19 matches found
MAL-2026-4367 Malicious code in @bcrumbs.net/bc-chat (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d4bd9ccff2d027c9982ab41ff4b4417e62475e70aba04212794f267030f63ab0 The exported BCChat React component embeds a hardcoded Azure Blob SAS URL https://bcuserres.blob.core.windows.net/anonymous with a long-lived SAS tok...
(0Day) Wondershare Repairit SAS Token Incorrect Permission Assignment Authentication Bypass Vulnerability
This vulnerability allows remote attackers to bypass authentication on Wondershare Repairit. Authentication is not required to exploit this vulnerability. The specific flaw exists within the permissions granted to an SAS token. An attacker can leverage this vulnerability to launch a supply-chain...
EUVD-2021-1091
Malware in sbrugna...
EUVD-2025-24151
Malicious code in bioql PyPI...
CVE-2025-10644
Wondershare Repairit SAS Token Incorrect Permission Assignment Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on Wondershare Repairit. Authentication is not required to exploit this vulnerability. The specific flaw exists within the...
CVE-2025-10644 Wondershare Repairit SAS Token Incorrect Permission Assignment Authentication Bypass Vulnerability
Wondershare Repairit SAS Token Incorrect Permission Assignment Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on Wondershare Repairit. Authentication is not required to exploit this vulnerability. The specific flaw exists within the...
CVE-2025-8864
Shared Access Signature token is not masked in the backup configuration response and is also exposed in the ybbackup logs...
CVE-2025-8864
CVE-2025-8864 affects YugabyteDB: a Shared Access Signature (SAS) token is exposed in backup config responses and in yb_backup logs. The issue impacts confidentiality and is rated CVSS v4.0 (MEDIUM, Base 6.8) with ADJACENT attack vector, HIGH privileges required, no user interaction. Affected com...
CVE-2025-8864
Shared Access Signature token is not masked in the backup configuration response and is also exposed in the ybbackup logs...
CVE-2025-8864
Shared Access Signature token is not masked in the backup configuration response and is also exposed in the ybbackup logs...
YugabyteDB 安全漏洞
YugabyteDB is a high-performance transactional distributed SQL database for cloud-native applications from Yugabyte USA. A security vulnerability exists in YugabyteDB that stems from the exposure of shared access signature tokens in backup configuration responses and ybbackup logs...
PT-2025-32546 · Yb Backup · Yb Backup
Name of the Vulnerable Software and Affected Versions: affected versions not specified Description: A Shared Access Signature token is not masked in the backup configuration response and is exposed in the yb backup logs. Recommendations: At the moment, there is no information about a newer versio...
CVE-2019-19316
When using the Azure backend with a shared access signature SAS, Terraform versions prior to 0.12.17 may transmit the token and state snapshot using cleartext HTTP...
PT-2024-16795 · Yugabyte · Yugabytedb
Name of the Vulnerable Software and Affected Versions: YugabyteDB Anywhere versions 2.20.0.0 through 2.20.6.0 YugabyteDB Anywhere versions 2.23.0.0 through 2.23.0.0 YugabyteDB Anywhere versions 2024.1.0.0 through 2024.1.2.0 YugabyteDB versions prior to D37715 Description: An information disclosur...
YugabyteDB 日志信息泄露漏洞
YugabyteDB is a high-performance transactional distributed SQL database for cloud-native applications from Yugabyte USA. A security vulnerability exists in YugabyteDB that stems from SAS tokens not being masked in the configuration response. This leads to an information disclosure vulnerability...
PT-2024-34162 · Unknown · Icg.Aspnetcore.Utilities.Cloudstorage
Name of the Vulnerable Software and Affected Versions: ICG.AspNetCore.Utilities.CloudStorage versions prior to 8.0.0 Description: The issue affects users of the ICG.AspNetCore.Utilities.CloudStorage library who set a duration for a SAS Uri with a value other than 1 hour, potentially resulting in ...
Microsoft Azure Sphere Information Disclosure Vulnerability
Azure Sphere is a secure, advanced application platform with built-in communications and security features for connected devices. An information disclosure vulnerability exists in Microsoft Azure Sphere versions prior to 20.07. An attacker could exploit the vulnerability to obtain resource IDs, S...
CVE-2019-19316
When using the Azure backend with a shared access signature SAS, Terraform versions prior to 0.12.17 may transmit the token and state snapshot using cleartext HTTP...
PT-2019-15807 · Hashicorp +1 · Terraform +1
Name of the Vulnerable Software and Affected Versions: Terraform versions prior to 0.12.17 Description: The issue concerns the transmission of sensitive data in cleartext HTTP when using the Azure backend with a shared access signature SAS in Terraform. This affects the...