Lucene search
K

48 matches found

OSV
OSV
added 2026/06/24 11:4 p.m.7 views

MAL-2026-6432 Malicious code in rstreams-metrics (npm)

The rstreams-metrics npm package was compromised as part of the Miasma worm campaign targeting the LeoPlatform npm ecosystem. On June 24, 2026, 20 LeoPlatform packages were published within a 3-second window by a threat actor who had taken over the npm account czirker belonging to the LeoPlatform...

6.2AI score
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/06/05 7:18 p.m.7 views

CVE-2026-45091

sealed-env is a cross-stack, zero-trust secret management library for Node.js and Java/Spring Boot. In sealed-env enterprise mode, versions 0.1.0-alpha.1 through 0.1.0-alpha.3 embedded the operator's literal TOTP secret in the JWS payload of every minted unseal token. JWS payload is base64-encode...

9.1CVSS5.4AI score0.00326EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2026/05/12 12:0 a.m.11 views

PT-2026-40032

sealed-env is a cross-stack, zero-trust secret management library for Node.js and Java/Spring Boot. In sealed-env enterprise mode, versions 0.1.0-alpha.1 through 0.1.0-alpha.3 embedded the operator's literal TOTP secret in the JWS payload of every minted unseal token. JWS payload is base64-encode...

9.1CVSS5.8AI score0.00326EPSS
Exploits1References2
Fedora
Fedora
added 2026/05/01 1:27 a.m.6 views

[SECURITY] Fedora 42 Update: openbao-2.5.3-1.fc42

Openbao secures, stores, and tightly controls access to tokens, passwords, certificates, API keys, and other secrets in modern computing. Openbao handles leasing, key revocation, key rolling, and auditing. Through a unified API, us ers can access an encrypted Key/Value store and network...

7.5CVSS6.1AI score0.00651EPSS
Exploits1
Fedora
Fedora
added 2026/04/03 5:4 p.m.6 views

[SECURITY] Fedora 42 Update: openbao-2.5.2-1.fc42

Openbao secures, stores, and tightly controls access to tokens, passwords, certificates, API keys, and other secrets in modern computing. Openbao handles leasing, key revocation, key rolling, and auditing. Through a unified API, us ers can access an encrypted Key/Value store and network...

9.6CVSS6.4AI score0.00411EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2026/03/26 3:11 p.m.11 views

CVE-2026-32691

A race condition in the secrets management subsystem of Juju versions 3.0.0 through 3.6.18 allows an authenticated unit agent to claim ownership of a newly initialized secret. Between generating a Juju Secret ID and creating the secret's first revision, an attacker authenticated as another unit...

5.3CVSS5.8AI score0.00233EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2026/03/19 12:42 p.m.7 views

Juju affected by timing ownership claim attack on new external back-end secrets

A race condition in the secrets management subsystem of Juju versions 3.0.0 through 3.6.18 allows an authenticated unit agent to claim ownership of a newly initialized secret. Between generating a Juju Secret ID and creating the secret's first revision, an attacker authenticated as another unit...

5.3CVSS5.8AI score0.00233EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/03/18 12:0 a.m.8 views

PT-2026-26055

A race condition in the secrets management subsystem of Juju versions 3.0.0 through 3.6.18 allows an authenticated unit agent to claim ownership of a newly initialized secret. Between generating a Juju Secret ID and creating the secret's first revision, an attacker authenticated as another unit...

5.3CVSS5.8AI score0.00233EPSS
Exploits0References9
GithubExploit
GithubExploit
added 2026/01/27 6:53 a.m.167 views

Master-Engine-POC---Proprietary-Agentic-AI-Solution

Master Engine POC - Proprietary Agentic AI Solution !Pyth...

5.9AI score
Exploits0
GithubExploit
GithubExploit
added 2026/01/20 6:28 a.m.157 views

security-antipatterns-javascript

Security Anti-Patterns for JavaScript AI coding agents don't...

6AI score
Exploits0
ATTACKERKB
ATTACKERKB
added 2026/01/16 10:12 a.m.2 views

CVE-2025-59870

HCL MyXalytics is affected by improper management of a static JWT signing secret in the web application, where the secret lacks rotation , introducing a security risk...

9.8CVSS5.3AI score0.00236EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2025/12/09 5:42 p.m.3 views

GHSA-MV7P-34FV-4874 Authentication Bypass via Default JWT Secret in NocoBase docker-compose Deployments

Impact CVE-2025-13877 is an authentication bypass vulnerability caused by insecure default JWT key usage in NocoBase Docker deployments. Because the official one-click Docker deployment configuration historically provided a public default JWT key, attackers can forge valid JWT tokens without...

6.3CVSS7.2AI score0.00262EPSS
Exploits0References14
Github Security Blog
Github Security Blog
added 2025/12/09 5:42 p.m.10 views

Authentication Bypass via Default JWT Secret in NocoBase docker-compose Deployments

Impact CVE-2025-13877 is an authentication bypass vulnerability caused by insecure default JWT key usage in NocoBase Docker deployments. Because the official one-click Docker deployment configuration historically provided a public default JWT key, attackers can forge valid JWT tokens without...

6.3CVSS7.3AI score0.00262EPSS
Exploits0References14Affected Software1
Redos
Redos
added 2025/11/28 12:0 a.m.8 views

ROS-20251128-02

A vulnerability in OpenBao's secret management and encryption system is related to the fact that OpenBao's audit logs incorrectly edited fields when the corresponding subsystems sent byte response parameters rather than strings. strings. Exploitation of the vulnerability could allow an attacker...

5.7CVSS6.8AI score0.00299EPSS
Exploits0
Redos
Redos
added 2025/11/25 12:0 a.m.8 views

ROS-20251125-04

A vulnerability in OpenBao's secret management and encryption system is related to the fact that the software stores sensitive information in log files. Exploitation of the vulnerability could allow an attacker acting remotely to gain access to confidential information...

7.5CVSS6.8AI score0.00286EPSS
Exploits0
CVE
CVE
added 2025/11/11 12:15 a.m.30 views

CVE-2025-42890

SAP SQL Anywhere Monitor (Non-GUI) contains hard-coded credentials in its code, affecting version 17.0 and earlier (prior to SAP Note 3666261). This creates risk of unauthorized access and potential arbitrary code execution. Remediation: apply SAP Note 3666261 and rotate related credentials. As a...

10CVSS7.5AI score0.00647EPSS
Exploits0References2
Packet Storm News
Packet Storm News
added 2025/10/21 12:0 a.m.5 views

Evaluating Large Language Models in Detecting Secrets in Android Apps

Mobile apps often embed authentication secrets, such as API keys, tokens, and client IDs, to integrate with cloud services. However, developers often hardcode these credentials into Android apps, exposing them to extraction through reverse engineering. Once compromised, adversaries can exploit...

6.8AI score
Exploits0
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2025-22952

Malicious code in bioql PyPI...

9.8CVSS6.5AI score0.00464EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2022-2051

Malicious code in bioql PyPI...

6.5CVSS6.5AI score0.0137EPSS
Exploits0References6
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2024-2861

Malicious code in bioql PyPI...

8.8CVSS6.4AI score0.00591EPSS
Exploits0References8
Rows per page
Query Builder