5 matches found
wrong STARTTLS connection reuse
A vulnerability exists where a new transfer that uses STARTTLS to upgrade the connection might reuse an existing live connection even though the TLS configuration mismatches so it should not...
EUVD-2025-122240
Malicious code in sass-loader-quasar-transport-upgrade npm...
EUVD-2025-121124
Malicious code in transport-upgrade-google-package npm...
MAL-2025-147682 Malicious code in sass-loader-quasar-transport-upgrade (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2f20c0ab48c9f324f56d5d61c41b6df53b2f9637aa4732f761ac74b9eda2b6ba This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Improper Removal of Sensitive Information Before Storage or Transfer
Overview Affected versions of this package are vulnerable to Improper Removal of Sensitive Information Before Storage or Transfer via the rest.AnonymousClientConfig method that does not effectively clear service account credentials loaded using rest.InClusterConfig. An attacker can gain...