SUSE CVE-2026-40934

Jupyter Server is the backend for Jupyter web applications. In versions 2.17.0 and earlier, the secret used to sign authentication cookies is persisted to a static file at /.local/share/jupyter/runtime/jupytercookiesecret and is never rotated when a user changes their password. After a password...

DEBIAN-CVE-2026-40934

Jupyter Server is the backend for Jupyter web applications. In versions 2.17.0 and earlier, the secret used to sign authentication cookies is persisted to a static file at /.local/share/jupyter/runtime/jupytercookiesecret and is never rotated when a user changes their password. After a password...

CVE-2026-40934

Jupyter Server is the backend for Jupyter web applications. In versions 2.17.0 and earlier, the secret used to sign authentication cookies is persisted to a static file at /.local/share/jupyter/runtime/jupytercookiesecret and is never rotated when a user changes their password. After a password...

Exploit for Improper Control of Dynamically-Managed Code Resources in N8N

n8n Expression Injection RCE Analysis CVE-2025-68613 This r...

RUSTSEC-2026-0102 `microsoftsystem64` was removed from crates.io for malicious code

microsoftsystem64 installs a hardcoded SSH authorizedkeys entry persistence/backdoor and scans for sensitive files .env, credential-like JSON names, keyword-matching docs, reads their contents, base64-encodes where needed, and exfiltrates everything to a remote server via HTTP. It also packages a...

EUVD-2012-6001

Malware in sbrugna...

EUVD-2022-0609

Malicious code in bioql PyPI...

PT-2025-30105 · Npm · @Cloudflare/Vite-Plugin

Summary Note: originally posted on H1 but closed. Cross-posting over to here in abundance of caution instead of a public issue. When utilising the Cloudflare Vite plugin in its default configuration, all files are exposed by the local dev server, including files in the root directory that contain...

CVE-2023-32303

Planet is software that provides satellite data. The secret file stores the user's Planet API authentication information. It should only be accessible by the user, but before version 2.0.1, its permissions allowed the user's group and non-group to read the file as well. This issue was patched in...

Multiple vulnerabilities in Ingress NGINX Controller for Kubernetes

On March 24, 2025, Kubernetes disclosed 5 new vulnerabilities affecting the Ingress NGINX Controller for Kubernetes. Successful exploitation could allow attackers access to all secrets stored across all namespaces in the Kubernetes cluster, which could result in cluster takeover. CVE-2025-1974 9....

CVE-2024-39459

A vulnerability was found in the Jenkins Plain Credentials Plugin, which stores secret file credentials unencrypted only Base64 encoded on the Jenkins controller file system. Users with access to the Jenkins controller file system global credentials or with Item/Extended Read permission...

Secret file credentials stored unencrypted in rare cases by Plain Credentials Plugin

When creating secret file credentials Plain Credentials Plugin 182.v468b97b9dcb8 and earlier attempts to decrypt the content of the file to check if it constitutes a valid encrypted secret. In rare cases the file content matches the expected format of an encrypted secret, and the file content wil...

GHSA-3CPQ-RW36-CPPV Secret file credentials stored unencrypted in rare cases by Plain Credentials Plugin

When creating secret file credentials Plain Credentials Plugin 182.v468b97b9dcb8 and earlier attempts to decrypt the content of the file to check if it constitutes a valid encrypted secret. In rare cases the file content matches the expected format of an encrypted secret, and the file content wil...

CVE-2024-39459

In rare cases Jenkins Plain Credentials Plugin 182.v468b97b9dcb8 and earlier stores secret file credentials unencrypted only Base64 encoded on the Jenkins controller file system, where they can be viewed by users with access to the Jenkins controller file system global credentials or with...

CVE-2024-39459

In Jenkins, the Plain Credentials Plugin (versions 182.v468b_97b_9dcb_8 and earlier) can store secret file credentials unencrypted (Base64 only) on the Jenkins controller filesystem. This allows users with access to the controller filesystem or with Item/Extended Read permissions to view those cr...

CVE-2023-32303

Planet is software that provides satellite data. The secret file stores the user's Planet API authentication information. It should only be accessible by the user, but before version 2.0.1, its permissions allowed the user's group and non-group to read the file as well. This issue was patched in...

PYSEC-2023-71

Planet is software that provides satellite data. The secret file stores the user's Planet API authentication information. It should only be accessible by the user, but before version 2.0.1, its permissions allowed the user's group and non-group to read the file as well. This issue was patched in...

Design/Logic Flaw

Planet is software that provides satellite data. The secret file stores the user's Planet API authentication information. It should only be accessible by the user, but before version 2.0.1, its permissions allowed the user's group and non-group to read the file as well. This issue was patched in...

Planet's secret file is created with excessive permissions

Impact The secret file stores the user's Planet API authentication information. It should only be accessible by the user, but its permissions allowed the user's group and non-group to read the file as well. Validation Check the permissions on the secret file with ls -l /.planet.json and ensure th...

GHSA-J5FJ-RFH6-QJ85 Planet's secret file is created with excessive permissions

Impact The secret file stores the user's Planet API authentication information. It should only be accessible by the user, but its permissions allowed the user's group and non-group to read the file as well. Validation Check the permissions on the secret file with ls -l /.planet.json and ensure th...