EUVD-2021-0239

Malware in sbrugna...

EUVD-2015-1007

Malware in sbrugna...

EUVD-2024-16250

Malicious code in bioql PyPI...

CVE-2025-54380

CVE-2025-54380 affects Opencast before version 17.6. The issue arises when fetching mediapackage elements from a MediPackage XML file, causing Opencast to disclose hashed global system account credentials (org.opencastproject.security.digest.user and org.opencastproject.security.digest.pass) to a...

Linux Distros Unpatched Vulnerability : CVE-2022-24809

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - net-snmp provides various tools relating to the Simple Network Management Protocol. Prior to version 5.9.2, a user with read-only credentials can use a malforme...

CVE-2024-0455

The inclusion of the web scraper for AnythingLLM means that any user with the proper authorization level manager, admin, and when in single user could put in the URL http://169.254.169.254/latest/meta-data/identity-credentials/ec2/security-credentials/ec2-instance which is a special IP and URL th...

CVE-2024-0455

The inclusion of the web scraper for AnythingLLM means that any user with the proper authorization level manager, admin, and when in single user could put in the URL http://169.254.169.254/latest/meta-data/identity-credentials/ec2/security-credentials/ec2-instance which is a special IP and URL th...

CVE-2024-0455

The inclusion of the web scraper for AnythingLLM means that any user with the proper authorization level manager, admin, and when in single user could put in the URL http://169.254.169.254/latest/meta-data/identity-credentials/ec2/security-credentials/ec2-instance which is a special IP and URL th...

Cross site request forgery (csrf)

The inclusion of the web scraper for AnythingLLM means that any user with the proper authorization level manager, admin, and when in single user could put in the URL http://169.254.169.254/latest/meta-data/identity-credentials/ec2/security-credentials/ec2-instance which is a special IP and URL th...

CVE-2024-0455

CVE-2024-0455 concerns AnythingLLM where a web scraper can trigger a server-side request to the AWS EC2 metadata URL 169.254.169.254/latest/meta-data/identity-credentials/ec2/security-credentials/ec2-instance. If accessed by a user with manager/admin permissions (and in single-user mode) from wit...

CVE-2019-10200

A flaw was discovered in OpenShift Container Platform 4 where, by default, users with access to create pods also have the ability to schedule workloads on master nodes. Pods with permission to access the host network, running on master nodes, can retrieve security credentials for the master AWS I...

CVE-2019-10200

CVE-2019-10200 affects OpenShift Container Platform 4. By default, users who can create pods may schedule workloads on master nodes. If such pods use hostNetwork on a master node, they can retrieve credentials for the master AWS IAM role, potentially granting management access to AWS resources an...

Unauthorized Access

github.com/openshift/cluster-kube-apiserver-operator allows unauthorized access. Users with access to create pods also have the ability to schedule workloads on master nodes. Pods with permission to access the host network, running on master nodes, can retrieve security credentials for the master...

CVE-2019-10200

A flaw was discovered in OpenShift Container Platform 4 where, by default, users with access to create pods also have the ability to schedule workloads on master nodes. Pods with permission to access the host network, running on master nodes, can retrieve security credentials for the master AWS I...

CVE-2019-10347

Jenkins Mashup Portlets Plugin stored credentials unencrypted on the Jenkins master where they can be viewed by users with access to the master file system...

Millions of Oklahoma Gov Files Exposed by Wide-Open Server

Millions of sensitive files on a storage server belonging to the Oklahoma Department of Securities were left exposed for a week – including credentials, internal docs and personal data stretching back decades. Researchers at UpGuard who discovered the data leak said that the publicly accessible...

Security Bulletin: IBM® DB2® LUW contains a vulnerability in which an ALTER TABLE statement on identity column may cause the DB2 server to terminate abnormally. (CVE-2014-6209)

Summary IBM DB2 contains a denial of service vulnerability in which an ALTER TABLE statement on identity column may cause the DB2 server to terminate abnormally. Vulnerability Details CVE-ID: CVE-2014-6209 DESCRIPTION: IBM DB2 contains a denial of service vulnerability. A remote, authenticated DB...

Security Bulletin: IBM® DB2® LUW contains a vulnerability in which multiple ALTER TABLE statements may cause the DB2 server to terminate abnormally. (CVE-2014-6210)

Summary IBM DB2 contains a vulnerability in which multiple ALTER TABLE statements may cause the DB2 server to terminate abnormally. Vulnerability Details CVE ID: CVE-2014-6210 DESCRIPTION: IBM DB2 contains a denial of service vulnerability. A remote, authenticated DB2 user could exploit this...

[SECURITY] Fedora 26 Update: myproxy-6.1.28-1.fc26

MyProxy is open source software for managing X.509 Public Key Infrastructure PKI security credentials certificates and private keys. MyProxy combines an online credential repository with an online certificate authority to allow users to securely obtain credentials when and where need ed. Users ru...

UBUNTU-CVE-2014-5247

The UpgradeBeforeConfigurationChange function in lib/client/gntcluster.py in Ganeti 2.10.0 before 2.10.7 and 2.11.0 before 2.11.5 uses world-readable permissions for the configuration backup file, which allows local users to obtain SSL keys, remote API credentials, and other sensitive information...