Lucene search
K

22 matches found

OSV
OSV
added 2026/06/11 7:16 a.m.12 views

MAL-2026-5596 Malicious code in 0x2ai-demo8x (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f6d1ce2d7b8faa5bde122eb2bc6e0a79fec5f5720cfa7de0718a0c8948b344d6 On npm install, scripts/postinstall.cjs copies the package's payload/ tree into INITCWD the consumer's project root using fs.cpSync,...

5.5AI score
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:33 p.m.9 views

CVE-2026-45021

Kuma is a modern Envoy-based service mesh that can run on every cloud across both Kubernetes and VMs. Prior to 2.7.25, 2.9.15, 2.11.13, 2.12.10, and 2.13.5, the default kuma-cp config leaks the admin bootstrap token and signing keys to any webpage the operator visits while the control plane is...

5.1CVSS5.4AI score0.00204EPSS
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/20 1:3 p.m.12 views

Malicious code in @kmmao/happy-coder (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c4478b22a21a87a37250e86ef25639330f79b779e5793f642eaf7ddaafd975d4 This package is a near-verbatim fork of the upstream happy-coder/happy-cli references to slopus/happy-cli and happy.engineering are retained througho...

5.8AI score
Exploits0References9
NVD
NVD
added 2026/05/19 7:16 a.m.20 views

CVE-2025-15609

The Fortis for WooCommerce WordPress plugin before 1.3.1 may leak sensitive API keys to unauthenticated attackers, allowing them to query Fortis' API and retrieve sensitive customer information, like past orders, PII, etc...

7.5CVSS0.00404EPSS
Exploits0References1
Packet Storm News
Packet Storm News
added 2026/05/05 12:0 a.m.7 views

GPUBreach: Privilege Escalation Attacks on GPUs Using Rowhammer

NVIDIA GPUs with GDDR memories have been shown susceptible to Rowhammer-based bit-flips, similar to CPUs. However, Rowhammer exploits on GPUs have been limited to injecting untargeted bit-flips in victim data like weights of machine learning models, to degrade model accuracy, unlike CPU exploits...

5.8AI score
Exploits0
CNNVD
CNNVD
added 2026/04/09 12:0 a.m.10 views

Aiven Operator 安全漏洞

Aiven Operator is an open-source Kubernetes cluster management service developed by Aiven. Versions of Aiven Operator from 0.31.0 to 0.37.0 contained a security vulnerability. This vulnerability stemmed from the operator trusting the namespace values provided by users without verification. As a...

6.8CVSS5.8AI score0.00394EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/02/25 12:0 a.m.10 views

LiveCode 代码注入漏洞

LiveCode is a multi-platform programming tool developed by the LiveCode team. It can run on iOS, Android, OS X, Windows 95 through Windows 10, Raspberry Pi, and various Unix variants including Linux, Solaris, and BSD. LiveCode has a code injection vulnerability. This vulnerability stems from the...

8.8CVSS6AI score0.0025EPSS
Exploits0References2
OSV
OSV
added 2026/01/27 6:14 p.m.5 views

USN-7981-1 wlc vulnerabilities

It was discovered that wlc did not correctly handle SSL verification. An attacker could possibly use this issue to access sensitive resources. CVE-2026-22250 It was discovered that wlc did not correctly handle API keys. An attacker could possibly use this issue to leak API keys to a malicious...

5.5CVSS5.8AI score0.00164EPSS
Exploits0References3
Debian CVE
Debian CVE
added 2025/12/23 10:59 p.m.4 views

CVE-2025-68696

httparty is an API tool. In versions 0.23.2 and prior, httparty is vulnerable to SSRF. This issue can pose a risk of leaking API keys, and it can also allow third parties to issue requests to internal servers. This issue has been patched via commit 0529bcd...

8.8CVSS5.2AI score0.0026EPSS
Exploits1
RubySec
RubySec
added 2025/12/23 12:0 a.m.11 views

httparty Has Potential SSRF Vulnerability That Leads to API Key Leakage

Summary There may be an SSRF vulnerability in httparty. This issue can pose a risk of leaking API keys, and it can also allow third parties to issue requests to internal servers. Details When httparty receives a path argument that is an absolute URL, it ignores the baseuri field. As a result, if ...

8.8CVSS5.8AI score0.0026EPSS
Exploits1References1Affected Software1
Positive Technologies
Positive Technologies
added 2025/09/29 12:0 a.m.5 views

PT-2025-39877

Name of the Vulnerable Software and Affected Versions ThriveX Blogging Framework versions 2.5.9 through 3.1.3 Description An issue exists in the AssistantController.java file that allows unauthenticated attackers to obtain sensitive information, such as API Keys. The /api/assistant/list API...

9.8CVSS6.5AI score0.00349EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2025/08/18 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2021-24116

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In wolfSSL through 4.6.0, a side-channel vulnerability in base64 PEM file decoding allows system-level administrator attackers to obtain information about secre...

4.9CVSS5.8AI score0.01036EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/08/12 8:52 p.m.23 views

CVE-2025-55165 Autocaliweb Exposure of Sensitive Information to an Unauthorized Actor in `config_sql.py`

Autocaliweb is a web app that offers an interface for browsing, reading, and downloading eBooks using a valid Calibre database. Prior to version 0.8.3, the debug pack generated by Autocaliweb can expose sensitive configuration data, including API keys. This occurs because the todict method, used ...

8.2CVSS0.00177EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2024/11/05 5:49 p.m.3 views

grpc: client communicating with a HTTP/2 proxy can poison the HPACK table between the proxy and the backend

A flaw was found in Google gRPC due to HPACK table poisoning between the proxy and backend so that other clients see failed requests, resulting in a denial of service. This occurs because the error status for a misencoded header is not cleared between header reads, resulting in subsequent...

6.3CVSS5.7AI score0.00224EPSS
Exploits1References5
OSV
OSV
added 2024/08/06 11:16 a.m.2 views

DEBIAN-CVE-2024-7246

It's possible for a gRPC client communicating with a HTTP/2 proxy to poison the HPACK table between the proxy and the backend such that other clients see failed requests. It's also possible to use this vulnerability to leak other clients HTTP header keys, but not values. This occurs because the...

5.3CVSS6.4AI score0.00224EPSS
Exploits1References1
OSV
OSV
added 2023/10/20 3:18 p.m.31 views

GHSA-2RCP-JVR4-R259 Tauri's Updater Private Keys Possibly Leaked via Vite Environment Variables

Impact This advisory is not describing a vulnerability in the Tauri code base itself but a commonly used misconfiguration which could lead to leaking of the private key and updater key password into bundled Tauri applications using the Vite frontend in a specific configuration. The Tauri...

8.4CVSS6.8AI score0.00192EPSS
Exploits0References6
OSV
OSV
added 2022/07/14 2:36 p.m.8 views

MAL-2022-1826 Malicious code in capitain-title (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 6a75b2ce6eaabce715f2a5a587ac91d0a395294ce7647cf6d0d1eb2d6e088a89 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI score
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2021/06/10 12:0 a.m.31 views

SUSE SLES11 Security Update : mozilla-nspr, mozilla-nss (SUSE-SU-2020:14418-1)

The remote SUSE Linux SLES11 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2020:14418-1 advisory. - A vulnerability exists where it possible to force Network Security Services NSS to sign CertificateVerify with PKCS1 v1.5 signatures when...

10CVSS7.9AI score0.03552EPSS
Exploits1References19
OSV
OSV
added 2020/04/15 3:15 p.m.6 views

CVE-2020-1026

A Security Feature Bypass vulnerability exists in the MSR JavaScript Cryptography Library that is caused by multiple bugs in the library’s Elliptic Curve Cryptography ECC implementation.An attacker could potentially abuse these bugs to learn information about a server’s private ECC key a key...

9.8CVSS7.3AI score0.02541EPSS
Exploits0References1
android
android
added 2019/04/01 12:0 a.m.48 views

CVE-2018-11976

ECDSA signature code leaks private keys from secure world to non-secure world in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice &...

4.9CVSS1.9AI score0.00204EPSS
Exploits0References3
Rows per page
Query Builder