42 matches found
PT-2026-42206
Impact On April 29, 2026, compromised versions of @cap-js/[email protected], @cap-js/[email protected], and @cap-js/[email protected] were published. The malicious packages harvested credentials and attempted self-propagation. If a compromised version was installed, all credentials accessible on that...
CVE-2026-33634 Trivy ecosystem supply chain briefly compromised
Trivy is a security scanner. On March 19, 2026, a threat actor used compromised credentials to publish a malicious Trivy v0.69.4 release, force-push 76 of 77 version tags in aquasecurity/trivy-action to credential-stealing malware, and replace all 7 tags in aquasecurity/setup-trivy with malicious...
Embedded Malicious Code
Overview @zapier/spectral-api-ruleset is a Node package for linting API schemas using Spectral. Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Sha1-hulud supply chain attack, and its content was removed from th...
EUVD-2025-34997
Apache Geode is vulnerable to CSRF attacks through GET requests to the Management and Monitoring REST API that could allow an attacker who has tricked a user into giving up their Geode session credentials to submit malicious commands on the target system on behalf of the authenticated user. This...
EUVD-2018-2761
Malware in sbrugna...
EUVD-2021-24622
Malware in sbrugna...
EUVD-2008-6919
Malware in sbrugna...
EUVD-2021-21517
Malware in sbrugna...
EUVD-2025-11975
Malicious code in bioql PyPI...
EUVD-2021-29661
Malicious code in bioql PyPI...
EUVD-2022-2015
Malicious code in bioql PyPI...
EUVD-2023-12939
Malicious code in bioql PyPI...
CVE-2025-5823
CVE-2025-5823 affects Autel MaxiCharger AC Wallbox Commercial. The vulnerability lies in the Autel Technician API where an exposed dangerous method allows an attacker to disclose sensitive information, notably credentials/serial numbers, leading to potential further compromise. The NVD/CVE entrie...
CVE-2025-47849
CVE-2025-47849 (Apache CloudStack) : Privilege escalation affects CloudStack versions 4.10.0.0 through 4.20.0.0. A malicious Domain Admin in the ROOT domain can obtain the API key and secret key of Admin-role accounts in the same domain, enabling impersonation and access to sensitive APIs and res...
CVE-2024-13947
Device commissioning parameters in ASPECT may be modified by an external source if administrative credentials become compromisedThis issue affects ASPECT-Enterprise: through 3.; NEXUS Series: through 3.; MATRIX Series: through 3...
CVE-2024-13930
An Unchecked Loop Condition in ASPECT provides an attacker the ability to maliciously consume system resources if session administrator credentials become compromised This issue affects ASPECT-Enterprise: through 3.08.03; NEXUS Series: through 3.08.03; MATRIX Series: through 3.08.03...
CVE-2024-13945 Stored Absolute Path Traversal
Stored Absolute Path Traversal vulnerabilities in ASPECT could expose sensitive data if administrator credentials become compromised. This issue affects ASPECT-Enterprise: through 3.; NEXUS Series: through 3.; MATRIX Series: through 3...
CVE-2023-6588
Offline mode is always enabled, even if permission disallows it, in Devolutions Server data source in Devolutions Workspace 2023.3.2.0 and earlier. This allows an attacker with access to the Workspace application to access credentials when offline...
CVE-2024-51552
Weak password storage vulnerabilities exist in ASPECT if administrator credentials become compromisedThis issue affects ASPECT-Enterprise: through 3.; NEXUS Series: through 3.; MATRIX Series: through 3...
CVE-2024-13928
SQL injection vulnerabilities in ASPECT allow unintended access and manipulation of database repositories if session administrator credentials become compromised. This issue affects ASPECT-Enterprise: through 3.08.03; NEXUS Series: through 3.08.03; MATRIX Series: through 3.08.03...