MAL-2025-5859 Malicious code in @subsplash/auth (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 689eb4db6c52e3ce55d130f22da039b110c816b7a03395db966a87086272fd42 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-6089 Malicious code in fxa-auth-server (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 001dcafa5fa85d6d5358a1a79909f92615e17cae27329f2b1fea9c1cc51d41ca Any computer that has this package installed or running should be considered...

CVE-2025-53668

Jenkins VAddy Plugin 1.2.8 and earlier stores Vaddy API Auth Keys unencrypted in job config.xml files on the Jenkins controller, where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system...

CVE-2025-53669

Jenkins VAddy Plugin 1.2.8 and earlier does not mask Vaddy API Auth Keys displayed on the job configuration form, increasing the potential for attackers to observe and capture them...

Malicious code in preview-server-auth-bounty (npm)

The package communicates with a domain associated with malicious activity...

Malicious code in preview-server-auth-test (npm)

The package communicates with a domain associated with malicious activity...

MAL-2025-5821 Malicious code in preview-server-auth-test (npm)

The package communicates with a domain associated with malicious activity...

Malicious code in preview-server-auth (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 3c061ebafc271130fff7da4c0ba73b6e359b1a785e08a54972432edb83ff6b13 Any computer that has this package installed or running should be considered...

MAL-2025-5820 Malicious code in preview-server-auth (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 3c061ebafc271130fff7da4c0ba73b6e359b1a785e08a54972432edb83ff6b13 Any computer that has this package installed or running should be considered...

GHSA-8GP3-M447-GW2V Jenkins VAddy Plugin vulnerability exposes plaintext keys on its job configuration form

Jenkins VAddy Plugin 1.2.8 and earlier does not mask Vaddy API Auth Keys displayed on the job configuration form, increasing the potential for attackers to observe and capture them...

Jenkins VAddy Plugin vulnerability exposes plaintext keys on its job configuration form

Jenkins VAddy Plugin 1.2.8 and earlier does not mask Vaddy API Auth Keys displayed on the job configuration form, increasing the potential for attackers to observe and capture them...

GHSA-MR49-VMP6-2PWQ Jenkins VAddy Plugin vulnerability exposes unencrypted keys to certain authenticated users

Jenkins VAddy Plugin 1.2.8 and earlier stores Vaddy API Auth Keys unencrypted in job config.xml files on the Jenkins controller, where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system...

Jenkins VAddy Plugin vulnerability exposes unencrypted keys to certain authenticated users

Jenkins VAddy Plugin 1.2.8 and earlier stores Vaddy API Auth Keys unencrypted in job config.xml files on the Jenkins controller, where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system...

CVE-2025-53535

Better Auth is an authentication and authorization library for TypeScript. An open redirect has been found in the originCheck middleware function, which affects the following routes: /verify-email, /reset-password/:token, /delete-user/callback, /magic-link/verify, /oauth-proxy-callback. This...

CVE-2025-53668

Jenkins VAddy Plugin 1.2.8 and earlier stores Vaddy API Auth Keys unencrypted in job config.xml files on the Jenkins controller, where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system...

CVE-2025-53669

Jenkins VAddy Plugin 1.2.8 and earlier does not mask Vaddy API Auth Keys displayed on the job configuration form, increasing the potential for attackers to observe and capture them...

CVE-2025-53669

Jenkins VAddy Plugin 1.2.8 and earlier does not mask Vaddy API Auth Keys displayed on the job configuration form, increasing the potential for attackers to observe and capture them...

CVE-2025-53668

Jenkins VAddy Plugin 1.2.8 and earlier stores Vaddy API Auth Keys unencrypted in job config.xml files on the Jenkins controller, where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system...

CVE-2025-53669

CVE-2025-53669 affects the Jenkins VAddy Plugin (versions 1.2.8 and earlier). The vulnerability arises because Vaddy API Auth Keys are displayed on the job configuration form without masking, enabling potential observers to view or capture them. Impact is exposure of sensitive API keys, as descri...

CVE-2025-53668

The CVE concerns Jenkins VAddy Plugin prior to 1.2.9. The plugin stores Vaddy API Auth Keys unencrypted in job config.xml files on the Jenkins controller, enabling access by users with Item/Extended Read permission or anyone with filesystem access to the controller. The root cause is unencrypted ...