14 matches found
EUVD-2007-2740
Malware in sbrugna...
EUVD-2019-8653
Malware in sbrugna...
EUVD-2016-6037
Malware in sbrugna...
EUVD-2021-0808
Malware in sbrugna...
CVE-2025-53886
Directus is a real-time API and App dashboard for managing SQL database content. Starting in version 9.0.0 and prior to version 11.9.0, when using Directus Flows with the WebHook trigger all incoming request details are logged including security sensitive data like access and refresh tokens in...
MAL-2025-1355 Malicious code in uzx-dev (npm)
This package runs commands in a pre-install script that exfils sensitive data to a attacker-controlled domain. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 480bcafaaaad658c3b61f5335846df6701c8e8eda0856c45fcd0c1c55babfa1d Any computer that has this package install...
phin may include sensitive headers in subsequent requests after redirect
Impact Users may be impacted if sending requests including sensitive data in specific headers with followRedirects enabled. Patches The follow-redirects library is now being used for redirects and removes some headers that may contain sensitive information in some situations. Workarounds N/A...
CVE-2021-32050
Some MongoDB Drivers may erroneously publish events containing authentication-related data to a command listener configured by an application. The published events may contain security-sensitive data when specific authentication-related commands are executed. Without due care, an application may...
Design/Logic Flaw
Some MongoDB Drivers may erroneously publish events containing authentication-related data to a command listener configured by an application. The published events may contain security-sensitive data when specific authentication-related commands are executed. Without due care, an application may...
CVE-2021-32050 Some MongoDB Drivers may publish events containing authentication-related data to a command listener configured by an application
Some MongoDB Drivers may erroneously publish events containing authentication-related data to a command listener configured by an application. The published events may contain security-sensitive data when specific authentication-related commands are executed. Without due care, an application may...
MongoDB C# Driver Risk of Exposing Authentication Data via Command Listener
Specific versions of the MongoDB C Driver may erroneously publish events containing authentication-related data to a command listener configured by an application. The published events may contain security-sensitive data when commands such as "saslStart", "saslContinue", "isMaster", "createUser",...
Hardcoded credentials
Use of a hard-coded cryptographic key to encrypt security sensitive data in local storage and configuration in FortiClient for Windows prior to 6.4.0 may allow an attacker with access to the local storage or the configuration backup file to decrypt the sensitive data via knowledge of the hard-cod...
CVE-2019-16150
Use of a hard-coded cryptographic key to encrypt security sensitive data in local storage and configuration in FortiClient for Windows prior to 6.4.0 may allow an attacker with access to the local storage or the configuration backup file to decrypt the sensitive data via knowledge of the hard-cod...
Insecure management of login credentials in PicsArt Photo Studio for Android [STIC-2014-0426]
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Fundacion Dr. Manuel Sadosky - Programa STIC Advisory http://www.fundacionsadosky.org.ar Insecure management of login credentials in PicsArt Photo Studio for Android 1. Advisory Information Title: Insecure management of login credentials in PicsArt...