2009 matches found
EUVD-2023-33533
Malicious code in bioql PyPI...
EUVD-2022-2540
Malicious code in bioql PyPI...
EUVD-2025-19671
Malicious code in bioql PyPI...
CVE-2013-10070
PHP-Charts v1.0 contains a PHP code execution vulnerability in wizard/url.php, where user-supplied GET parameter names are passed directly to eval without sanitization. A remote attacker can exploit this flaw by crafting a request that injects arbitrary PHP code, resulting in command execution...
CVE-2025-5731
A flaw was found in Infinispan CLI. A sensitive password, decoded from a Base64-encoded Kubernetes secret, is processed in plaintext and included in a command string that may expose the data in an error message when a command is not found...
CVE-2025-5731 Infinispan: credential leakage in infinispan cli
A flaw was found in Infinispan CLI. A sensitive password, decoded from a Base64-encoded Kubernetes secret, is processed in plaintext and included in a command string that may expose the data in an error message when a command is not found...
CVE-2025-5731
Summary: CVE-2025-5731 affects the Infinispan CLI, where a credential decoded from a Kubernetes secret is handled in plaintext and can appear in a command string, potentially leaking data in an error message when a command is not found. Root cause: insecure processing/embedding of the decoded sec...
PT-2025-26223
Name of the Vulnerable Software and Affected Versions RabbitMQ versions 3.13.7 and prior Description The issue concerns RabbitMQ logging authorization headers in plaintext, encoded in base64, when queried with HTTP/s and basic authentication. This results in logs containing all request headers,...
CVE-2022-29039
Jenkins Gerrit Trigger Plugin 2.35.2 and earlier does not escape the name and description of Base64 Encoded String parameters on views displaying parameters, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...
CVE-2019-15805
CommScope ARRIS TR4400 devices with firmware through A1.00.004-180301 are vulnerable to an authentication bypass to the administrative interface because they include the current base64 encoded password within http://192.168.1.1/login.html. Any user connected to the Wi-Fi can exploit this...
JetBrains TeamCity Log Information Disclosure Vulnerability
JetBrains TeamCity is a set of distributed build management and continuous integration tools from the Czech company JetBrains. The tool provides continuous unit testing, code quality analysis and build problem analysis reports and other features. JetBrains TeamCity suffers from a log information...
CVE-2025-46432
In JetBrains TeamCity before 2025.03.1 base64-encoded credentials could be exposed in build logs...
CVE-2025-46432
CVE-2025-46432 affects JetBrains TeamCity prior to 2025.03.1, where base64-encoded credentials could be exposed in build logs. The vulnerability is described across multiple sources (NVD entry, Red Hat, CNVD/CNNVD mirrors, Tenable Nessus plugin, PT-SECURITY advisory) with an impact on confidentia...
Multi-Stage Malware Attack Uses .JSE and PowerShell to Deploy Agent Tesla and XLoader
A new multi-stage attack has been observed delivering malware families like Agent Tesla variants, Remcos RAT, and XLoader. "Attackers increasingly rely on such complex delivery mechanisms to evade detection, bypass traditional sandboxes, and ensure successful payload delivery and execution," Palo...
CVE-2024-49706
Internet Starter, one of SoftCOM iKSORIS system modules, is vulnerable to Open Redirect attacks by including base64 encoded URLs in the target parameter sent in a POST request to one of the endpoints. This vulnerability has been patched in version 79.0...
CVE-2024-49706
Internet Starter, one of SoftCOM iKSORIS system modules, is vulnerable to Open Redirect attacks by including base64 encoded URLs in the target parameter sent in a POST request to one of the endpoints. This vulnerability has been patched in version 79.0...
CVE-2024-49706
The CVE-2024-49706 entry concerns Internet Starter, a module of the SoftCOM iKSORIS system. The vulnerability is an Open Redirect caused by including base64-encoded URLs in the target parameter of a POST request to a specific endpoint. The underlying component exposed to this issue is the handlin...
CVE-2024-49706 XSS in iKSORIS
Internet Starter, one of SoftCOM iKSORIS system modules, is vulnerable to Open Redirect attacks by including base64 encoded URLs in the target parameter sent in a POST request to one of the endpoints. This vulnerability has been patched in version 79.0...
JetBrains TeamCity Information Disclosure Vulnerability
JetBrains TeamCity is a powerful continuous integration and continuous delivery CI/CD tool developed by JetBrains. JetBrains TeamCity suffers from an information disclosure vulnerability that stems from base64 encoded passwords being exposed in build logs. An attacker can exploit the vulnerabilit...
CVE-2025-31139
In JetBrains TeamCity before 2025.03 base64 encoded password could be exposed in build log...