48 matches found
Sliver 访问控制错误漏洞
Sliver is an open source cross-platform adversary simulation/red teaming framework from Bishop Fox Open Source. It can be used by organizations of all sizes to perform security testing. An Access Control Error vulnerability exists in Sliver versions 1.5.43 and earlier and 1.6.0-dev, which stems...
EUVD-2025-18918
Malicious code in bioql PyPI...
CVE-2025-52464
Meshtastic versions 2.5.0–2.6.10 expose a vulnerability where flashing procedures can duplicate public/private keys and the RNG may have low entropy, allowing an attacker to decrypt Direct Messages after collecting compromised keys. This is caused by key generation timing and insufficient randomn...
GHSA-88M4-H43F-WX84 PMD Designer's release key passphrase (GPG) available on Maven Central in cleartext
Summary While rebuilding PMD Designer for Reproducible Builds and digging into issues, I found out that passphrase for gpg.keyname=0xD0BF1D737C9A1C22 is included in jar published to Maven Central. Details See...
CVE-2025-23215 PMD Designer's release key passphrase (GPG) available on Maven Central in cleartext
PMD is an extensible multilanguage static code analyzer. The passphrase for the PMD and PMD Designer release signing keys are included in jar published to Maven Central. The private key itself is not known to have been compromised itself, but given its passphrase is, it must also be considered...
MAL-2024-11061 Malicious code in operation-server-sdk (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 562d8b7d5fca6f14e6a57f77567f7fbb054ae76c5e77c760fc622107d046bd88 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2024-10261 Malicious code in gerhtreger (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f134193ba18cdd700a042bf6b6fca2d3b9475dea7731883fdce08b9d816eb25f Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2024-8550 Malicious code in @diotoborg/quasi-repellat-odit (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 1e404eef6420a54f7620b1f82b3e568c6b8b1c8918adb8d51bcd98d6f5616108 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2024-8558 Malicious code in @diotoborg/quia-harum (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 36e96c5096009919782abeb8222b712a4cd7bc67592838577c9bdfb7fc4abd83 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2024-7435 Malicious code in carousal (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 5390d19342c9cb8e78126b1968ed21b16cab8b998018d119687a7d27e9cde72b Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2024-1371 Malicious code in @ozon-ob-foundation/communication (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware fbd79919619acaea0f1d0de932d737a71b7ac5c27049e11483522540d39daed7 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2024-881 Malicious code in wlwz-2312-7900 (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 878aeb82a49d804368d247c215e6c7558f6dd72355c907d30d144233ef77b4de Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2024-758 Malicious code in wlwz-2312-6503 (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 518158065fb626a78989199a0bc534e485c204e384cc53811772372960d0028d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2024-665 Malicious code in wlwz-2312-5500 (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware c85949273c1645637458b52979f1f1f07fe1d80347e5df1e9c5021e5c58b51e8 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2024-699 Malicious code in wlwz-2312-5807 (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware e2f6e66b8de5f26a3b626c09ca71dca9a4caf0faacdba0c61a0fd28848275e94 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2024-483 Malicious code in wlwz-2312-3407 (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 289b4cc309df0a8780d6a52907756eda6d717dd2e981b91da12a7ca30eea2148 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2024-274 Malicious code in wlwz-2312-1105 (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 3614b7b169e1e8eba02b43c7e618461936e5304642f43fc54461a415d2c3459c Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2023-8505 Malicious code in @tpgroup/tpg-icon-inventory (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 8cacf2bbe7dd64c7907b4bd3e3bf524d701e8c930d3aa540683dad15d74fdd15 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2023-8335 Malicious code in agen-sbobet-judi-bola-online-terpercaya-paling-lengkap (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 9a4f992569321418e44d0198225fca97602cc4663908efad4fc4772d1ef27ed7 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2023-434 Malicious code in fca_ivan (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 0761e4cb4957c3cdb2da290303672b71412107a385cb36c4de428110178428ac Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...