229 matches found
EUVD-2025-199043
Malicious code in react-native-log-level npm...
MAL-2025-191000 Malicious code in react-native-log-level (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 24d9b4b32f8ecb8d86fe3786c14e216538d2d25e1e3257627f186495dedaf9b1 The package react-native-log-level was found to contain malicious code. Source: ghsa-malware...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Sha1-hulud supply chain attack, and its content was removed from the official package manager. The malware functions as a self-replicating worm capable of...
module-mobile-js (>=1.3.8 <=1.4.0), react-native-iris-sdk (>=3.3.16 <=3.3.31) potentially affected by unknown CVE via react-native-log-level (=1.2.0)
react-native-log-level NPM version =1.2.0 is affected by a known vulnerability. The following packages have a transitive dependency on react-native-log-level and may be impacted: - module-mobile-js =1.3.8, =3.3.16, =3.3.31 Source cves: unknown CVE Source advisory:...
CVE-2025-62232 Apache APISIX: basic-auth logs plaintext credentials at info level
Sensitive data exposure via logging in basic-auth leads to plaintext usernames and passwords written to error logs and forwarded to log sinks when log level is INFO/DEBUG. This creates a high risk of credential compromise through log access. It has been fixed in the following commit: ...
CVE-2025-62232 Apache APISIX: basic-auth logs plaintext credentials at info level
Sensitive data exposure via logging in basic-auth leads to plaintext usernames and passwords written to error logs and forwarded to log sinks when log level is INFO/DEBUG. This creates a high risk of credential compromise through log access. It has been fixed in the following commit: ...
CVE-2023-53639
Technical details about CVE-2023-53639 are not publicly provided in the supplied documents. Monitor for updates from vendors and security advisories to obtain affected products, versions, and remediation information.
EUVD-2019-2229
Malware in sbrugna...
EUVD-2021-2002
Malware in sbrugna...
EUVD-2014-4936
Malware in sbrugna...
EUVD-2021-1435
Malware in sbrugna...
EUVD-2019-5976
Malware in sbrugna...
EUVD-2023-2836
Malicious code in bioql PyPI...
EUVD-2024-36558
Malicious code in bioql PyPI...
EUVD-2023-53818
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2019-14907
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - All samba versions 4.9.x before 4.9.18, 4.10.x before 4.10.12 and 4.11.x before 4.11.5 have an issue where if it is set with log level = 3 or above then the...
Linux Distros Unpatched Vulnerability : CVE-2020-8565
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Kubernetes, if the logging level is set to at least 9, authorization and bearer tokens will be written to log files. This can occur both in API server logs a...
Sensitive Information Disclosure
github.com/edgelesssys/contrast is vulnerable to information disclosure. The vulnerability is due to improper logging configuration due to secrets being written to stderr and Kubernetes logs when the log level is set to info or debug, which is the default...
Insertion of Sensitive Information into Log File
Overview Affected versions of this package are vulnerable to Insertion of Sensitive Information into Log File due to the logging configuration. An attacker can access sensitive information by exploiting the log output when the log level is set to info or debug. This is only exploitable if the...
Contrast workload secrets leak to logs on INFO level
Impact When the Contrast initializer is configured with a CONTRASTLOGLEVEL of info or debug, the workload secret is logged to stderr and written to Kubernetes logs. Since info is the default setting, this affects all Contrast installations that don't customize their initializers' log level. The...