2192 matches found
EUVD-2025-116867
Malicious code in aether-nebula-sequelize-readable npm...
EUVD-2025-123983
Malicious code in package-luna-prettier-plugin-markdown-readable npm...
EUVD-2025-122615
Malicious code in request-readable-radiant-forever npm...
EUVD-2025-111187
Malicious code in meteor-readable-dactyl-chalk npm...
Malicious code in geckodriver-readable-thuban-virgo (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3fbee7af91fc32c148f8c4a3e601df8ffa2dcc65f0b9e8a59b9b012f3e6ae5cf This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
EUVD-2025-115757
Malicious code in callisto-readable-europa-pegasus npm...
EUVD-2025-116248
Malicious code in babel-dorado-firebase-readable npm...
MAL-2025-148509 Malicious code in terser-atlas-figures-readable (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d5adb748096ba778ee5999d50c614c52e7e276480ebb02aa4b345857a837b99e This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
CVE-2024-32010
A vulnerability has been identified in Spectrum Power 4 All versions V4.70 SP12 Update 2. The affected application is vulnerable to extraction of database credentials via a world-readable credential file. This allows an attacker to connect to the database as privileged application user and to run...
CVE-2024-32010
A vulnerability has been identified in Spectrum Power 4 All versions V4.70 SP12 Update 2. The affected application is vulnerable to extraction of database credentials via a world-readable credential file. This allows an attacker to connect to the database as privileged application user and to run...
CVE-2024-32010
A vulnerability has been identified in Spectrum Power 4 All versions V4.70 SP12 Update 2. The affected application is vulnerable to extraction of database credentials via a world-readable credential file. This allows an attacker to connect to the database as privileged application user and to run...
PT-2025-46535
Name of the Vulnerable Software and Affected Versions Spectrum Power versions prior to 4.70 SP12 Update 2 Description The application is susceptible to the exposure of database credentials through a world-readable credential file. Successful exploitation allows an attacker to connect to the...
curl: curl’s persistence files inherit world-readable/writable perms from umask, leaking and tampering with cookies/HSTS/Alt-Svc caches
Executive Summary Curlfopen clones the permissions of any pre-existing persistence file when creating its temporary file. When the persistence file does not exist, it first creates one with the process umask typically 022, i.e., 0644. That mode is then copied to the temp file via 0600 | sb.stmode...
CVE-2025-54808
Oxford Nanopore Technologies' MinKNOW software at or prior to version 24.11 stores authentication tokens in a file located in the system's temporary directory /tmp on the host machine. This directory is typically world-readable, allowing any local user or application to access the token. If the...
CVE-2025-54808 Oxford Nanopore Technologies MinKNOW Insufficiently Protected Credentials
Oxford Nanopore Technologies' MinKNOW software at or prior to version 24.11 stores authentication tokens in a file located in the system's temporary directory /tmp on the host machine. This directory is typically world-readable, allowing any local user or application to access the token. If the...
PT-2025-43541
Name of the Vulnerable Software and Affected Versions Oxford Nanopore Technologies MinKNOW versions prior to 24.11 Description The MinKNOW software stores authentication tokens in a world-readable file within the system's temporary directory /tmp on the host machine. If a token is compromised, an...
Toward greater transparency: Introducing machine-readable Vulnerability Exploitability Xchange (VEX) for Azure Linux and beyond
Microsoft is now publishing standard attestations about third-party CVEs through the Vulnerability Exploitability eXchange VEX standard including vulnerabilities in embedded open-source software in Microsoft products and services and starting with the Azure Linux Distribution formerly CBL-Mariner...
EUVD-2000-0457
Malware in sbrugna...
EUVD-2000-1112
Malware in sbrugna...
EUVD-2019-0071
Malware in sbrugna...