CVE-2026-48152 Budibase: Basic app users can exfiltrate stored REST datasource auth by rewriting datasource base URL

Budibase is an open-source low-code platform. Prior to 3.39.0, the single-datasource GET and PUT routes are guarded by generic TABLE READ, not by Builder/Admin permission or datasource-specific ownership/resource checks. The built-in Basic app user role maps to the WRITE permission set, which...

CVE-2025-52493

PagerDuty Runbook through 2025-06-12 exposes stored secrets directly in the webpage DOM at the configuration page. Although these secrets appear masked as password fields, the actual secret values are present in the page source and can be revealed by simply modifying the input field type from...

CVE-2025-52493

PagerDuty Runbook through 2025-06-12 exposes stored secrets directly in the webpage DOM at the configuration page. Although these secrets appear masked as password fields, the actual secret values are present in the page source and can be revealed by simply modifying the input field type from...

PT-2025-50352

Name of the Vulnerable Software and Affected Versions PagerDuty Runbook versions through 2025-06-12 Description PagerDuty Runbook through 2025-06-12 has an issue where stored secrets are exposed directly in the webpage Document Object Model DOM at the configuration page. While these secrets are...

CVE-2025-52493

PagerDuty Runbook (through 2025-06-12) stores secret values in the configuration page DOM. Although fields appear masked, secrets are present in the page source and can be revealed by changing input type from password to text via browser dev tools. Exploitation is described as possible by adminis...

EUVD-2012-5979

Malware in sbrugna...

CVE-2012-6111

gnome-keyring does not discard stored secrets when using gnomekeyringlockallsync function...

MAL-2024-11049 Malicious code in linencloth (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 999ba2244ac8c4672c2eb7c235f23d6b1274cb293a3a8596b0f4d98670459dbc Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2024-10989 Malicious code in n-http-proxy (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware c13801d43d60af89b56b44fb645f8cd6e571abf340332c2d4031b29aab946043 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Uninitialized Memory Exposure

Overview apache-airflow is a platform to programmatically author, schedule, and monitor workflows. Affected versions of this package are vulnerable to Uninitialized Memory Exposure which allows authenticated users with audit log access to see sensitive unencrypted stored values set via the airflo...

MAL-2024-9203 Malicious code in videojs-sneakpeek (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 50ede982076cae3541cce714f8770049de3c4cea94a0049eb7ed6e2273852255 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2024-8765 Malicious code in georiter (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 40d9c64935e25585e8125dd120e9a9a02cc1c5bb8849fc4a20c0fc8992331726 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2024-8511 Malicious code in @diotoborg/optio-tempora-impedit (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 86376a05b7a8c1a19bdbf7d43882b4fde07bb64f0f80ba8087abce3197ae2ee8 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2024-7957 Malicious code in free-bets-list (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware fdf275b904e56648f3ac4145f510b98a807f68dc450526d67445bd9884373240 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2024-7196 Malicious code in @zitterorg/eos-beatae-aliquid (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 5752bab5f01b2428fb90c9b2bba20e62080655a0a8eec50fbae275e5fea2bab7 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2024-1406 Malicious code in @juiggitea/amet-beatae-voluptatum-cum (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 018bdb0bbe62400a03d4b073b8822218185c13453cff98fb6343d9e931958537 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2024-1347 Malicious code in ping-bot-reduction (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 605a96bff0b39813fe902ed7de4bfe3bf228835641c9d030cbec0a2a8b4f676b Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2024-165 Malicious code in distube-config (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 06ac3f289f159fa4961391d20b8dbb4b10a0467ac4654073bcc0aa7863caf8cc Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2024-813 Malicious code in wlwz-2312-7104 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 4609aade8972d623486874586f3206eb01cf8a8313f69f00ea4767663ac71d7b Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2023-8774 Malicious code in unit-testing-controllers (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 206ebabfab4ea20b85ed6293c085ea8a6c0c0d85a70a1616a1963ac8556cf315 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...