EUVD-2025-14756

Malicious code in bioql PyPI...

ROS-20250630-07

A vulnerability in HashiCorp's Vault and Vault Enterprise enterprise information archiving platforms was related to incorrect validation of an assertion in an Azure-issued token, leading to a potential circumvention of the boundlocations parameter at login. Exploitation of the vulnerability could...

Improper Authentication Bypass

github.com/hashicorp/vault is vulnerable to improper authentication bypass. The vulnerability is due to the Azure Auth method not correctly validating claims in Azure-issued tokens, allowing potential bypass of the boundlocations parameter on login...

HashiCorp Vault Enterprise和HashiCorp Vault Community 安全漏洞

HashiCorp Vault Enterprise and HashiCorp Vault Community are both products of HashiCorp, Inc. of the U.S. HashiCorp Vault Enterprise is an enterprise information archiving platform.HashiCorp Vault Community is a key management engine. HashiCorp Vault Community is a key management engine used to...

CVE-2025-31484 conda-forge infrastructure uses a bad token for Azure's cf-staging access

conda-forge infrastructure holds common configurations and settings for key pieces of the conda-forge infrastructure. Between 2025-02-10 and 2025-04-01, conda-forge infrastructure used the wrong token for Azure's cf-staging access. This bug meant that any feedstock maintainer could upload a packa...

CVE-2025-31484

CVE-2025-31484 affects the conda-forge infrastructure. Between 2025-02-10 and 2025-04-01, the infrastructure used the wrong Azure cf-staging access token, allowing any feedstock maintainer to upload a package to the conda-forge channel and bypass the standard feedstock-token + upload process. The...

PT-2025-14560 · Unknown · Conda-Forge

Name of the Vulnerable Software and Affected Versions: conda-forge infrastructure affected versions not specified Description: A bug in the conda-forge infrastructure allowed any feedstock maintainer to upload a package to the conda-forge channel, bypassing the feedstock-token + upload process,...

CVE-2025-25953

Serosoft Solutions Pvt Ltd Academia Student Information System SIS EagleR v1.0.118 was discovered to contain an Azure JWT access token exposure. This vulnerability allows authenticated attackers to escalate privileges and access sensitive information...

PT-2025-9243

Name of the Vulnerable Software and Affected Versions Serosoft Solutions Pvt Ltd Academia Student Information System SIS EagleR version 1.0.118 Description The issue concerns an Azure JWT access token exposure, allowing authenticated attackers to escalate privileges and access sensitive...

Sensitive Information Disclosure

snowflakeconnectorpython is vulnerable to Sensitive Information Disclosure. The vulnerability is due to the Connector logging Duo passcodes and Azure SAS tokens when the logging level is set to DEBUG, and bugs in the SecretDetector logging formatter that failed to fully redact JWT tokens and...