Lucene search
K

32 matches found

OSV
OSV
added 2026/06/15 3:9 p.m.9 views

MAL-2026-5784 Malicious code in vaults-monitor-cron (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b81c6b9e59e86c40858cb47e91d597b3776fea71def7feb3ca11833625fa3923 On npm install, the package's preinstall hook node postinstall.js || true executes automatically. The script collects hostname, username, and current...

5.4AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/15 3:9 p.m.12 views

Malicious code in hemi-supply-cron (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c41be27601d38eb5c0b527a9ec22b7516734e8eae985a2607ae6d70878f5f1d9 package.json declares a preinstall hook node postinstall.js that fires automatically on npm install. The script collects host identity os.hostname,...

5.3AI score
Exploits0References1
Snyk
Snyk
added 2026/06/06 9:0 p.m.10 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Shai-Hulud / Miasma software supply chain campaign, a large scale operation that has affected numerous packages across open source ecosystems. The malicio...

9.8CVSS5.7AI score
Exploits0References2
Snyk
Snyk
added 2026/06/06 9:0 p.m.9 views

Embedded Malicious Code

Overview @jagreehal/workflow is a Typed async workflows with automatic error inference. Build type-safe workflows with Result types, step caching, resume state, and human-in-the-loop support. Affected versions of this package are vulnerable to Embedded Malicious Code containing a malicious...

9.8CVSS5.6AI score
Exploits0References2
Snyk
Snyk
added 2026/06/06 9:0 p.m.7 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code containing a malicious binding.gyp file that drops and runs a self-propagating cloud secret stealer. The malicious code attempts to exfiltrate AWS, GCP, Azure, Vault, and Kubernetes credentials, as well as npm an...

9.8CVSS5.6AI score
Exploits0References2
Snyk
Snyk
added 2026/05/18 9:0 p.m.7 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a credential-stealing payload and worm propagation logic. A malicious actor associated with the "TeamPCP" or "Mini Shai-Hulud" campaign compromised a maintainer's access token; this allowed the...

9.8CVSS5.9AI score
Exploits0References2
EUVD
EUVD
added 2026/05/17 12:11 p.m.13 views

EUVD-2018-21853

GitBucket 4.23.1 contains an unauthenticated remote code execution vulnerability that allows attackers to execute arbitrary commands by exploiting weak secret token generation and insecure file upload functionality. Attackers can brute-force the Blowfish encryption key, upload a malicious JAR...

9.8CVSS6.6AI score0.00589EPSS
Exploits1References4
Cvelist
Cvelist
added 2026/02/19 3:55 p.m.21 views

CVE-2026-26016 Pterodactyl Panel Allows Cross-Node Server Configuration Disclosure via Remote API Missing Authorization

Wings is the server control plane for Pterodactyl, a free, open-source game server management panel. Prior to version 1.12.1, a missing authorization check in multiple controllers allows any user with access to a node secret token to fetch information about any server on a Pterodactyl instance,...

9.2CVSS0.00316EPSS
Exploits0References2
OSV
OSV
added 2026/02/19 3:55 p.m.6 views

CVE-2026-26016 Pterodactyl Panel Allows Cross-Node Server Configuration Disclosure via Remote API Missing Authorization

Wings is the server control plane for Pterodactyl, a free, open-source game server management panel. Prior to version 1.12.1, a missing authorization check in multiple controllers allows any user with access to a node secret token to fetch information about any server on a Pterodactyl instance,...

9.2CVSS5.7AI score0.00316EPSS
Exploits0References4
Veracode
Veracode
added 2025/12/13 4:20 a.m.7 views

Sensitive Information Exposure

Jenkins ByteGuard Build Actions Plugin is vulnerable to Sensitive Information Exposure. The vulnerability is due to storing API tokens in plaintext within job config.xml files, where the plugin does not encrypt or otherwise protect secret values, and allows attackers with Item/Extended Read...

4.3CVSS6.4AI score0.00158EPSS
Exploits0References3Affected Software1
Snyk
Snyk
added 2025/11/24 4:24 p.m.2 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Sha1-hulud supply chain attack, and its content was removed from the official package manager. The malware functions as a self-replicating worm capable of...

9.8CVSS6.8AI score
Exploits0References3
CNNVD
CNNVD
added 2025/10/29 12:0 a.m.7 views

Jenkins plugin ByteGuard Build Actions 安全漏洞

Jenkins and Jenkins plugin are both Jenkins open source products.Jenkins is an application software. An open source automation server Jenkins provides hundreds of plugins to support building, deploying and automating any project.Jenkins plugin is an application software plugin. A security...

4.3CVSS6.3AI score0.00158EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2013-3645

Malware in sbrugna...

10CVSS6.4AI score0.01366EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2013-5545

Malware in sbrugna...

6.8CVSS6.4AI score0.00698EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2025-28218

Malicious code in bioql PyPI...

8.2CVSS6.3AI score0.00262EPSS
Exploits0References3
OSV
OSV
added 2025/05/27 3:15 p.m.2 views

UBUNTU-CVE-2025-48383

Django-Select2 is a Django integration for Select2. Prior to version 8.4.1, instances of HeavySelect2Mixin subclasses like the ModelSelect2MultipleWidget and ModelSelect2Widget can leak secret access tokens across requests. This can allow users to access restricted query sets and restricted data...

8.2CVSS5.7AI score0.00262EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/05/22 10:7 p.m.7 views

CVE-2022-3902

An issue has been discovered in GitLab affecting all versions starting from 9.3 before 15.4.6, all versions starting from 15.5 before 15.5.5, all versions starting from 15.6 before 15.6.1. It was possible for a project maintainer to unmask webhook secret tokens by reviewing the logs after testing...

6.4CVSS6.4AI score0.00719EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 11:24 a.m.9 views

CVE-2013-5708

Coursemill Learning Management System LMS 6.8 constructs secret tokens based on time values, which makes it easier for remote attackers to conduct cross-site request forgery CSRF attacks via vectors related to cookies, a different vulnerability than CVE-2013-3605...

6.8CVSS7AI score0.00698EPSS
Exploits0References1
Veracode
Veracode
added 2025/03/13 6:5 a.m.12 views

Insertion Of Sensitive Information Into Log File

github.com/hashicorp/nomad is vulnerable to Insertion of Sensitive Information into Log File. The vulnerability is due to improper logging practices due to workload identity and client secret tokens being recorded in audit logs...

6.5CVSS6.6AI score0.00449EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2024/03/06 11:13 a.m.15 views

BIT-GITLAB-2022-3902

An issue has been discovered in GitLab affecting all versions starting from 9.3 before 15.4.6, all versions starting from 15.5 before 15.5.5, all versions starting from 15.6 before 15.6.1. It was possible for a project maintainer to unmask webhook secret tokens by reviewing the logs after testing...

6.4CVSS5.7AI score0.00719EPSS
Exploits1References4
Rows per page
Query Builder