Lucene search
K

6 matches found

OSV
OSV
added 2026/06/15 5:23 p.m.8 views

MAL-2026-5808 Malicious code in surf-lending (npm)

Sibling of [email protected] campaign C2 path /surflending/. Sentinel-9.9.9 dep-confusion squat; preinstall node index.js || true exfils env secrets mnemonic/key/token/blockfrost to raw C2 2.25.140.71:8443/surflending/npm-confusion. c913 + c252. --- -= Per source details. Do not edit below this...

5.4AI score
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/02/04 10:28 p.m.3 views

CVE-2026-22038

AutoGPT is a platform that allows users to create, deploy, and manage continuous artificial intelligence agents that automate complex workflows. Prior to autogpt-platform-beta-v0.6.46, the AutoGPT platform's Stagehand integration blocks log API keys and authentication secrets in plaintext using...

8.1CVSS5.4AI score0.00433EPSS
Exploits1References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2023/02/25 4:38 a.m.3 views

Malicious code in discord.js-lukyy (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 7a156424566c5cc73cdef9a47310dbcfc44cf49533c5560b5fc21e1f1dedfa18 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.9AI score
Exploits0References1
NVD
NVD
added 2022/04/26 6:15 p.m.31 views

CVE-2022-28218

An issue was discovered in CipherMail Webmail Messenger 1.1.1 through 4.1.4. A local attacker could access secret keys found in a Roundcube configuration file that are used to protect Webmail user passwords and two-factor authentication 2FA...

5.5CVSS0.0024EPSS
Exploits0References3
Snyk
Snyk
added 2021/07/14 1:15 p.m.5 views

User Enumeration

Overview Affected versions of this package are vulnerable to User Enumeration. In wolfSSL through 4.6.0, a side-channel vulnerability in base64 PEM file decoding allows system-level administrator attackers to obtain information about secret RSA keys via a controlled-channel and side-channel attac...

4.9CVSS6.6AI score0.01036EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2020/05/11 8:17 p.m.3 views

cxf: OpenId Connect token service does not properly validate the clientId

Apache CXF ships with a OpenId Connect JWK Keys service, which allows a client to obtain the public keys in JWK format, which can then be used to verify the signature of tokens issued by the service. Typically, the service obtains the public key from a local keystore JKS/PKCS12 by specifing the...

7.5CVSS7.3AI score0.0606EPSS
Exploits0References4
Rows per page
Query Builder