9 matches found
com.efluid.oss:efluid-datagate-app (>=3.1.3 <=6.1.5), com.efluid.oss:efluid-datagate-app-cucumber (>=3.1.3 <=6.1.5) +5 more potentially affected by CVE-2026-29000 via org.pac4j:pac4j-jwt (>=5.0.1 <=5.7.8)
org.pac4j:pac4j-jwt MAVEN version =5.0.1, =3.1.3, =3.1.3, =0.8.0, =0.8.0, =2.0.6, =2.2.1, =2.0.6, =2.1.0 Source cves: CVE-2026-29000 Source advisory: SNYK:JAVA-ORGPAC4J-15428218...
Malicious Package
Overview @metrics-service/static is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this packa...
Malicious code in @metrics-service/static (npm)
--- -= Per source details. Do not edit below this line.=-...
MAL-2025-773 Malicious code in @metrics-service/static (npm)
--- -= Per source details. Do not edit below this line.=-...
CVE-2025-20126
A vulnerability in certification validation routines of Cisco ThousandEyes Endpoint Agent for macOS and RoomOS could allow an unauthenticated, remote attacker to intercept or manipulate metrics information. This vulnerability exists because the affected software does not properly validate...
Malicious code in @metrics-service/mf-client (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 4515e226dd4aafab225dd128f71075baadf1fc7b2176ed97b19e90ae8aadb642 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2024-11937 Malicious code in @metrics-service/mf-client (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 4515e226dd4aafab225dd128f71075baadf1fc7b2176ed97b19e90ae8aadb642 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Spoofing
SpiceDB is an open source, Google Zanzibar-inspired, database system for creating and managing security-critical application permissions. The spicedb serve command contains a flag named --grpc-preshared-key which is used to protect the gRPC API from being accessed by unauthorized requests. The...
SpiceDB binding metrics port to untrusted networks and can leak command-line flags
Background The spicedb serve command contains a flag named --grpc-preshared-key which is used to protect the gRPC API from being accessed by unauthorized requests. The values of this flag are to be considered sensitive, secret data. The /debug/pprof/cmdline endpoint served by the metrics service...