MAL-2026-3953 Malicious code in @antv/g-plugin-svg-picker (npm)

Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...

MAL-2026-4105 Malicious code in @antv/x6-plugin-keyboard (npm)

Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...

EUVD-2020-6193

Malware in sbrugna...

EUVD-2023-41366

Malicious code in bioql PyPI...

CVE-2020-14027

An issue was discovered in Ozeki NG SMS Gateway through 4.17.6. The database connection strings accept custom unsafe arguments, such as ENABLELOCALINFILE, that can be leveraged by attackers to enable MySQL Load Data Local rogue MySQL server attacks...

CVE-2025-24787

CVE-2025-24787 affects WhoDB, where unsafe construction of database connection URIs (string concatenation) can inject parameters into the URI. Attackers can leverage the go-sql-driver/mysql parameter allowAllFiles to trigger LOAD DATA LOCAL INFILE, enabling local-file disclosure on the host runni...

CVE-2024-51399

Altai Technologies Ltd Altai IX500 Indoor 22 802.11ac Wave 2 AP After login, there are file reads in the background, and attackers can obtain sensitive information such as user credentials, system configuration, and database connection strings, which can lead to data breaches and identity theft...

CVE-2024-51399

Altai Technologies Ltd Altai IX500 Indoor 22 802.11ac Wave 2 AP After login, there are file reads in the background, and attackers can obtain sensitive information such as user credentials, system configuration, and database connection strings, which can lead to data breaches and identity theft...

PT-2024-34619 · Altai · Altai Ix500 Indoor 22 802.11Ac Wave 2 Ap

Name of the Vulnerable Software and Affected Versions: Altai IX500 Indoor 22 802.11ac Wave 2 AP affected versions not specified Description: The issue allows attackers to obtain sensitive information such as user credentials, system configuration, and database connection strings after login, due ...

CVE-2024-51399

The CVE-2024-51399 entry concerns Altai IX500 Indoor 22 802.11ac Wave 2 AP. Reported behavior: after login, background file reads can disclose sensitive data (user credentials, system configuration, database connection strings). Documented impact: potential data breach/identity theft. Connected s...

Security Bulletin: IBM Robotic Process Automation is vulnerable to sensitive information disclosure in installation logs (CVE-2023-38733)

Summary IBM Robotic Process Automation server could allow an authenticated user to view sensitive information from installation logs. Authenticated users are able to view database connection strings in the IBM Robotic Process Automation installation logs. Vulnerability Details CVEID:CVE-2023-3873...

ZOHO ManageEngine Remote Access Plus Information Disclosure Vulnerability

ZOHO ManageEngine Remote Access Plus is a remote access solution from ZOHO, Inc. An information disclosure vulnerability exists in ZOHO ManageEngine Remote Access Plus Server prior to version 10.1.2132.6, which stems from a privilege management Improperly managed, the process will start as a...

CVE-2021-42956

Zoho Remote Access Plus Server Windows Desktop Binary fixed in 10.1.2132.6 is affected by a sensitive information disclosure vulnerability. Due to improper privilege management, the process launches as the logged in user, so memory dump can be done by non-admin also. Remotely, an attacker can dum...

Teleport 安全漏洞

Teleport is an identity-aware, multi-protocol access agent from Teleport USA, Inc. Used by engineers and security professionals to unify access to SSH servers, Kubernetes clusters, web applications and databases across all environments.Teleport suffers from a security vulnerability that could be...

CVE-2020-14027

CVE-2020-14027 affects Ozeki NG SMS Gateway up to version 4.17.6, where database connection strings accept custom unsafe arguments (e.g., ENABLE_LOCAL_INFILE). This enables MySQL LOAD DATA LOCAL INFILE attacks via rogue servers. The connected sources confirm the vulnerable component as the databa...

CVE-2020-14027

An issue was discovered in Ozeki NG SMS Gateway through 4.17.6. The database connection strings accept custom unsafe arguments, such as ENABLELOCALINFILE, that can be leveraged by attackers to enable MySQL Load Data Local rogue MySQL server attacks...

Code injection

Topline Opportunity Form aka XLS Opp form before 2015-02-15 does not properly restrict access to database-connection strings, which allows attackers to read the cleartext version of sensitive credential and e-mail address information via unspecified vectors...

CVE-2015-1608

CVE-2015-1608 affects the Topline Opportunity Form (XLS Opp form). The underlying issue is improper access restriction to database-connection strings, allowing an attacker to read cleartext credentials and email addresses via unspecified vectors. Connected sources corroborate the same description...

CVE-2015-1608

Topline Opportunity Form aka XLS Opp form before 2015-02-15 does not properly restrict access to database-connection strings, which allows attackers to read the cleartext version of sensitive credential and e-mail address information via unspecified vectors...