MAL-2026-5184 Malicious code in sf-silly-goose-requests (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 d1b2d16ce881d1e9b356ed424f8144ce9324d09010efa8761ad13ac8a46e7b60 Package uses trufflehog to detect secrets and exfiltrates them to a hardcoded location --- Category: MALICIOUS - The campaign has clearly malicious intent, lik...

Sensitive Information Disclosure

local-deep-research is vulnerable to Sensitive Information Disclosure. The vulnerability is due to insecure local storage because confidential data API keys, etc. are kept in an unencrypted SQLite database with a fixed, non-configurable location, allowing anyone with container or host filesystem...

SUSE CVE-2019-2390

An unprivileged user or program on Microsoft Windows which can create OpenSSL configuration files in a fixed location may cause utility programs shipped with MongoDB server to run attacker defined code as the user running the utility. This issue MongoDB Server v4.0 versions prior to 4.0.11; Mongo...

InstallBuilder安全特征问题漏洞

Vmware InstallBuilder is a multi-platform installer development and automatic update tool from Vmware, Inc. A security vulnerability exists in InstallBuilder that stems from the fact that under certain circumstances on the InstallBuilder Windows version, the uninstaller binary copies itself to a...

FreeBSD -- Insecure default GELI keyfile permissions

Problem Description: The default permission set by bsdinstall8 installer when configuring full disk encrypted ZFS is too open. Impact: A local attacker may be able to get a copy of the geli8 provider's keyfile which is located at a fixed location...

UBUNTU-CVE-2013-4737

The CONFIGSTRICTMEMORYRWX implementation for the Linux kernel 3.x, as used in Qualcomm Innovation Center QuIC Android contributions for MSM devices and other products, does not properly consider certain memory sections, which makes it easier for attackers to bypass intended access restrictions by...