable via unspecified vectors in Chrome builds prior to 26.0.1410.43. Connected sources corroborate that this CVE is part of a broader set of Chro...
CVE-2013-0923
Removed by vendor...