119 matches found
CVE-2026-58167 Nightingale < 9.0.0-beta.2 - Datasource Credential Disclosure to Low-Privilege Users
Nightingale n9e before 9.0.0-beta.2 exposes full datasource configurations, including plaintext database passwords, HTTP bearer tokens, HTTP basic-auth passwords, and mTLS client keys, to any authenticated low-privilege Standard role user through POST /api/n9e/datasource/list. The route is...
CVE-2026-58167
Nightingale (n9e) prior to 9.0.0-beta.2 exposes full datasource configurations (plaintext DB passwords, HTTP Bearer tokens, HTTP Basic passwords, and mTLS keys) via POST /api/n9e/datasource/list to any authenticated low-privilege user. The route lacks an admin gate and the DatasourceFilter does n...
Malicious code in annual_nightingale_z3n (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f38759cab2230b3d7234206e9e3e2528fc1a566e7a09bb58309bf52e9b0dc5d6 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
EUVD-2025-102465
Malicious code in rivalnightingalez3n npm...
EUVD-2025-99257
Malicious code in equivalentnightingalez3n npm...
EUVD-2025-98456
Malicious code in gorgeousnightingalez3n npm...
EUVD-2025-101606
Malicious code in torynightingalez3n npm...
Malicious code in okay_nightingale_z3n (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 81efedfbe822520db1c665334805d3d588e6978cc7f7c5cb06fe0dc6570b871f This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in devoted_nightingale_z3n (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 34bd1457b9198fd9534531af47295178875622f2057395fd5fe6f3c1d30f051d This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
EUVD-2025-105919
Malicious code in devotednightingalez3n npm...
EUVD-2025-89455
Malicious code in preliminarynightingalez3n npm...
EUVD-2025-89420
Malicious code in prominentnightingalez3n npm...
EUVD-2025-74823
Malicious code in closenightingalesilver-47 npm...
EUVD-2025-74497
Malicious code in legitimatenightingaleivory-43 npm...
EUVD-2025-74615
Malicious code in genuinenightingalerose-2 npm...
EUVD-2025-74405
Malicious code in oldnightingalelime-46 npm...
Malicious code in close_nightingale_silver-47 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 98357f0516f099e15e38f794c4f16c8aeecd72fcd5bf66cf420ea306f207436c This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
EUVD-2025-77224
Malicious code in cooingnightingale-apptea npm...
EUVD-2025-74969
Malicious code in awkwardnightingale-notthedev npm...
EUVD-2025-76220
Malicious code in narrownightingale-teagooddev npm...