CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Snyk•added 2026/05/22 2:43 a.m.•8 views

Malicious Package

Overview credential-verification-cli is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...

9.8CVSS5.8AI score

OSV•added 2026/05/22 1:53 a.m.•6 views

MAL-2026-4235 Malicious code in credential-verification-cli (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ebec51669e1875ebdcbe28040480db123cd5b42e4dbd4229b534a6e07e41b593 [email protected] is a thin wrapper whose only behavior is to download and execute whatever code is currently published at the latest...

6.2AI score

OSSF Malicious Packages•added 2026/05/22 1:53 a.m.•11 views

Malicious code in credential-verification-cli (npm)

6.2AI score

AstraLinux•added 2026/05/03 11:59 p.m.•5 views

Astra Linux - уязвимость в munge

MUNGE is an authentication service for creating and validating user credentials. From 0.5 to 0.5.17, local attacker can exploit a buffer overflow vulnerability in munged the MUNGE authentication daemon to leak cryptographic key material from process memory. With the leaked key material, the...

7.8CVSS7.6AI score0.00272EPSS

Vulnrichment•added 2026/05/01 12:0 a.m.•4 views

CVE-2026-37526

AGL app-framework-binder afb-daemon through v19.90.0 allows any local process to execute privileged supervision commands Exit, Do, Sclose, Config, Trace, Debug, Token, slist without authentication via the abstract Unix socket @urn:AGL:afs:supervision:socket. The onsupervisioncall function in...

7.8CVSS6AI score0.00123EPSS

EUVD•added 2026/04/16 3:31 p.m.•4 views

EUVD-2025-209499

Insufficiently Protected Credentials in Sparx Systems Pty Ltd. Sparx Enterprise Architect. Client does not verify the receiver of OAuth2 credentials during OpenID authentication...

Cvelist•added 2026/04/16 12:40 p.m.•28 views

CVE-2025-15621 Sparx Enterprise Architect Client does not verify the receiver of OAuth2 credentials during OpenID authentication

Insufficiently Protected Credentials in Sparx Systems Pty Ltd. Sparx Enterprise Architect. Client does not verify the receiver of OAuth2 credentials during OpenID authentication...

5.7CVSS0.00115EPSS

CVE•added 2026/04/16 12:40 p.m.•17 views

CVE-2025-15621

CVE-2025-15621 affects the Sparx Systems Sparx Enterprise Architect client. The issue is that the client does not verify the receiver of OAuth2 credentials during OpenID authentication, indicating a flaw in credential handling that could allow credential misdirection or leakage within the OAuth/O...

ATTACKERKB•added 2026/04/16 12:40 p.m.•2 views

CVE-2025-15621

Insufficiently Protected Credentials in Sparx Systems Pty Ltd. Sparx Enterprise Architect. Client does not verify the receiver of OAuth2 credentials during OpenID authentication...

Exploits0References2Affected Software1

CNNVD•added 2026/04/16 12:0 a.m.•8 views

Sparx Enterprise Architect 安全漏洞

Sparx Enterprise Architect is a modeling and design tool developed by the Australian company Sparx. There is a security vulnerability in Sparx Enterprise Architect, which stems from the failure to verify the recipient of OAuth2 credentials during OpenID authentication...

Positive Technologies•added 2026/04/16 12:0 a.m.•5 views

PT-2026-33311

Name of the Vulnerable Software and Affected Versions Sparx Enterprise Architect affected versions not specified Description Insufficiently protected credentials exist where the client fails to verify the receiver of OAuth2 credentials during OpenID authentication. Recommendations At the moment,...