Malicious code in nach-suck-vibni (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 11ceb1ad51888d7ff2f12161d6b80705cee7921cccdb0b082dfb539fa8f1eba7 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

EUVD-2021-9409

Malicious code in bioql PyPI...

PT-2025-36652

Argo CD's Project API Token Exposes Repository Credentials in github.com/argoproj/argo-cd...

CVE-2025-55190

Argo CD vulnerability CVE-2025-55190: In multiple releases of Argo CD, API tokens with project-level permissions can retrieve sensitive repository credentials via the project details API endpoint, even when tokens lack explicit access to secrets. The issue affects versions 2.13.0–2.13.8, 2.14.0–2...

Linux Distros Unpatched Vulnerability : CVE-2023-1084

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue has been discovered in GitLab CE/EE affecting all versions before 15.7.8, all versions starting from 15.8 before 15.8.4, all versions starting from 15....

Vampire attack on the LooksRareAggregator

Lines of code Vulnerability details Description The LooksRareAggregator project is almost stateless and most of its code is open. Someone may fork it and make a lower fee for the users or even add other incentives. Unlike Uniswap, the aggregator doesn't have a network effect, so it is economicall...

GitLab: Privilege escalation of "external user" (with maintainer privilege) to internal access through project token

Summary An "external user" a user account with the status external which is granted "Maintainer" role on any project on the GitLab instance where "project tokens" are allowed can elevate its privilege to "Internal". An external user with maintainer permissions could create a project token, which...