24 matches found
EUVD-2020-25315
Malware in sbrugna...
EUVD-2025-21563
Malicious code in bioql PyPI...
EUVD-2025-21550
Malicious code in bioql PyPI...
CVE-2025-49828
Conjur provides secrets management and application identity for infrastructure. Conjur OSS versions 1.19.5 through 1.21.1 and Secrets Manager, Self-Hosted formerly known as Conjur Enterprise 13.1 through 13.4.1 are vulnerable to remote code execution An authenticated attacker who can inject secre...
CVE-2025-49831 Conjur OSS and Secrets Manager, Self-Hosted (formerly Conjur Enterprise) vulnerable to IAM Authenticator Bypass via Mis-configured Network Device
An attacker of Secrets Manager, Self-Hosted installations that route traffic from Secrets Manager to AWS through a misconfigured network device can reroute authentication requests to a malicious server under the attacker’s control. CyberArk believes there to be very few installations where this...
CVE-2025-49831 Conjur OSS and Secrets Manager, Self-Hosted (formerly Conjur Enterprise) vulnerable to IAM Authenticator Bypass via Mis-configured Network Device
An attacker of Secrets Manager, Self-Hosted installations that route traffic from Secrets Manager to AWS through a misconfigured network device can reroute authentication requests to a malicious server under the attacker’s control. CyberArk believes there to be very few installations where this...
CVE-2025-49831
CVE-2025-49831 affects CyberArk Secrets Manager Self-Hosted and Conjur OSS, with a bypass of IAM authenticator possible when traffic from Secrets Manager to AWS is routed through a misconfigured network device. Affected versions include Secrets Manager Self-Hosted before 13.5.1/13.6.1 and Conjur ...
CVE-2025-49830 Conjur OSS and Secrets Manager, Self-Hosted (formerly Conjur Enterprise) vulnerable to path traversal and file disclosure
Conjur provides secrets management and application identity for infrastructure. An authenticated attacker who is able to load policy can use the policy yaml parser to reference files on the Secrets Manager, Self-Hosted server. These references may be used as reconnaissance to better understand th...
CVE-2025-49830
Conjur OSS and Secrets Manager, Self-Hosted (formerly Conjur Enterprise) are affected by CVE-2025-49830 due to a policy YAML parser that can reference server files, enabling information disclosure. Affected versions: Secrets Manager, Self-Hosted prior to 13.5.1 and 13.6.1; Conjur OSS prior to 1.2...
CVE-2025-49829 Conjur OSS and Secrets Manager, Self-Hosted (formerly Conjur Enterprise) missing validations
Conjur provides secrets management and application identity for infrastructure. Missing validations in Secrets Manager, Self-Hosted allows authenticated attackers to inject resources into the database and to bypass permission checks. This issue affects Secrets Manager, Self-Hosted formerly Conjur...
CVE-2025-49829 Conjur OSS and Secrets Manager, Self-Hosted (formerly Conjur Enterprise) missing validations
Conjur provides secrets management and application identity for infrastructure. Missing validations in Secrets Manager, Self-Hosted allows authenticated attackers to inject resources into the database and to bypass permission checks. This issue affects Secrets Manager, Self-Hosted formerly Conjur...
CVE-2025-49829
CVE-2025-49829 affects CyberArk Conjur: OSS prior to 1.22.1 and Secrets Manager, Self-Hosted prior to 13.5.1/13.6.1. Root cause is missing validations in Secrets Manager, Self-Hosted allowing authenticated attackers to inject resources into the database and bypass permission checks. Impacts inclu...
CVE-2025-49828 Conjur OSS and Secrets Manager, Self-Hosted (formerly Conjur Enterprise) Vulnerable to Remote Code Execution
Conjur provides secrets management and application identity for infrastructure. Conjur OSS versions 1.19.5 through 1.21.1 and Secrets Manager, Self-Hosted formerly known as Conjur Enterprise 13.1 through 13.4.1 are vulnerable to remote code execution An authenticated attacker who can inject secre...
CVE-2025-49828 Conjur OSS and Secrets Manager, Self-Hosted (formerly Conjur Enterprise) Vulnerable to Remote Code Execution
Conjur provides secrets management and application identity for infrastructure. Conjur OSS versions 1.19.5 through 1.21.1 and Secrets Manager, Self-Hosted formerly known as Conjur Enterprise 13.1 through 13.4.1 are vulnerable to remote code execution An authenticated attacker who can inject secre...
CVE-2025-49827 Conjur OSS and Secrets Manager, Self-Hosted (formerly Conjur Enterprise) Vulnerable to Bypass of IAM Authenticator
Conjur provides secrets management and application identity for infrastructure. Conjur OSS versions 1.19.5 through 1.22.0 and Secrets Manager, Self-Hosted formerly known as Conjur Enterprise 13.1 through 13.5 and 13.6 are vulnerable to bypass of the IAM authenticator. An attacker who can manipula...
CVE-2025-49827 Conjur OSS and Secrets Manager, Self-Hosted (formerly Conjur Enterprise) Vulnerable to Bypass of IAM Authenticator
Conjur provides secrets management and application identity for infrastructure. Conjur OSS versions 1.19.5 through 1.22.0 and Secrets Manager, Self-Hosted formerly known as Conjur Enterprise 13.1 through 13.5 and 13.6 are vulnerable to bypass of the IAM authenticator. An attacker who can manipula...
PT-2025-29612
Name of the Vulnerable Software and Affected Versions Conjur OSS versions 1.19.5 through 1.22.0 Secrets Manager, Self-Hosted versions 13.1 through 13.6 Description Conjur provides secrets management and application identity for infrastructure. A malformed regular expression allows an attacker...
PT-2025-29673 · Cyberark · Secrets Manager +1
Name of the Vulnerable Software and Affected Versions: CyberArk Secrets Manager, Self-Hosted versions prior to 13.5.1 and 13.6.1 Conjur OSS versions prior to 1.22.1 Description: An attacker with access to a misconfigured network device routing traffic from Secrets Manager to AWS can redirect...
PT-2025-29613 · Cyberark · Secrets Manager +1
Name of the Vulnerable Software and Affected Versions: Conjur OSS versions 1.19.5 through 1.21.1 Secrets Manager, Self-Hosted versions 13.1 through 13.4.1 Description: Conjur provides secrets management and application identity for infrastructure. An authenticated attacker who can inject secrets ...
CVE-2020-4062
In Conjur OSS Helm Chart before 2.0.0, a recently identified critical vulnerability resulted in the installation of the Conjur Postgres database with an open port. This allows an attacker to gain full read & write access to the Conjur Postgres database, including escalating the attacker's...