MAL-2026-4367 Malicious code in @bcrumbs.net/bc-chat (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d4bd9ccff2d027c9982ab41ff4b4417e62475e70aba04212794f267030f63ab0 The exported BCChat React component embeds a hardcoded Azure Blob SAS URL https://bcuserres.blob.core.windows.net/anonymous with a long-lived SAS tok...

zrok copy writes attacker-controlled WebDAV paths outside the destination root

Summary Alice runs zrok2 copy from a WebDAV or zrok drive controlled by Bob into a local filesystem target. Bob returns a DAV href such as /../outside.txt. The sync pipeline stores that path in the source inventory and passes it to FilesystemTarget.WriteStream, which joins it with the target root...

CVE-2026-35488 Tandoor Recipes — CustomIsShared permits DELETE/PUT on RecipeBook by shared (read-only) users

Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. Prior to 2.6.4, RecipeBookViewSet and RecipeBookEntryViewSet use CustomIsShared as an alternative permission class, but CustomIsShared.hasobjectpermission returns True for all HTTP methods —...

CVE-2026-35488

Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. Prior to 2.6.4, RecipeBookViewSet and RecipeBookEntryViewSet use CustomIsShared as an alternative permission class, but CustomIsShared.hasobjectpermission returns True for all HTTP methods —...

PT-2026-30861

Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. Prior to 2.6.4, RecipeBookViewSet and RecipeBookEntryViewSet use CustomIsShared as an alternative permission class, but CustomIsShared.has object permission returns True for all HTTP methods —...

CVE-2026-32398

Concurrent Execution using Shared Resource with Improper Synchronization 'Race Condition' vulnerability in Subrata Mal TeraWallet – For WooCommerce woo-wallet allows Leveraging Race Conditions.This issue affects TeraWallet – For WooCommerce: from n/a through = 1.5.15...

(0Day) Wondershare Repairit SAS Token Incorrect Permission Assignment Authentication Bypass Vulnerability

This vulnerability allows remote attackers to bypass authentication on Wondershare Repairit. Authentication is not required to exploit this vulnerability. The specific flaw exists within the permissions granted to an SAS token. An attacker can leverage this vulnerability to launch a supply-chain...

EUVD-2021-1091

Malware in sbrugna...

EUVD-2025-24151

Malicious code in bioql PyPI...

CVE-2025-10644

Wondershare Repairit SAS Token Incorrect Permission Assignment Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on Wondershare Repairit. Authentication is not required to exploit this vulnerability. The specific flaw exists within the...

CVE-2025-10644 Wondershare Repairit SAS Token Incorrect Permission Assignment Authentication Bypass Vulnerability

Wondershare Repairit SAS Token Incorrect Permission Assignment Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on Wondershare Repairit. Authentication is not required to exploit this vulnerability. The specific flaw exists within the...

CVE-2025-8864

Shared Access Signature token is not masked in the backup configuration response and is also exposed in the ybbackup logs...

CVE-2025-8864

Shared Access Signature token is not masked in the backup configuration response and is also exposed in the ybbackup logs...

CVE-2025-8864

CVE-2025-8864 affects YugabyteDB: a Shared Access Signature (SAS) token is exposed in backup config responses and in yb_backup logs. The issue impacts confidentiality and is rated CVSS v4.0 (MEDIUM, Base 6.8) with ADJACENT attack vector, HIGH privileges required, no user interaction. Affected com...

CVE-2025-8864

Shared Access Signature token is not masked in the backup configuration response and is also exposed in the ybbackup logs...

PT-2025-32546 · Yb Backup · Yb Backup

Name of the Vulnerable Software and Affected Versions: affected versions not specified Description: A Shared Access Signature token is not masked in the backup configuration response and is exposed in the yb backup logs. Recommendations: At the moment, there is no information about a newer versio...

YugabyteDB 安全漏洞

YugabyteDB is a high-performance transactional distributed SQL database for cloud-native applications from Yugabyte USA. A security vulnerability exists in YugabyteDB that stems from the exposure of shared access signature tokens in backup configuration responses and ybbackup logs...

CVE-2019-19316

When using the Azure backend with a shared access signature SAS, Terraform versions prior to 0.12.17 may transmit the token and state snapshot using cleartext HTTP...

YugabyteDB 日志信息泄露漏洞

YugabyteDB is a high-performance transactional distributed SQL database for cloud-native applications from Yugabyte USA. A security vulnerability exists in YugabyteDB that stems from SAS tokens not being masked in the configuration response. This leads to an information disclosure vulnerability...

PT-2024-16795 · Yugabyte · Yugabytedb

Name of the Vulnerable Software and Affected Versions: YugabyteDB Anywhere versions 2.20.0.0 through 2.20.6.0 YugabyteDB Anywhere versions 2.23.0.0 through 2.23.0.0 YugabyteDB Anywhere versions 2024.1.0.0 through 2024.1.2.0 YugabyteDB versions prior to D37715 Description: An information disclosur...