Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a credential stealer worm. A malicious actor managed to extract a GitHub Actions OIDC token from the runner process and publish tampered versions of 42 @tanstack/ packages to npm, which then spread ...

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a credential stealer worm. A malicious actor managed to extract a GitHub Actions OIDC token from the runner process and publish tampered versions of 42 @tanstack/ packages to npm, which then spread ...

PYSEC-2024-310

Sentry is an error tracking and performance monitoring platform. Version 24.11.0, and only version 24.11.0, is vulnerable to a scenario where a specific error message generated by the Sentry platform could include a plaintext Client ID and Client Secret for an application integration. The Client ...

CemiPark 安全漏洞

CemiPark is an application from CemiPark, Inc. A security vulnerability exists in CemiPark that stems from access control storing integration credentials in plain text, which allows an unauthorized attacker to retrieve plaintext passwords used by the system...

PT-2024-31076 · Cemipark · Cemipark

Name of the Vulnerable Software and Affected Versions: CemiPark software versions 4.5 through 5.03 Description: The access control in CemiPark software stores integration credentials, such as FTP or SIP, in plain-text. An attacker who gains unauthorized access to the device can retrieve clear tex...