14 matches found
EUVD-2026-18554
The stored API keys in temporary browser client is not marked as protected allowing for JavScript console or other errors to allow for extraction of the encryption credentials...
CVE-2026-35467
The stored API keys in temporary browser client is not marked as protected allowing for JavScript console or other errors to allow for extraction of the encryption credentials...
MAL-2024-11082 Malicious code in rtn-centered-text (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 8c2f20177c95333172f2abb0596c37a5b6c2a294dcd40dda5a0608b6f83778b6 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2024-10707 Malicious code in p-http (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 9e6020c72434d3e7647714902b693a6b7724105d815480ccd6ea906112b33e23 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2024-623 Malicious code in wlwz-2312-5003 (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b7470ec0b5a5579469d69934e2e983af7eb6ec2cc212e353c1d5ae8fff2eb641 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
CVE-2022-3927
The affected products store both public and private key that are used to sign and protect Custom Parameter Set CPS file from modification. An attacker that manages to exploit this vulnerability will be able to change the CPS file, sign it so that it is trusted as the legitimate CPS file. This iss...
CVE-2022-3907
The Clerk WordPress plugin before 4.0.0 is affected by time-based attacks in the validation function for all API requests due to the usage of comparison operators to verify API keys against the ones stored in the site options...
MAL-2022-5713 Malicious code in rec3t-dev-utils (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware d448e9d4d5fbd9def37731a1409acb449e54c306bddb581430918e5ea7f1db44 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2022-5109 Malicious code in opstimlst (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 1931c57874f4a33e47102b939b2235f5c94f75dbc2032473660d4d102f21e45b Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2022-3799 Malicious code in imagemu8 (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 553206ec9b55f50c3c247964d0ab30622ff141ef7cfe055c7928cacad00b38d1 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2022-6347 Malicious code in suggests (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware fb374151849da575040b6992af495cc8d7abf55f4e5ac68fcdad3b178f3e4cb0 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2022-7125 Malicious code in wf_apn (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f01c53fc0839183701573003861341005906ad7c0dcf0f3005a411f64dfa875f Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2022-5116 Malicious code in orangeonion.buildtools (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 01d5d87d4e17da3a852029e3970ff209b44f9254cf8481c4a527feb52b18524a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
etcd Information Disclosure Vulnerability - Active Check
etcd is prone to an information disclosure vulnerability if no authentication is enabled. An attacker may read all stored key values which might contain sensitive information like passwords. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced...