Malicious code in nikou-node (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d4634b70c99dd84c499d573350a00e86b09e8caaf34786d60b118ce12c64b426 utils/BotClient.js hardcodes a Feishu/Lark appId clia88b12e0b9b51013 and appSecret aBRv7CbiWuL7csrMavfLvc5sMW5B4Ky7 as default constructor values,...

PYSEC-2026-119

OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. In versions 6.6.0 through 6.9.12, there is a privilege escalation vulnerability that can be exploited by unauthenticated attackers to query the API as any existing user, including the default admi...

CVE-2025-64434 KubeVirt Improper TLS Certificate Management Handling Allows API Identity Spoofing

KubeVirt is a virtual machine management add-on for Kubernetes. Prior to 1.5.3 and 1.6.1, due to the peer verification logic in virt-handler via verifyPeerCert, an attacker who compromises a virt-handler instance, could exploit these shared credentials to impersonate virt-api and execute privileg...

CVE-2025-64434

KubeVirt Vulnerability CVE-2025-64434 affects virt-handler’s peer verification (verifyPeerCert). In affected releases prior to 1.5.3 and 1.6.1, a compromised virt-handler could exploit shared credentials to impersonate virt-api and perform privileged operations against other virt-handler instance...

KubeVirt's Improper TLS Certificate Management Handling Allows API Identity Spoofing

Summary Due to improper TLS certificate management, a compromised virt-handler could impersonate virt-api by using its own TLS credentials, allowing it to initiate privileged operations against another virt-handler. Details Give all details on the vulnerability. Pointing to the incriminated sourc...

EUVD-2025-37320

Therefore Corporation GmbH has recently become aware that Therefore™ Online and Therefore™ On-Premises contain an account impersonation vulnerability. A malicious user may potentially be able to impersonate the web service account or the account of a service using the API when connecting to the...

CVE-2025-9708

A vulnerability exists in the Kubernetes C client where the certificate validation logic accepts properly constructed certificates from any Certificate Authority CA without properly verifying the trust chain. This flaw allows a malicious actor to present a forged certificate and potentially...

CVE-2025-9708

A vulnerability exists in the Kubernetes C client where the certificate validation logic accepts properly constructed certificates from any Certificate Authority CA without properly verifying the trust chain. This flaw allows a malicious actor to present a forged certificate and potentially...

CVE-2025-9708

CVE-2025-9708 : The Kubernetes C# client has a flaw where certificate validation accepts forged certificates from any CA without proper trust-chain verification, enabling potential MITM attacks and Kubernetes API impersonation. Documented impact includes interception/manipulation of traffic to th...

PT-2025-38069

Name of the Vulnerable Software and Affected Versions Kubernetes C client versions prior to 17.0.14 Description A flaw exists in the Kubernetes C client's certificate validation logic, allowing it to accept certificates from any Certificate Authority CA without proper trust chain verification. Th...