11 matches found
PT-2026-38648
Name of the Vulnerable Software and Affected Versions electerm versions 3.x and earlier Description The getConstants IPC handler in src/app/lib/ipc-sync.js serializes the entire process.env object and sends it to the renderer, where it is stored as window.pre.env. This data is accessible to any...
EUVD-2025-16160
Malicious code in bioql PyPI...
CVE-2025-45471
Insecure permissions in measure-cold-start v1.4.1 allows attackers to escalate privileges and compromise the customer cloud account...
CVE-2025-45471
Insecure permissions in measure-cold-start v1.4.1 allows attackers to escalate privileges and compromise the customer cloud account...
CVE-2025-45468
Insecure permissions in fc-stable-diffusion-plus v1.0.18 allows attackers to escalate privileges and compromise the customer cloud account...
CVE-2025-45472
Insecure permissions in autodeploy-layer v1.2.0 allows attackers to escalate privileges and compromise the customer cloud account...
CVE-2025-45472
Insecure permissions in autodeploy-layer v1.2.0 allows attackers to escalate privileges and compromise the customer cloud account...
CVE-2025-45471
Insecure permissions in measure-cold-start v1.4.1 allows attackers to escalate privileges and compromise the customer cloud account...
CVE-2025-45472
The CVE-2025-45472 entry covers insecure permissions in autodeploy-layer v1.2.0, enabling privilege escalation that could compromise the customer cloud account. Multiple sources corroborate that the issue is tied to improper access controls in autodeploy-layer and that it affects at least version...
PT-2025-22511 · Unknown · Autodeploy-Layer
Name of the Vulnerable Software and Affected Versions: autodeploy-layer version 1.2.0 Description: The issue is related to insecure permissions, allowing attackers to escalate privileges and compromise the customer cloud account. Recommendations: For autodeploy-layer version 1.2.0, consider...
Microsoft, Google Clouds Hijacked for Gobs of Phish
Threat actors are cashing in on the rapid shift to cloud-based business services during the pandemic, by hiding behind ubiquitous, trusted services from Microsoft and Google to make their email phishing scams look legit. And it’s working. In fact, in the first three months of 2021 alone,...