Malicious code in loading-session (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 640bfe1e0b6627e78ec34ef2d97df0d5d29d912446883f284c15935cc8f6f996 Package advertises itself via a verbatim copy of pino's README, docs/, and index.d.ts TypeScript types and documentation are pino's, but index.js doe...

MAL-2026-4600 Malicious code in loading-session (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 640bfe1e0b6627e78ec34ef2d97df0d5d29d912446883f284c15935cc8f6f996 Package advertises itself via a verbatim copy of pino's README, docs/, and index.d.ts TypeScript types and documentation are pino's, but index.js doe...

CVE-2021-27209

In the management interface on TP-Link Archer C5v 1.7181221 devices, credentials are sent in a base64 format over cleartext HTTP...

CVE-2026-31848

Nexxt Solutions Nebula 300+ firmware through version 12.01.01.37 uses the ecospw cookie for authentication, which contains Base64-encoded credential data combined with a static suffix. Because the encoding is reversible and lacks integrity protection, an attacker can reconstruct or forge a valid...

CVE-2019-25470

eWON Firmware versions 12.2 to 13.0 contain an authentication bypass vulnerability that allows attackers with minimal privileges to retrieve sensitive user data by exploiting the wsdReadForm endpoint. Attackers can send POST requests to /wrcgi.bin/wsdReadForm with base64-encoded partial credentia...

CVE-2019-25470

eWON Firmware versions 12.2 to 13.0 contain an authentication bypass vulnerability that allows attackers with minimal privileges to retrieve sensitive user data by exploiting the wsdReadForm endpoint. Attackers can send POST requests to /wrcgi.bin/wsdReadForm with base64-encoded partial credentia...

Advantech ADAM-5550 Weak Encoding For Password (CVE-2024-37187)

Advantech ADAM-5550 share user credentials with a low level of encryption, consisting of base 64 encoding. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc'; if description...

CVE-2026-22080

This vulnerability exists in Tenda wireless routers 300Mbps Wireless Router F3 and N300 Easy Setup Router due to the transmission of credentials encoded using reversible Base64 encoding through the web-based administrative interface. An attacker on the same network could exploit this vulnerabilit...

EUVD-2023-60177

Tinycontrol LAN Controller v3 LK3 version 1.58a contains an unauthenticated vulnerability that allows remote attackers to download configuration backup files containing sensitive credentials. Attackers can retrieve the lk3settings.bin file and extract base64-encoded user and admin passwords witho...

EUVD-2017-5236

Malware in sbrugna...

SATO S86-ex 203dpi 安全漏洞

SATO S86-ex 203dpi is a print engine from SATO Japan. A security vulnerability exists in the SATO S86-ex 203dpi that originates from the device web server access credentials being sent as base64 via HTTP headers, which may be intercepted for acquisition...

JetBrains TeamCity < 2025.03.1 Multiple Vulnerabilities

The version of JetBrains TeamCity installed on the remote host is prior to 2025.03.1. It is, therefore, affected by multiple vulnerabilities as referenced in the TeamCity202504 advisory. - In JetBrains TeamCity before 2025.03.1 base64-encoded credentials could be exposed in build logs...

CVE-2025-46432

In JetBrains TeamCity before 2025.03.1 base64-encoded credentials could be exposed in build logs...

JetBrains TeamCity 日志信息泄露漏洞

JetBrains TeamCity is a set of distributed build management and continuous integration tools from the Czech company JetBrains. The tool provides continuous unit testing, code quality analysis and build problem analysis reports and other features. JetBrains TeamCity suffers from a log information...

Jenkins Plugin Plain Credentials Security Vulnerability

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application. An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is an application software ... A security vulnerabili...

CVE-2023-46383

LOYTEC electronics GmbH LINX Configurator all versions uses HTTP Basic Authentication, which transmits usernames and passwords in base64-encoded cleartext and allows remote attackers to steal the password and gain full control of Loytec device configuration...

PT-2023-29992 · Loytec Electronics Gmbh · Linx Configurator

Name of the Vulnerable Software and Affected Versions: LOYTEC electronics GmbH LINX Configurator all versions Description: The issue concerns the use of HTTP Basic Authentication in the LINX Configurator, which transmits usernames and passwords in base64-encoded cleartext. This allows remote...

OPENSUSE-SU-2021:0338-1 Security update for python-djangorestframework

This update for python-djangorestframework fixes the following issues: Update to 3.11.2 Security: Drop urlizequotedlinks template tag in favour of Django's built-in urlize. Removes a XSS vulnerability for some kinds of content in the browsable API. boo1177205, CVE-2020-25626 update Django for API...

OPENSUSE-SU-2021:0322-1 Security update for python-djangorestframework

This update for python-djangorestframework fixes the following issues: Update to 3.11.2 Security: Drop urlizequotedlinks template tag in favour of Django's built-in urlize. Removes a XSS vulnerability for some kinds of content in the browsable API. boo1177205, CVE-2020-25626 update Django for API...

CVE-2021-27209

In the management interface on TP-Link Archer C5v 1.7181221 devices, credentials are sent in a base64 format over cleartext HTTP...