Malicious code in prof-qx (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 eb25a7704dc642f82be2ae6a92dcd60cc3235144351fbc18cd11ca96d970c7e3 Package silently exfiltrates user's credentials ahead of starting the promised functionality. First batch used simple code, the newer attempt to hide...

MAL-2025-191822 Malicious code in prof-qx (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 eb25a7704dc642f82be2ae6a92dcd60cc3235144351fbc18cd11ca96d970c7e3 Package silently exfiltrates user's credentials ahead of starting the promised functionality. First batch used simple code, the newer attempt to hide...

CVE-2025-45939

Apwide Golive 10.2.0 Jira plugin allows Server-Side Request Forgery SSRF via the test webhook function...

CVE-2025-45939

Apwide Golive 10.2.0 Jira plugin allows Server-Side Request Forgery SSRF via the test webhook function...

Malicious code in prof-qu (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 9f83d01100c725673d7685ad3e206d71bb2f18d371a452cd2927d1391ec02cf4 Package silently exfiltrates user's credentials ahead of starting the promised functionality. First batch used simple code, the newer attempt to hide...

MAL-2025-191819 Malicious code in prof-qu (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 9f83d01100c725673d7685ad3e206d71bb2f18d371a452cd2927d1391ec02cf4 Package silently exfiltrates user's credentials ahead of starting the promised functionality. First batch used simple code, the newer attempt to hide...

Malicious code in prof-tgqu (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 b09993e94d1dee69b4930936d4673ec5c395ed5e5391d856efaad22326af39b8 Package silently exfiltrates user's credentials ahead of starting the promised functionality. First batch used simple code, the newer attempt to hide...

MAL-2025-191829 Malicious code in prof-tgqu (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 b09993e94d1dee69b4930936d4673ec5c395ed5e5391d856efaad22326af39b8 Package silently exfiltrates user's credentials ahead of starting the promised functionality. First batch used simple code, the newer attempt to hide...

Malicious code in prof-quotex (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 a38d66ab1d2bf34456ae2f07cb9600ea89efa8f16c3a48000b70746e5e950f25 Package silently exfiltrates user's credentials ahead of starting the promised functionality. First batch used simple code, the newer attempt to hide...

MAL-2025-191820 Malicious code in prof-quotex (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 a38d66ab1d2bf34456ae2f07cb9600ea89efa8f16c3a48000b70746e5e950f25 Package silently exfiltrates user's credentials ahead of starting the promised functionality. First batch used simple code, the newer attempt to hide...

Apwide Golive 安全漏洞

Apwide Golive is a test environment management plugin from Apwide Golive, Switzerland. A security vulnerability exists in Apwide Golive version 10.2.0, which stems from an unauthenticated test webhook function that could lead to server-side request forgery...

CVE-2025-45939

Apwide Golive 10.2.0 Jira plugin allows Server-Side Request Forgery SSRF via the test webhook function...

PT-2025-30819 · WordPress · Apwide Golive Jira Plugin

Name of the Vulnerable Software and Affected Versions: Apwide Golive Jira plugin version 10.2.0 Description: The Apwide Golive Jira plugin contains a Server-Side Request Forgery SSRF issue. This issue is related to the test webhook function, which allows for potential exploitation through...

CVE-2025-45939

CVE-2025-45939 affects Apwide Golive Jira plugin version 10.2.0. The issue is a Server-Side Request Forgery (SSRF) exposed via the plugin’s test webhook function. No exploitation details are provided beyond this SSRF description; impact is described as limited to low confidentiality, integrity, a...

GHSA-F24X-RM6G-3W5V Directus tokens are not redacted in flow logs, exposing session credentials to all admin

Summary When using Directus Flows with the WebHook trigger, all incoming request details are logged including security sensitive data like access and refresh tokens in cookies. Impact Malicious admins with access to the logs can hijack the user sessions within the token expiration time of them...

Directus tokens are not redacted in flow logs, exposing session credentials to all admin

Summary When using Directus Flows with the WebHook trigger, all incoming request details are logged including security sensitive data like access and refresh tokens in cookies. Impact Malicious admins with access to the logs can hijack the user sessions within the token expiration time of them...

Directus 安全漏洞

Directus is a real-time Api and application dashboard open-sourced by Directus. It is used to manage Sql database content. A security vulnerability exists in Directus versions prior to 9.0.0 through 11.9.0, which stems from WebHook triggering the logging of sensitive data, which could lead to...

CVE-2025-53548

Clerk helps developers build user management. Applications that use the verifyWebhook helper to verify incoming Clerk webhooks are susceptible to accepting improperly signed webhook events. The issue was resolved in @clerk/backend 2.4.0...

CBL Mariner 2.0 Security Update: nodejs / nodejs18 (CVE-2025-47279)

The version of nodejs / nodejs18 installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-47279 advisory. - Undici is an HTTP/1.1 client for Node.js. Prior to versions 5.29.0, 6.21.2, and 7.5.0, applicatio...

Improper Verification Of Cryptographic Signature

Clerk is vulnerable to improper verification of cryptographic signature. The vulnerability is due to the use of the verifyWebhook helper, which may accept improperly signed webhook events, allowing an attacker to forge webhook requests and potentially trigger unauthorized actions...