GeoIP processor disables SSL certificate validation when downloading databases

Impact The GeoIP processor in Data Prepper was configured to trust all SSL certificates and disable hostname verification when downloading GeoIP databases from HTTP URLs, making downloads vulnerable to man-in-the-middle attacks. The GeoIP processor included a custom SSL implementation that...

EUVD-2021-20413

Malware in sbrugna...

EUVD-2021-20409

Malware in sbrugna...

EUVD-2020-18298

Malware in sbrugna...

EUVD-2018-1291

Malware in sbrugna...

EUVD-2021-20411

Malware in sbrugna...

EUVD-2021-20410

Malware in sbrugna...

EUVD-2021-20406

Malware in sbrugna...

EUVD-2020-26497

Malware in sbrugna...

CVE-2025-9914

The credentials of the users stored in the system's local database can be used for the log in, making it possible for an attacker to gain unauthorized access. This could potentially affect the confidentiality of the application...

CVE-2025-9914

The credentials of the users stored in the system's local database can be used for the log in, making it possible for an attacker to gain unauthorized access. This could potentially affect the confidentiality of the application...

CVE-2025-9914

The credentials of the users stored in the system's local database can be used for the log in, making it possible for an attacker to gain unauthorized access. This could potentially affect the confidentiality of the application...

EUVD-2025-32502

The credentials of the users stored in the system's local database can be used for the log in, making it possible for an attacker to gain unauthorized access. This could potentially affect the confidentiality of the application...

SICK AG Baggage Analytics 安全漏洞

SICK AG Baggage Analytics is a visualization and analysis software for airport tracking systems from SICK AG, Germany. A security vulnerability exists in SICK AG Baggage Analytics that stems from user credentials being stored in a local database, which could lead to unauthorized access...

PT-2025-40871

Name of the Vulnerable Software and Affected Versions The product name cannot be determined. affected versions not specified Description The credentials of users stored in the system’s local database can be used for login, potentially allowing an attacker to gain unauthorized access and compromis...

EUVD-2023-52695

Malicious code in bioql PyPI...

EUVD-2023-46308

Malicious code in bioql PyPI...

EUVD-2025-12381

Malicious code in bioql PyPI...

CVE-2025-57806

Summary: CVE-2025-57806 affects Local Deep Research. Versions 0.2.0–0.6.7 store confidential information, including API keys, in a local SQLite database without encryption. This plaintext storage occurs in the .db file and is accessible to anyone with access to the container or host filesystem. T...

CVE-2025-57806 Local Deep Research's API keys are stored in plain text

Local Deep Research is an AI-powered research assistant for deep, iterative research. Versions 0.2.0 through 0.6.7 stored confidential information, including API keys, in a local SQLite database without encryption. This behavior was not clearly documented outside of the database architecture page...