CVE-2025-68476 KEDA has Arbitrary File Read via Insufficient Path Validation in HashiCorp Vault Service Account Credential

KEDA is a Kubernetes-based Event Driven Autoscaling component. Prior to versions 2.17.3 and 2.18.3, an Arbitrary File Read vulnerability has been identified in KEDA, potentially affecting any KEDA resource that uses TriggerAuthentication to configure HashiCorp Vault authentication. The...

CVE-2025-68476 KEDA has Arbitrary File Read via Insufficient Path Validation in HashiCorp Vault Service Account Credential

KEDA is a Kubernetes-based Event Driven Autoscaling component. Prior to versions 2.17.3 and 2.18.3, an Arbitrary File Read vulnerability has been identified in KEDA, potentially affecting any KEDA resource that uses TriggerAuthentication to configure HashiCorp Vault authentication. The...

PT-2025-50120

Name of the Vulnerable Software and Affected Versions Fortinet FortiSOAR PaaS versions 7.3 through 7.6.2 Fortinet FortiSOAR on-premise versions 7.3 through 7.6.2 Description An unverified password change issue exists that may allow an attacker with existing access to a user account to reset the...

EUVD-2020-28016

Malware in sbrugna...

EUVD-2023-30910

Malicious code in bioql PyPI...

CVE-2023-27126

The AES Key-IV pair used by the TP-Link TAPO C200 camera V3 EU on firmware version 1.1.22 Build 220725 is reused across all cameras. An attacker with physical access to a camera is able to extract and decrypt sensitive data containing the Wifi password and the TP-LINK account credential of the...

CVE-2020-6874

A ZTE product is impacted by the cryptographic issues vulnerability. The encryption algorithm is not properly used, so remote attackers could use this vulnerability for account credential enumeration attack or brute-force attack for password guessing. This affects: ZXIPTV, ZXIPTV-WEB-PV5.09.08.04...

Design/Logic Flaw

A ZTE product is impacted by the cryptographic issues vulnerability. The encryption algorithm is not properly used, so remote attackers could use this vulnerability for account credential enumeration attack or brute-force attack for password guessing. This affects: ZXIPTV, ZXIPTV-WEB-PV5.09.08.04...

CVE-2020-6874

Technical details (affected products, root cause, exact vulnerable component, and fixes) are not publicly provided in the connected documents. Monitor for updates from vendors/authorities.

Threat Outbreak Alert: Fake Account Credential Information Email Messages on May 28, 2014

Medium Alert ID: 34386 First Published: 2014 May 29 13:07 GMT Version: 1 Summary Cisco Security has detected significant activity related to spam email messages that claim to contain account credential information for the recipient. The email message attempts to convince the recipient to open the...

Threat Outbreak Alert: Fake Account Credential Information Email Messages on July 23, 2013

Medium Alert ID: 30182 First Published: 2013 July 23 15:50 GMT Version: 1 Summary Cisco Security has detected significant activity related to spam email messages that claim to contain an account credential information for the recipient. The text in the email message attempts to convince the...