CVE-2026-45132

CloudPirates Open Source Helm Charts is a collection of Helm charts. Prior to commit fcf9302, a GitHub Actions workflow generate-schema.yaml exposes sensitive credentials Personal Access Token and SSH signing key to fork-controlled code due to unsafe checkout and credential handling practices. Th...

CVE-2026-45132

CVE-2026-45132 concerns CloudPirates Open Source Helm Charts. Prior to commit fcf9302, a GitHub Actions workflow (generate-schema.yaml) exposed sensitive credentials—Personal Access Token and an SSH signing key —to fork-controlled code due to unsafe checkout and credential handling practices. The...

CVE-2026-45132 CloudPirates Open Source Helm Charts: GitHub Actions workflow leaks PAT and SSH signing key via unsafe credential handling

CloudPirates Open Source Helm Charts is a collection of Helm charts. Prior to commit fcf9302, a GitHub Actions workflow generate-schema.yaml exposes sensitive credentials Personal Access Token and SSH signing key to fork-controlled code due to unsafe checkout and credential handling practices. Th...

CVE-2026-45132 CloudPirates Open Source Helm Charts: GitHub Actions workflow leaks PAT and SSH signing key via unsafe credential handling

CloudPirates Open Source Helm Charts is a collection of Helm charts. Prior to commit fcf9302, a GitHub Actions workflow generate-schema.yaml exposes sensitive credentials Personal Access Token and SSH signing key to fork-controlled code due to unsafe checkout and credential handling practices. Th...

MAL-2026-4689 Malicious code in test-ajs (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 851b521e3dde5ea11478cd37cc4bf8da2f0a0ca1864d6c39fa27fd02ef0f9308 test-ajs advertises a 2KB React/Recoil helper dist/cjs/index.js, 2169 bytes, exporting Roid/inject glue over react+recoil but ships a 976KB Linux ELF...

Fedora 44 : composer (2026-1140c02041)

The remote Fedora 44 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-1140c02041 advisory. Version 2.9.7 - 2026-04-14 Fixes regression calling custom script command aliases that are called a substring of a composer command 12802 ---- Versi...

CVE-2026-39462

CVE-2026-39462 affects SenseLive X3050, where the web management interface fails to reliably apply password changes due to backend credential handling. After factory restore with SenseLive Config 2.0, the UI may indicate a successful password update while the system continues to accept previous o...

PT-2026-34808

A vulnerability exists in SenseLive X3050’s web management interface in which password updates are not reliably applied due to improper handling of credential changes on the backend. After the device undergoes a factory restore using the SenseLive Config 2.0 tool, the interface may indicate that...

CVE-2026-4132

The HTTP Headers plugin for WordPress is vulnerable to External Control of File Name or Path leading to Remote Code Execution in all versions up to and including 1.19.2. This is due to insufficient validation of the file path stored in the 'hhhtpasswdpath' option and lack of sanitization on the...

Langflow 安全漏洞

Langflow is an open-source visualization framework developed by Langflow for building multi-agent and RAG applications. Versions of Langflow 1.8.3 and earlier contain security vulnerabilities. These vulnerabilities stem from incorrect operations on the function removeapikeys/hasapiterms found in...

curl: Security Vulnerability Report: Protocol Injection via Programmatic Options

Summary Multiple text-based protocol handlers in libcurl including FTP, SMTP, POP3, and IMAP are vulnerable to protocol command injection. This occurs when an application sets credentials or other protocol-specific options programmatically e.g., via CURLOPTUSERNAME, CURLOPTPASSWORD, or...

CVE-2026-29084

CVE-2026-29084 affects Gokapi (self-hosted file sharing server). Before version 2.2.3 its login flow lacks CSRF protection tied to the browser session context; the handler parses form values and creates a session after credential validation, enabling potential unauthorized session creation. The i...

Gokapi has CSRF in Login Endpoint

Summary The login flow accepts credential-bearing requests without CSRF protection mechanisms tied to the browser session context. The handler parses form values directly and creates a session on successful credential validation. Issue found by aisafe.io Impact An attacker can force a victim...

MiracleLinux 8 : git-2.43.7-1.el8_10 (AXSA:2025-10623:09)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2025-10623:09 advisory. git: Git does not sanitize URLs when asking for credentials interactively CVE-2024-50349 git: Newline confusion in credential helpers can lead to...

Kafka Connect BigQuery Connector code issues and vulnerabilities

Kafka Connect BigQuery Connector is a high-performance data synchronization middleware developed by Aiven Open. Versions of the connector prior to 2.11.0 contained code vulnerabilities. These vulnerabilities stemmed from the fact that the service did not validate the credentials from external...

MiracleLinux 3 : krb5-1.6.1-17AXS3.1 (AXSA:2008-153:02)

The remote MiracleLinux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2008-153:02 advisory. Kerberos V5 is a trusted-third-party network authentication system, which can improve your network's security by eliminating the insecure practice of...

CLSA-2026-1768300849 Fix CVE(s): CVE-2024-50349

SECURITY UPDATE: improper encoding or escaping of credential handling - debian/patches/CVE-2024-50349.patch: fix ANSI escape sequence vulnerability that occurs when asking for credentials interactively - CVE-2024-50349...

MiracleLinux 9 : git-2.47.3-1.el9_6 (AXSA:2025-10640:10)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2025-10640:10 advisory. git: Git does not sanitize URLs when asking for credentials interactively CVE-2024-50349 git: Newline confusion in credential helpers can lead to...

The Impact of Robotic Process Automation (RPA) on Identity and Access Management

As enterprises refine their strategies for handling Non-Human Identities NHIs, Robotic Process Automation RPA has become a powerful tool for streamlining operations and enhancing security. However, since RPA bots have varying levels of access to sensitive information, enterprises must be prepared...

Linux Distros Unpatched Vulnerability : CVE-2025-39912

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - nfs/localio: restore creds before releasing pageio data Otherwise if the nfsd filecache code releases the nfsdfile immediately, it can trigger the BUGONcred ==...