48 matches found
MAL-2026-6432 Malicious code in rstreams-metrics (npm)
The rstreams-metrics npm package was compromised as part of the Miasma worm campaign targeting the LeoPlatform npm ecosystem. On June 24, 2026, 20 LeoPlatform packages were published within a 3-second window by a threat actor who had taken over the npm account czirker belonging to the LeoPlatform...
CVE-2026-45091
sealed-env is a cross-stack, zero-trust secret management library for Node.js and Java/Spring Boot. In sealed-env enterprise mode, versions 0.1.0-alpha.1 through 0.1.0-alpha.3 embedded the operator's literal TOTP secret in the JWS payload of every minted unseal token. JWS payload is base64-encode...
PT-2026-40032
sealed-env is a cross-stack, zero-trust secret management library for Node.js and Java/Spring Boot. In sealed-env enterprise mode, versions 0.1.0-alpha.1 through 0.1.0-alpha.3 embedded the operator's literal TOTP secret in the JWS payload of every minted unseal token. JWS payload is base64-encode...
[SECURITY] Fedora 42 Update: openbao-2.5.3-1.fc42
Openbao secures, stores, and tightly controls access to tokens, passwords, certificates, API keys, and other secrets in modern computing. Openbao handles leasing, key revocation, key rolling, and auditing. Through a unified API, us ers can access an encrypted Key/Value store and network...
[SECURITY] Fedora 42 Update: openbao-2.5.2-1.fc42
Openbao secures, stores, and tightly controls access to tokens, passwords, certificates, API keys, and other secrets in modern computing. Openbao handles leasing, key revocation, key rolling, and auditing. Through a unified API, us ers can access an encrypted Key/Value store and network...
CVE-2026-32691
A race condition in the secrets management subsystem of Juju versions 3.0.0 through 3.6.18 allows an authenticated unit agent to claim ownership of a newly initialized secret. Between generating a Juju Secret ID and creating the secret's first revision, an attacker authenticated as another unit...
Juju affected by timing ownership claim attack on new external back-end secrets
A race condition in the secrets management subsystem of Juju versions 3.0.0 through 3.6.18 allows an authenticated unit agent to claim ownership of a newly initialized secret. Between generating a Juju Secret ID and creating the secret's first revision, an attacker authenticated as another unit...
PT-2026-26055
A race condition in the secrets management subsystem of Juju versions 3.0.0 through 3.6.18 allows an authenticated unit agent to claim ownership of a newly initialized secret. Between generating a Juju Secret ID and creating the secret's first revision, an attacker authenticated as another unit...
Master-Engine-POC---Proprietary-Agentic-AI-Solution
Master Engine POC - Proprietary Agentic AI Solution !Pyth...
security-antipatterns-javascript
Security Anti-Patterns for JavaScript AI coding agents don't...
CVE-2025-59870
HCL MyXalytics is affected by improper management of a static JWT signing secret in the web application, where the secret lacks rotation , introducing a security risk...
GHSA-MV7P-34FV-4874 Authentication Bypass via Default JWT Secret in NocoBase docker-compose Deployments
Impact CVE-2025-13877 is an authentication bypass vulnerability caused by insecure default JWT key usage in NocoBase Docker deployments. Because the official one-click Docker deployment configuration historically provided a public default JWT key, attackers can forge valid JWT tokens without...
Authentication Bypass via Default JWT Secret in NocoBase docker-compose Deployments
Impact CVE-2025-13877 is an authentication bypass vulnerability caused by insecure default JWT key usage in NocoBase Docker deployments. Because the official one-click Docker deployment configuration historically provided a public default JWT key, attackers can forge valid JWT tokens without...
ROS-20251128-02
A vulnerability in OpenBao's secret management and encryption system is related to the fact that OpenBao's audit logs incorrectly edited fields when the corresponding subsystems sent byte response parameters rather than strings. strings. Exploitation of the vulnerability could allow an attacker...
ROS-20251125-04
A vulnerability in OpenBao's secret management and encryption system is related to the fact that the software stores sensitive information in log files. Exploitation of the vulnerability could allow an attacker acting remotely to gain access to confidential information...
CVE-2025-42890
SAP SQL Anywhere Monitor (Non-GUI) contains hard-coded credentials in its code, affecting version 17.0 and earlier (prior to SAP Note 3666261). This creates risk of unauthorized access and potential arbitrary code execution. Remediation: apply SAP Note 3666261 and rotate related credentials. As a...
Evaluating Large Language Models in Detecting Secrets in Android Apps
Mobile apps often embed authentication secrets, such as API keys, tokens, and client IDs, to integrate with cloud services. However, developers often hardcode these credentials into Android apps, exposing them to extraction through reverse engineering. Once compromised, adversaries can exploit...
EUVD-2025-22952
Malicious code in bioql PyPI...
EUVD-2022-2051
Malicious code in bioql PyPI...
EUVD-2024-2861
Malicious code in bioql PyPI...