AI-Code-Vulnerability-Scanner

AI-Code-Vulnerability-Scanner The AI Code Vulnerability Scanne...

IBM Turbonomic prometurbo agent elevation of privilege vulnerability

The IBM Turbonomic prometurbo agent is a component in IBM Turbonomic Application Resource Management that is used to manage resource configurations. An elevation of privilege vulnerability exists in IBM Turbonomic prometurbo agent. The vulnerability stems from an excessive cluster-wide permission...

CVE-2026-32891 Anchorr Privilege Escalation: Jellyseerr User → Anchorr Admin via Stored XSS

Anchorr is a Discord bot for requesting movies and TV shows and receiving notifications when items are added to a media server. Versions 1.4.1 and below contain a stored XSS vulnerability in the Jellyseerr user selector. Jellyseerr allows any account holder to execute arbitrary JavaScript in the...

Exploit for CVE-2025-48757

🛡️ Supabase Sentinel A Claude Skill that audits your Supaba...

SUSE CVE-2025-70963

Gophish =0.12.1 is vulnerable to Incorrect Access Control. The administrative dashboard exposes each user's long-lived API key directly inside the rendered HTML/JavaScript of the page on every login. This makes permanent API credentials accessible to any script running in the browser context...

PT-2026-22294

Name of the Vulnerable Software and Affected Versions Unitree Go2 and other models versions affected versions not specified Description The encryption algorithm used to protect firmware updates is encrypted using key material accessible to attackers. This allows unauthorized modification of...

How Security Tool Misuse Is Reshaping Cloud Compromise

Key Takeaways Legitimate secret-scanning tools such as TruffleHog have been operationalized in real-world cloud attack campaigns. Attack progression commonly follows a repeatable sequence: credential discovery, live validation, permission enumeration, and data access. Exposed long-lived access ke...

JavaScript Sensitive Information Disclosure Scanner

This tool performs automated crawling and heuristic scanning of JavaScript files linked within a target website. It identifies exposed secrets such as API keys, access tokens, cloud credentials, private keys, and database passwords that may be unintentionally published within frontend resources. ...

EUVD-2022-33580

Malicious code in bioql PyPI...

CVE-2025-55306 GenX_FX authentication bypass in JWT validation

GenXFX is an advance IA trading platform that will focus on forex trading. A vulnerability was identified in the GenX FX backend where API keys and authentication tokens may be exposed if environment variables are misconfigured. Unauthorized users could gain access to cloud resources Google Cloud...

GenX FX Trading System 安全漏洞

GenX FX Trading System is a trading platform focused on forex trading by KEA MOUYLENG individual developers. A security vulnerability exists in GenX FX Trading System that stems from an improperly configured environment variable that could lead to the disclosure of API keys and authentication...

Reviewdog 安全漏洞

Reviewdog is an open source automated code review tool from Reviewdog. A security vulnerability exists in Reviewdog that stems from malicious code that could leak exposed keys...

CVE-2022-29186

Rundeck is an open source automation service with a web console, command line tools and a WebAPI. Rundeck community and rundeck-enterprise docker images contained a pre-generated SSH keypair. If the idrsa.pub public key of the keypair was copied to authorizedkeys files on remote host, those hosts...

PT-2025-2793 · Autolib Software Systems · Autolib Software Systems Opac

Name of the Vulnerable Software and Affected Versions: AutoLib Software Systems OPAC version 20.10 Description: The issue concerns exposed API keys within the source code. Attackers may use these keys to access the backend API or other sensitive information. Recommendations: For AutoLib Software...

PT-2023-26488 · Tolgee · Tolgee

Name of the Vulnerable Software and Affected Versions: Tolgee versions 3.14.0 through 3.23.1 Description: Tolgee is an open-source localization platform. When a request is made using an API key, the backend fails to verify the permission scopes associated with the key, effectively bypassing...

MAL-2023-481 Malicious code in graphite_remote_adapter (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware dd2aa60f9c1fac3dfab372dff47188b2dc4b3f4d2b874b811d20db7a47faca1a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Indonesian Cybercriminals Exploit AWS for Profitable Crypto Mining Operations

A financially motivated threat actor of Indonesian origin has been observed leveraging Amazon Web Services AWS Elastic Compute Cloud EC2 instances to carry out illicit crypto mining operations. Cloud security company's Permiso P0 Labs, which first detected the group in November 2021, has assigned...

Design/Logic Flaw

Rundeck is an open source automation service with a web console, command line tools and a WebAPI. Rundeck community and rundeck-enterprise docker images contained a pre-generated SSH keypair. If the idrsa.pub public key of the keypair was copied to authorizedkeys files on remote host, those hosts...