Lucene search
K

9 matches found

vulnersOsv
vulnersOsv
added 2026/03/05 2:7 a.m.9 views

com.efluid.oss:efluid-datagate-app (>=3.1.3 <=6.1.5), com.efluid.oss:efluid-datagate-app-cucumber (>=3.1.3 <=6.1.5) +5 more potentially affected by CVE-2026-29000 via org.pac4j:pac4j-jwt (>=5.0.1 <=5.7.8)

org.pac4j:pac4j-jwt MAVEN version =5.0.1, =3.1.3, =3.1.3, =0.8.0, =0.8.0, =2.0.6, =2.2.1, =2.0.6, =2.1.0 Source cves: CVE-2026-29000 Source advisory: SNYK:JAVA-ORGPAC4J-15428218...

9.3CVSS6.7AI score0.05856EPSS
Exploits17
Snyk
Snyk
added 2026/01/28 4:33 p.m.5 views

Malicious Package

Overview @metrics-service/static is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this packa...

9.8CVSS5.9AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/02/03 4:42 p.m.5 views

Malicious code in @metrics-service/static (npm)

--- -= Per source details. Do not edit below this line.=-...

7AI score
Exploits0
OSV
OSV
added 2025/02/03 4:42 p.m.6 views

MAL-2025-773 Malicious code in @metrics-service/static (npm)

--- -= Per source details. Do not edit below this line.=-...

7.1AI score
Exploits0
OSV
OSV
added 2025/01/08 4:15 p.m.4 views

CVE-2025-20126

A vulnerability in certification validation routines of Cisco ThousandEyes Endpoint Agent for macOS and RoomOS could allow an unauthenticated, remote attacker to intercept or manipulate metrics information. This vulnerability exists because the affected software does not properly validate...

4.8CVSS5.8AI score0.00165EPSS
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2024/12/19 1:33 p.m.7 views

Malicious code in @metrics-service/mf-client (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 4515e226dd4aafab225dd128f71075baadf1fc7b2176ed97b19e90ae8aadb642 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.9AI score
Exploits0References1
OSV
OSV
added 2024/12/19 1:33 p.m.7 views

MAL-2024-11937 Malicious code in @metrics-service/mf-client (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 4515e226dd4aafab225dd128f71075baadf1fc7b2176ed97b19e90ae8aadb642 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI score
Exploits0References1
Prion
Prion
added 2023/04/14 8:15 p.m.21 views

Spoofing

SpiceDB is an open source, Google Zanzibar-inspired, database system for creating and managing security-critical application permissions. The spicedb serve command contains a flag named --grpc-preshared-key which is used to protect the gRPC API from being accessed by unauthorized requests. The...

5CVSS7.7AI score0.00762EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2023/04/13 5:53 p.m.45 views

SpiceDB binding metrics port to untrusted networks and can leak command-line flags

Background The spicedb serve command contains a flag named --grpc-preshared-key which is used to protect the gRPC API from being accessed by unauthorized requests. The values of this flag are to be considered sensitive, secret data. The /debug/pprof/cmdline endpoint served by the metrics service...

8.7CVSS7.5AI score0.00762EPSS
Exploits0References5Affected Software1
Rows per page
Query Builder