Lucene search
K

4 matches found

RedhatCVE
RedhatCVE
added 2025/10/08 8:19 p.m.12 views

CVE-2025-61776

Dependency-Track is a component analysis platform that allows organizations to identify and reduce risk in the software supply chain. Prior to version 4.13.5, Dependency-Track may send credentials meant for a private NuGet repository to api.nuget.org via the HTTP Authorization header, and may...

4.7CVSS6.9AI score0.0026EPSS
Exploits0References1
OSV
OSV
added 2025/10/07 6:57 p.m.5 views

CVE-2025-61776 Dependency-Track possibly discloses private NuGet repository credentials to api.nuget.org

Dependency-Track is a component analysis platform that allows organizations to identify and reduce risk in the software supply chain. Prior to version 4.13.5, Dependency-Track may send credentials meant for a private NuGet repository to api.nuget.org via the HTTP Authorization header, and may...

4.7CVSS6.9AI score0.0026EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/10/07 12:0 a.m.4 views

PT-2025-41166

Name of the Vulnerable Software and Affected Versions Dependency-Track versions prior to 4.13.5 Description Dependency-Track is a component analysis platform used for managing software supply chain risk. Versions prior to 4.13.5 may inadvertently transmit credentials intended for a private NuGet...

4.7CVSS6.5AI score0.0026EPSS
Exploits0References5
The Hacker News
The Hacker News
added 2023/03/22 8:58 a.m.51 views

Rogue NuGet Packages Infect .NET Developers with Crypto-Stealing Malware

The NuGet repository is the target of a new "sophisticated and highly-malicious attack" aiming to infect .NET developer systems with cryptocurrency stealer malware. The 13 rogue packages, which were downloaded more than 160,000 times over the past month, have since been taken down. "The packages...

7AI score
Exploits0
Rows per page
Query Builder