CVE-2026-33222

NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. Prior to versions 2.11.15 and 2.12.6, users with JetStream admin API access to restore one stream could restore to other stream names, impacting data which should have been protected against them...

CVE-2026-27889

NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. Starting in version 2.2.0 and prior to versions 2.11.14 and 2.12.5, a missing sanity check on a WebSockets frame could trigger a server panic in the nats-server. This happens before authentication, and...

CVE-2025-15574

When connecting to the Solax Cloud MQTT server the username is the "registration number", which is the 10 character string printed on the SolaX Power Pocket device / the QR code on the device. The password is derived from the "registration number" using a proprietary XOR/transposition algorithm...

EUVD-2018-5786

Malware in sbrugna...

EUVD-2022-3493

Malicious code in bioql PyPI...

CVE-2019-10379

Jenkins Google Cloud Messaging Notification Plugin 1.0 and earlier stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system...

CVE-2024-20897

Use of implicit intent for sensitive communication in FCM function in IMS service prior to SMR Jul-2024 Release 1 allows local attackers to get sensitive information...

Citrix EndPoint Management - Reconfigure your Firebase Cloud Messaging (FCM) in CEM console

As permigration guidance, Google is going to deprecate the FCM legacy APIs for HTTP, which is currently used in our Citrix Endpoint Management CEM FCM implementation. The migration deadline is on June 21, 2024. Customers need to migrate the FCM from legacy FCM API to HTTP v1 API. With the release...

PT-2024-21291 · Unknown · Element Android

Name of the Vulnerable Software and Affected Versions: Element Android versions 0.91.0 through 1.6.12 Description: A third-party malicious application installed on the same phone can force Element Android to share files stored under the files directory in the application's private data directory ...

Rescan of Cloud Native Machines in Azure Fails After Credentials Change

Challenge After the Azure Storage account is changed, rescan of Cloud Native Agents e.g., Veeam Agent for Microsoft Windows , Veeam Agent for Linux fails with the error: Warning Failed to connect to Details: Azure REST API error. HTTP code: 403. Azure error: AuthenticationFailed. Full error:...

Malicious code in cloud-message-sdks (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 479df48e71ae41e05b71f56e47a5a0a444e5992d40ed13730baf980dd5d3e7ef Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2022-22302

A clear text storage of sensitive information CWE-312 vulnerability in both FortiGate version 6.4.0 through 6.4.1, 6.2.0 through 6.2.9 and 6.0.0 through 6.0.13 and FortiAuthenticator version 5.5.0 and all versions of 6.1 and 6.0 may allow a local unauthorized party to retrieve the Fortinet privat...

Information disclosure

A clear text storage of sensitive information CWE-312 vulnerability in both FortiGate version 6.4.0 through 6.4.1, 6.2.0 through 6.2.9 and 6.0.0 through 6.0.13 and FortiAuthenticator version 5.5.0 and all versions of 6.1 and 6.0 may allow a local unauthorized party to retrieve the Fortinet privat...

CVE-2022-22302

A clear text storage of sensitive information CWE-312 vulnerability in both FortiGate version 6.4.0 through 6.4.1, 6.2.0 through 6.2.9 and 6.0.0 through 6.0.13 and FortiAuthenticator version 5.5.0 and all versions of 6.1 and 6.0 may allow a local unauthorized party to retrieve the Fortinet privat...

Experts Warn of RambleOn Android Malware Targeting South Korean Journalists

Suspected North Korean nation-state actors targeted a journalist in South Korea with a malware-laced Android app as part of a social engineering campaign. The findings come from South Korea-based non-profit Interlab, which coined the new malware RambleOn. The malicious functionalities include the...

Experts Warn of RambleOn Android Malware Targeting South Korean Journalists

Suspected North Korean nation-state actors targeted a journalist in South Korea with a malware-laced Android app as part of a social engineering campaign. The findings come from South Korea-based non-profit Interlab, which coined the new malware RambleOn. The malicious functionalities include the...

PT-2023-1501 · Fortinet · Fortiauthenticator +2

Name of the Vulnerable Software and Affected Versions: FortiGate versions 6.0.0 through 6.0.13 FortiGate versions 6.2.0 through 6.2.9 FortiGate versions 6.4.0 through 6.4.1 FortiAuthenticator version 5.5.0 FortiAuthenticator versions 6.0 FortiAuthenticator versions 6.1 Description: A clear text...

This Week in Spring - December 6th, 2022

Hi, Spring fans! Welcome to another installment of This Week in Spring! How are you? You know what Ive wanted to do? See my friends on the Spring team in person since the pandemic descended. And, Im overjoyed to relate, Ive just had the privilege of a nice meeting with several of them last night...

Apache Pulsar 输入验证错误漏洞

Apache Pulsar is an Apache Foundation distributed messaging platform for cloud environments that integrates messaging, storage, and lightweight functional computing. The software supports multi-tenancy, persistent storage, multi-room cross-regional data replication, with strong consistency, high...

GHSA-C3R5-VXJ6-62MC Jenkins Google Cloud Messaging Notification Plugin stores credentials in plain text

Jenkins Google Cloud Messaging Notification Plugin 1.0 and earlier stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system...