308 matches found
Jfrog Artifactory <6.17.0 - Default Admin Password
Jfrog Artifactory prior to 6.17.0 uses default passwords such as "password" for administrative accounts and does not require users to change them. This may allow unauthorized network-based attackers to completely compromise of Jfrog Artifactory. id: CVE-2019-17444 info: name: Jfrog Artifactory...
Malicious Package
Overview @solana-labs/web3.js is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...
Malicious Package
Overview solana-web3-stable is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...
Malicious Package
Overview solana-js-client is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...
Malicious Package
Overview solana-mev-bot is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...
JFrog Artifactory 6.7.3 - Admin Login Bypass
JFrog Artifactory 6.7.3 is vulnerable to an admin login bypass issue because by default the access-admin account is used to reset the password of the admin account. While this is only allowable from a connection directly from localhost, providing an X-Forwarded-For HTTP header to the request allo...
jfrog-cli-2.104.1-1.1 on GA media (moderate)
jfrog-cli-2.104.1-1.1 on GA media Announcement ID: openSUSE-SU-2026:10844-1 Rating: moderate Cross-References: CVE-2025-11579 CVSS scores: CVE-2025-11579 SUSE : 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L CVE-2025-11579 SUSE : 4.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA...
OPENSUSE-SU-2026:10844-1 jfrog-cli-2.104.1-1.1 on GA media
These are all security issues fixed in the jfrog-cli-2.104.1-1.1 package on the GA media of openSUSE Tumbleweed...
Malicious code in zest-product (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c9081ad708b658c1bd56299e401ca6a764cc9137d99573bc922d38a7381cc30d On npm install, postinstall.js collects host identity and environment data os.hostname, username, process.cwd, process.env values, plus shelled-out...
Malicious Package
Overview @kindo/selfbot is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...
CVE-2026-45022 vulnerabilities
Vulnerabilities for packages: k9s-fips, xeol-fips, syft, kaniko, gitea, goreleaser, trufflehog, terragrunt-fips, chainloop-cli-fips, pulumi-language-java, apko-fips, cerbos, flux-source-controller, chainctl-fips, kubescape, gitaly-fips, crossplane, zarf, rancher-fleet, argo-workflows-fips, grype,...
GHSA-389R-GV7P-R3RP vulnerabilities
Vulnerabilities for packages: k9s-fips, xeol-fips, syft, kaniko, gitea, goreleaser, trufflehog, terragrunt-fips, chainloop-cli-fips, pulumi-language-java, apko-fips, cerbos, flux-source-controller, chainctl-fips, kubescape, gitaly-fips, crossplane, zarf, rancher-fleet, argo-workflows-fips, grype,...
[SECURITY] Fedora 44 Update: jfrog-cli-2.98.0-1.fc44
JFrog CLI is a client that provides a simple interface that automates access to the JFrog products...
Fedora 44 : jfrog-cli (2026-6b87863841)
The remote Fedora 44 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-6b87863841 advisory. Upstream release 2.98.0. https://github.com/jfrog/jfrog-cli/releases/tag/v2.98.0 Resolves the following security issues: CVE-2025-11579 CVE-2025-665...
GHSA-HR2V-4R36-88HR vulnerabilities
Vulnerabilities for packages: cloudbeat-fips, helm-exporter-fips, cluster-api-helm-controller-fips, k9s-fips, helm-mapkubeapis, linkerd2-fips, kuma, flux-fips, pluto-fips, nova, kube-arangodb-fips, teleport, consul-k8s-fips, tigera-operator-fips, chartmuseum-fips, helm-docs, flux, chartmuseum,...
CVE-2026-32288 vulnerabilities
Vulnerabilities for packages: k9s-fips, coredns-fips, helm, xeol-fips, prometheus, ipfs-cluster, goreleaser, paranoia, consul-fips, kube-mgmt-fips, crane-fips, apko-fips, falcoctl-fips, falcoctl, buildkite-agent-fips, kubescape, task-fips, rancher-fleet, newrelic-infrastructure-agent-fips,...
GHSA-X4JJ-H2V8-HQQV vulnerabilities
Vulnerabilities for packages: k9s-fips, coredns-fips, helm, xeol-fips, prometheus, ipfs-cluster, goreleaser, paranoia, consul-fips, kube-mgmt-fips, crane-fips, apko-fips, falcoctl-fips, falcoctl, buildkite-agent-fips, kubescape, task-fips, rancher-fleet, newrelic-infrastructure-agent-fips,...
CVE-2026-32283 vulnerabilities
Vulnerabilities for packages: k9s-fips, longhorn-share-manager-fips, terraform-provider-time-fips, coredns-fips, helm, infinispan-operator, crossplane-provider-aws-servicediscovery-fips, litmus-chaos-operator, aws-node-termination-handler, xeol-fips, flux-notification-controller, nri-rabbitmq,...
CVE-2026-33762 vulnerabilities
Vulnerabilities for packages: k9s-fips, xeol-fips, syft, kaniko, gitea, trufflehog, flux-source-controller-fips, pulumi-language-java, apko-fips, cerbos, flux-source-controller, chainctl-fips, kubescape, gitaly-fips, crossplane, zarf, rancher-fleet, argo-workflows-fips, grype,...
GHSA-GM2X-2G9H-CCM8 vulnerabilities
Vulnerabilities for packages: k9s-fips, xeol-fips, syft, kaniko, gitea, trufflehog, flux-source-controller-fips, pulumi-language-java, apko-fips, cerbos, flux-source-controller, chainctl-fips, kubescape, gitaly-fips, crossplane, zarf, rancher-fleet, argo-workflows-fips, grype,...