18 matches found
EUVD-2025-27163
Malicious code in bioql PyPI...
EUVD-2024-53115
Malicious code in bioql PyPI...
CVE-2025-58366
Onyxia is a data science environment for kubernetes. In versions 4.6.0 through 4.8.0, Onyxia-API leaked the credentials of private helm repositories in the public unauthenticated /public/catalogs endpoint.vOnly instances using private helm repositories i.e setting username & password in the...
CVE-2025-58366
Onyxia is a data science environment for kubernetes. In versions 4.6.0 through 4.8.0, Onyxia-API leaked the credentials of private helm repositories in the public unauthenticated /public/catalogs endpoint.vOnly instances using private helm repositories i.e setting username & password in the...
CVE-2025-58366 Onyxia private helm repository credentials are leaked through unauthenticated API
Onyxia is a data science environment for kubernetes. In versions 4.6.0 through 4.8.0, Onyxia-API leaked the credentials of private helm repositories in the public unauthenticated /public/catalogs endpoint.vOnly instances using private helm repositories i.e setting username & password in the...
CVE-2025-58366 Onyxia private helm repository credentials are leaked through unauthenticated API
Onyxia is a data science environment for kubernetes. In versions 4.6.0 through 4.8.0, Onyxia-API leaked the credentials of private helm repositories in the public unauthenticated /public/catalogs endpoint.vOnly instances using private helm repositories i.e setting username & password in the...
CVE-2025-58366
CVE-2025-58366 affects Onyxia (Onyxia-API) in versions 4.6.0–4.8.0. The vulnerability arises from leaking credentials of private Helm repositories via the unauthenticated public endpoint /public/catalogs, when catalogs配置 include username/password. The issue enables exposure of private repo creden...
CVE-2025-58366 Onyxia private helm repository credentials are leaked through unauthenticated API
Onyxia is a data science environment for kubernetes. In versions 4.6.0 through 4.8.0, Onyxia-API leaked the credentials of private helm repositories in the public unauthenticated /public/catalogs endpoint.vOnly instances using private helm repositories i.e setting username & password in the...
Onyxia 安全漏洞
Onyxia is an open source web application from InseeFrLab designed to be the glue between multiple open source backend technologies. A security vulnerability exists in Onyxia version 4.8.0 and earlier, which stems from a credential leak that could lead to the exposure of sensitive information...
PT-2025-36335
Name of the Vulnerable Software and Affected Versions: Onyxia versions 4.6.0 through 4.8.0 Description: Onyxia-API leaked credentials of private helm repositories through the public /public/catalogs endpoint. Only instances using private helm repositories with configured usernames and passwords i...
CVE-2024-56333
Onyxia is a web app that aims at being the glue between multiple open source backend technologies to provide a state of art working environment for data scientists. This critical vulnerability allows authenticated users to remotely execute code within the Onyxia-API, leading to potential...
CVE-2024-56333
Onyxia is a web app that aims at being the glue between multiple open source backend technologies to provide a state of art working environment for data scientists. This critical vulnerability allows authenticated users to remotely execute code within the Onyxia-API, leading to potential...
CVE-2024-56333
The CVE-2024-56333 entry concerns Onyxia-API remote code execution via an authenticated user. Concrete details across connected documents show that Onyxia-API versions prior to 2.8.2, 3.1.1, and 4.2.0 are affected. The root cause is a code-execution vulnerability that could allow an authenticated...
CVE-2024-56333 Remote code execution in onyxia-api
Onyxia is a web app that aims at being the glue between multiple open source backend technologies to provide a state of art working environment for data scientists. This critical vulnerability allows authenticated users to remotely execute code within the Onyxia-API, leading to potential...
CVE-2024-56333 Remote code execution in onyxia-api
Onyxia is a web app that aims at being the glue between multiple open source backend technologies to provide a state of art working environment for data scientists. This critical vulnerability allows authenticated users to remotely execute code within the Onyxia-API, leading to potential...
CVE-2024-56333 Remote code execution in onyxia-api
Onyxia is a web app that aims at being the glue between multiple open source backend technologies to provide a state of art working environment for data scientists. This critical vulnerability allows authenticated users to remotely execute code within the Onyxia-API, leading to potential...
Onyxia 代码注入漏洞
Onyxia is an open source web application from InseeFrLab designed to be the glue between multiple open source backend technologies. A code injection vulnerability exists in Onyxia versions prior to 4.2.0, prior to 3.1.1, and prior to 2.8.2, which originates from the ability of an authenticated us...
PT-2024-36795 · Unknown · Onyxia-Api
Name of the Vulnerable Software and Affected Versions: Onyxia-API versions prior to 2.8.2 Onyxia-API versions prior to 3.1.1 Onyxia-API versions prior to 4.2.0 Description: This issue allows authenticated users to remotely execute code within the Onyxia-API, potentially leading to unauthorized...