EUVD-2024-19270

Malicious code in bioql PyPI...

Malicious code in catflix (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware d0f682b0d66f1100534a823b754c3bc096ac54a5142489698fc5589813699d9e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in depx-contract (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a69e0a710cd2cb5b4880fae8eb37ba76afea9f442c898ab7e528965336f75392 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in playwright-1.47 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 838a2bf47ce546affea44fb08edc2964e2c467300c9028a29fc869db92f92a23 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

PT-2023-9259

Name of the Vulnerable Software and Affected Versions Gogs versions 0.13.0 and earlier Description The issue is related to argument injection during the tagging of a new release. This could allow a remote attacker to disclose protected information. Unprivileged user accounts with at least one SSH...

CVE-2022-29266 apisix/jwt-auth may leak secrets in error response

In APache APISIX before 3.13.1, the jwt-auth plugin has a security issue that leaks the user's secret key because the error message returned from the dependency lua-resty-jwt contains sensitive information...

CVE-2022-27201

Jenkins Semantic Versioning Plugin 1.13 and earlier does not restrict execution of an controller/agent message to agents, and implements no limitations about the file path that can be parsed, allowing attackers able to control agent processes to have Jenkins parse a crafted file that uses externa...