MAL-2026-4743 Malicious code in buddyme (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6f4ae4b8c00d27e82d54a5d2d960b1dc4f40ba15bc938355bad8421c338d6ef6 buddyme advertises a CLI agent. When installed and run, the default REPL routes every prompt the user types to third-party LLM providers Zhipu GLM at...

CVE-2020-7999

The Intellian Aptus application 1.0.2 for Android has hardcoded values for DOWNLOADAPIKEY and FILEDOWNLOADAPIKEY...

EUVD-2020-28912

Malware in sbrugna...

EUVD-2024-16164

Malicious code in bioql PyPI...

EUVD-2023-27232

Malicious code in bioql PyPI...

CVE-2023-23132

Selfwealth iOS mobile App 3.3.1 is vulnerable to Sensitive key disclosure. The application reveals hardcoded API keys...

CVE-2024-36248

API keys for some cloud services are hardcoded in the "main" binary. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under References...

CVE-2024-0368

The Hustle – Email Marketing, Lead Generation, Optins, Popups plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 7.8.3 via hardcoded API Keys. This makes it possible for unauthenticated attackers to extract sensitive data including PII...

CVE-2024-0368

The Hustle – Email Marketing, Lead Generation, Optins, Popups plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 7.8.3 via hardcoded API Keys. This makes it possible for unauthenticated attackers to extract sensitive data including PII...

PT-2024-15503 · WordPress · The Hustle – Email Marketing

Name of the Vulnerable Software and Affected Versions: The Hustle – Email Marketing, Lead Generation, Optins, Popups plugin for WordPress versions up to, and including, 7.8.3 Description: The issue allows unauthenticated attackers to extract sensitive data, including personally identifiable...

CVE-2023-39421

The RDPWin.dll component as used in the IRM Next Generation booking engine includes a set of hardcoded API keys for third-party services such as Twilio and Vonage. These keys allow unrestricted interaction with these services...

CVE-2023-39421

CVE-2023-39421 involves the RDPWin.dll component used by the IRM Next Generation booking engine, which contains hardcoded API keys for third‑party services (Twilio, Vonage). The root cause is hardcoded credentials in RDPWin.dll, enabling unrestricted interaction with these services. NVD assigns a...

PT-2023-26942 · Twilio +1 · Twilio +1

Name of the Vulnerable Software and Affected Versions: IRM Next Generation booking engine affected versions not specified Description: The RDPWin.dll component includes a set of hardcoded API keys for third-party services such as Twilio and Vonage. These keys allow unrestricted interaction with...

CVE-2023-23132

Selfwealth iOS mobile App 3.3.1 is vulnerable to Sensitive key disclosure. The application reveals hardcoded API keys...

CVE-2023-23132

Selfwealth iOS mobile App 3.3.1 is vulnerable to Sensitive key disclosure. The application reveals hardcoded API keys...

CVE-2023-23132

Selfwealth iOS mobile App 3.3.1 is vulnerable to Sensitive key disclosure. The application reveals hardcoded API keys...

Stripo Inc: Insecure Storage and Overly Permissive API Keys

Summary: I am surfing on the stripo.email website. I found a sensitive data including authentication key/secrettoken written in public accessible subdo. We found a aviaryApiKeyand other secretkey exposed in staging.empleio.stripo.email. Risk Factors: Most often Developers for their ease of...

Hardcoded credentials

An issue was discovered in CommScope Ruckus IoT Controller 1.7.1.0 and earlier. Hard-coded API Keys exist...