10 matches found
RHCOS 4 : OpenShift Container Platform 4.6.8 (RHSA-2020:5260)
The remote Red Hat Enterprise Linux CoreOS 4 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2020:5260 advisory. - kubernetes: Secret leaks in kube-controller-manager when using vSphere Provider CVE-2020-8563 Note that Nessus has not tested for this issu...
Exposure Report: 65% of Leading AI Companies Found with Verified Secret Leaks
How secure are top private AI companies? Find out from our scans and disclosures...
EUVD-2025-17428
Malicious code in bioql PyPI...
PT-2025-24401 · Red Hat · Red Hat Connectivity Link
Name of the Vulnerable Software and Affected Versions: Red Hat Connectivity Link affected versions not specified Description: The issue concerns the AuthPolicy metadata in Red Hat Connectivity Link, which contains an object storing secrets. However, it assumes these secrets are already in the...
GitHub Action tj-actions/changed-files supply chain attack: everything you need to know
A supply chain attack on popular GitHub Action tj-actions/changed-files caused many repositories to leak their secrets. Discover how it unfolded and the steps to mitigate the risk...
PT-2024-29278 · Unknown · Woodpecker
Name of the Vulnerable Software and Affected Versions: Woodpecker versions prior to 2.7.0 Description: The issue allows attackers to create malicious workflows that can lead to host takeover or secret leaks. This is possible because the server allows any user to trigger a pipeline run, and those...
Over Half of Security Leaders Lack Confidence in Protecting App Secrets, Study Reveals
It might come as a surprise, but secrets management has become the elephant in the AppSec room. While security vulnerabilities like Common Vulnerabilities and Exposures CVEs often make headlines in the cybersecurity world, secrets management remains an overlooked issue that can have immediate and...
Over Half of Security Leaders Lack Confidence in Protecting App Secrets, Study Reveals
It might come as a surprise, but secrets management has become the elephant in the AppSec room. While security vulnerabilities like Common Vulnerabilities and Exposures CVEs often make headlines in the cybersecurity world, secrets management remains an overlooked issue that can have immediate and...
GitHub Extends Push Protection to Prevent Accidental Leaks of Keys and Other Secrets
GitHub has announced the general availability of a new security feature called push protection , which aims to prevent developers from inadvertently leaking keys and other secrets in their code. The Microsoft-owned cloud-based repository hosting platform, which began testing the feature a year ag...
DumpsterDiver - Tool To Search Secrets In Various Filetypes
DumpsterDiver is a tool used to analyze big volumes of various file types in search of hardcoded secret keys e.g. AWS Access Key, Azure Share Key or SSH keys. Additionally, it allows creating a simple search rules with basic conditions e.g. reports only csv file including at least 10 email...