MAL-2025-186265 Malicious code in concurrently-configstore-lyra-perseus (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector dbdd3e3fbd31161db4d4c071bc50e19eb1af1064e748a5e2f0131d7ff033d0b1 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in teagood-nakama20 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4336633a9609eccaff4299ffeb1f5d4b03f96a5971a297c9701984f86d065a4e This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-106014 Malicious code in mulyono-lapis1-remi (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fc2b8c0464c1b12459f5c33ec3b4ea0b3abb23f126279947a4c70213d04a71f8 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-105398 Malicious code in lutfi-gembus91-ruro (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1f2628cf97bc8db1b0014edbab8aa6e726d946a9fc05e9fa9fb2b459c9ba23ec This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

CVE-2022-47037

Siklu TG Terragraph devices before 2.1.1 allow attackers to discover valid, randomly generated credentials via GetCredentials...

Information disclosure

A randomly generated Initialization Vector IV may lead to a collision of IVs with the same key potentially resulting in information disclosure...

Duplicate Advisory: GoUtils's randomly-generated alphanumeric strings contain significantly less entropy than expected

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-xg2h-wx96-xgxr. This link is maintained to preserve external references. Original Description Randomly-generated alphanumeric strings contain significantly less entropy than expected. The RandomAlphaNumeric and...

CVE-2021-4238

Randomly-generated alphanumeric strings contain significantly less entropy than expected. The RandomAlphaNumeric and CryptoRandomAlphaNumeric functions always return strings containing at least one digit from 0 to 9. This significantly reduces the amount of entropy in short strings generated by...

Simple JWT Login < 3.3.0 - Insecure Password Creation

The plugin can be used to create new WordPress user accounts with a randomly generated password. The password is generated using the strshuffle PHP function that "does not generate cryptographically secure values, and should not be used for cryptographic purposes" according to PHP's documentation...

CentOS 8 : cloud-init (CESA-2021:3081)

The remote CentOS Linux 8 host has a package installed that is affected by a vulnerability as referenced in the CESA-2021:3081 advisory. - cloud-init: randomly generated passwords logged in clear-text to world-readable file CVE-2021-3429 Note that Nessus has not tested for this issue but has...

RLSA-2021:3081 Moderate: cloud-init security update

The cloud-init packages provide a set of init scripts for cloud instances. Cloud instances need special scripts to run during initialization to retrieve and install SSH keys, and to let the user run various scripts. Security Fixes: cloud-init: randomly generated passwords logged in clear-text to...

GHSA-PHJ8-4CQ3-794G Unencrypted storage of client side sessions

Impact The default configuration of client side sessions results in unencrypted, but signed, data being set as cookie values. This means that if something sensitive goes into the session, it could be read by something with access to the cookies. Note: the documentation does point this out and...

Unencrypted storage of client side sessions

Impact The default configuration of client side sessions results in unencrypted, but signed, data being set as cookie values. This means that if something sensitive goes into the session, it could be read by something with access to the cookies. Note: the documentation does point this out and...