Electerm 安全漏洞

Electerm is a SSH/SFTP client developed by ZXDong262 of China, based on Electron. Versions of Electerm prior to 3.9.5 contained security vulnerabilities. These vulnerabilities stemmed from the use of a fixed-zero IV, a constant KDF salt, and no MAC generation in the deterministic AES-192-CBC...

VMware Spring Cloud Config 安全漏洞

VMware Spring Cloud Config is a configuration management solution for distributed systems developed by VMware, Inc. This product provides server and client support for external configurations in distributed systems. There is a security vulnerability in VMware Spring Cloud Config, which stems from...

Malicious code in summerfi-eslint-config-security-notice (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 5d85a7d05234e5c23b0307b2212be7cfec13e9b8a135ffd9faa1bbf24cce1bb7 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

EUVD-2025-34526

Malicious code in summerfi-typescript-config-security-notice npm...

Malicious Package

Overview summerfi-eslint-config-security-notice is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization...

CVE-2025-31725

Jenkins monitor-remote-job Plugin 1.0 stores passwords unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Extended Read permission, or access to the Jenkins controller file system...

CVE-2025-25975

CVE-2025-25975 affects the JavaScript library parse-git-config v3.0.0. The issue is information disclosure caused by improper handling of key expansion in the expandKeys function, leading to potential leakage of sensitive data. Multiple sources (including Veracode and Red Hat advisories) describe...

CVE-2023-30859 Spigot Command Exploit in Triton

Triton is a Minecraft plugin for Spigot and BungeeCord that helps you translate your Minecraft server. The CustomPayload packet allows you to execute commands on the spigot/bukkit console. When you enable bungee mode in the config it will enable the bungee bridge and the server will begin to...

CVE-2021-21396 Bulk list client endpoint exposes too much metadata about a client

wire-server is an open-source back end for Wire, a secure collaboration platform. In wire-server from version 2021-02-16 and before version 2021-03-02, the client metadata of all users was exposed in the GET /users/list-clients endpoint. The endpoint could be used by any logged in user who could...