CVE-2025-62794 GitHub Workflow Updater stored the optional Github token in plaintext

GitHub Workflow Updater is a VS Code extension that automatically pins GitHub Actions to specific commits for enhanced security. Before 0.0.7, any provided Github token would be stored in plaintext in the editor configuration as json on disk, rather than through the more secure "securestorage" ap...

CVE-2025-62794

CVE-2025-62794 affects the GitHub Workflow Updater VS Code extension. Before version 0.0.7, the extension stored provided GitHub tokens in plaintext JSON in editor configuration on disk instead of using securestorage. This allowed a local attacker with read access to the user’s home directory to ...

CVE-2025-62794 GitHub Workflow Updater stored the optional Github token in plaintext

GitHub Workflow Updater is a VS Code extension that automatically pins GitHub Actions to specific commits for enhanced security. Before 0.0.7, any provided Github token would be stored in plaintext in the editor configuration as json on disk, rather than through the more secure "securestorage" ap...

CVE-2025-62794 GitHub Workflow Updater stored the optional Github token in plaintext

GitHub Workflow Updater is a VS Code extension that automatically pins GitHub Actions to specific commits for enhanced security. Before 0.0.7, any provided Github token would be stored in plaintext in the editor configuration as json on disk, rather than through the more secure "securestorage" ap...

EUVD-2025-36570

GitHub Workflow Updater is a VS Code extension that automatically pins GitHub Actions to specific commits for enhanced security. Before 0.0.7, any provided Github token would be stored in plaintext in the editor configuration as json on disk, rather than through the more secure "securestorage" ap...

GHSA-8PGV-569H-W5RW

creationtimestamp| type| source ---|---|--- 2025-10-28 19:49:35+00:00| seen| Telegram/GHUXCcA-zDixUulPWhYgzTivH6Dbr5X0Cd4vJtKye9V4xlI...

30-week-binary-exploitation-cve-program-generated-by-AI

\ 30-Week Binary Exploitation & CVE Analysis Program for Embed...

nuclei_poc

This repository is an offensive tool for Nuclei POCs. It is a Python script that clones GitHub repositories, extracts Nuclei POCs, and organizes them into categorized folders. The script runs automatically every day using GitHub Actions. The primary vulnerability class targeted by this tool is no...

Researchers Expose GhostCall and GhostHire: BlueNoroff's New Malware Chains

Threat actors tied to North Korea have been observed targeting the Web3 and blockchain sectors as part of twin campaigns tracked as GhostCall and GhostHire. According to Kaspersky, the campaigns are part of a broader operation called SnatchCrypto that has been underway since at least 2017. The...

CVE-2019-11507

creationtimestamp| type| source ---|---|--- 2025-10-28 06:50:55+00:00| confirmed| https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2019/CVE-2019-11507.yaml 2025-10-29 21:02:29+00:00| seen| https://bsky.app/profile/beikokucyber.bsky.social/post/3m4edtnyjnw2g...

Crypto wasted: BlueNoroff’s ghost mirage of funding and jobs

Introduction Primarily focused on financial gain since its appearance, BlueNoroff aka. Sapphire Sleet, APT38, Alluring Pisces, Stardust Chollima, and TA444 has adopted new infiltration strategies and malware sets over time, but it still targets blockchain developers, C-level executives, and...

Fedora: Security Advisory (FEDORA-2025-30bf3a7b1a)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

GitHub Workflow Updater 安全漏洞

GitHub Workflow Updater is a VS Code extension by Richard Tweed Personal Developer. A security vulnerability exists in GitHub Workflow Updater versions prior to 0.0.7, which stems from storing Github tokens in cleartext, which could lead to token disclosure...

PT-2025-44215

Name of the Vulnerable Software and Affected Versions GitHub Workflow Updater versions prior to 0.0.7 Description The GitHub Workflow Updater VS Code extension had a security issue where GitHub tokens were stored in plaintext within the editor configuration as JSON on disk, instead of utilizing t...

GHSA-GV8H-7V7W-R22Q

creationtimestamp| type| source ---|---|--- 2025-10-27 21:12:50+00:00| seen| https://infosec.exchange/users/cR0w/statuses/115448189437739687 2025-10-29 17:32:49+00:00| seen| https://cyber.gc.ca/en/alerts-advisories/docker-security-advisory-av25-708...

CVE-2025-62524 PILOS Exposes PHP version

PILOS Platform for Interactive Live-Online Seminars is a frontend for BigBlueButton. PILOS before 4.8.0 exposes the PHP version via the X-Powered-By header, enabling attackers to fingerprint the server and assess potential exploits. This information disclosure vulnerability originates from PHP’s...

CVE-2024-6690

creationtimestamp| type| source ---|---|--- 2025-10-27 01:52:34+00:00| confirmed| https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2024/CVE-2024-6690.yaml 2025-10-27 21:02:34+00:00| seen| https://bsky.app/profile/beikokucyber.bsky.social/post/3m47cvwti532k 2025-12-02...

Fedora: Security Advisory (FEDORA-2025-a6cb455ca2)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora: Security Advisory (FEDORA-2025-cf2e1f1604)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE CVE-2025-61926

Allstar is a GitHub App to set and enforce security policies. In versions prior to 4.5, a vulnerability in Allstar's Reviewbot component caused inbound webhook requests to be validated against a hard-coded, shared secret. The value used for the secret token was compiled into the Allstar binary an...