108 matches found
CVE-2025-11065 vulnerabilities
Vulnerabilities for packages: kyverno-fips, rancher-security-scan, ratify-fips, boring-registry-fips, mattermost-fips, crossplane-fips, gitlab-cng-fips, k9s-fips, grafana-fips, zitadel, beats-fips, datadog-agent, grafana-mimir-fips, pluto-fips, neuvector-sigstore-interface-fips, elastic-agent-fip...
GHSA-FRHW-MQJ2-WXW2 vulnerabilities
Vulnerabilities for packages: stern, glow, kube-vip-cloud-provider, timescaledb-tune, secrets-store-csi-driver-provider-gcp, xcover, portieris, smokescreen, docker-credential-ecr-login, kubernetes-csi-driver-nfs, prometheus-blackbox-exporter, smarter-device-manager, kaf, terraform-provider-time,...
Malicious code in haedal-vaults-sdk (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 4cdc575f935d62b37b17082181381a8002b5784fedda1dfc854ef2f74f39edf6 The OpenSSF Package Analysis project identified 'haedal-vaults-sdk' @ 1.6.0 npm as malicious. It is considered malicious because: - The package...
MAL-2025-48948 Malicious code in haedal-vaults-sdk (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 4cdc575f935d62b37b17082181381a8002b5784fedda1dfc854ef2f74f39edf6 The OpenSSF Package Analysis project identified 'haedal-vaults-sdk' @ 1.6.0 npm as malicious. It is considered malicious because: - The package...
Information Disclosure
sigs.k8s.io/secrets-store-sync-controller is vulnerable to Information Disclosure. The vulnerability is due to improper error handling and service account tokens being logged during parameter marshaling errors, and attackers with log access can use these tokens to retrieve secrets from cloud vaul...
EUVD-2023-33890
Malicious code in bioql PyPI...
EUVD-2025-16378
Malicious code in bioql PyPI...
EUVD-2022-4934
Malicious code in bioql PyPI...
EUVD-2023-33930
Malicious code in bioql PyPI...
EUVD-2025-6156
Malicious code in bioql PyPI...
CVE-2025-47906 vulnerabilities
Vulnerabilities for packages: php-fpmexporter, gitsign, shfmt, cloud-provider-aws, git-lfs, kserve-rest-proxy, kube-vip, vexctl, grafana-operator, kube-vip-cloud-provider, lvm-driver, gostatsd, kuberay-operator, dagdotdev, local-path-provisioner, newrelic-fluent-bit-output, confluent-common-docke...
GHSA-GWRF-JF3H-W649 vulnerabilities
Vulnerabilities for packages: php-fpmexporter, gitsign, shfmt, cloud-provider-aws, git-lfs, kserve-rest-proxy, kube-vip, vexctl, grafana-operator, kube-vip-cloud-provider, lvm-driver, gostatsd, kuberay-operator, dagdotdev, local-path-provisioner, newrelic-fluent-bit-output, confluent-common-docke...
Obsidian Plugin Persistence
This module searches for Obsidian vaults for a user, and uploads a malicious community plugin to the vault. The vaults must be opened with community plugins enabled NOT restricted mode, but the plugin will be enabled automatically. Tested against Obsidian 1.7.7 on Kali, Ubuntu 22.04, and Windows...
Malicious code in noya-vaults (npm)
The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis c04ef9aa2ad40a3e1dacb5babc831a84e76560f5eddec262e912da4087187a49 The OpenSSF Package Analysis project identified 'noya-vaults' @ 1.0.1...
MAL-2025-6005 Malicious code in noya-vaults (npm)
The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis c04ef9aa2ad40a3e1dacb5babc831a84e76560f5eddec262e912da4087187a49 The OpenSSF Package Analysis project identified 'noya-vaults' @ 1.0.1...
Rugsafe: a Multichain Protocol for Recovering from and Defending against Rug Pulls
Rugsafe introduces a comprehensive protocol aimed at mitigating the risks of rug pulls in the cryptocurrency ecosystem. By utilizing cryptographic security measures and economic incentives, the protocol provides a secure multichain system for recovering assets and transforming rugged tokens into...
Devolutions Remote Desktop Manager < 2025.1.37.0 Data Exposure (DEVO-2025-0009)
The version of Devolutions Remote Desktop Manager installed on the remote host is prior to 2025.1.37.0 or prior and is, therefore, affected by a private information exposure vulnerability. This could allow an authenticated user to gain unauthorized access to private personal information. Under...
CVE-2025-5334
Exposure of private personal information to an unauthorized actor in the user vaults component of Devolutions Remote Desktop Manager allows an authenticated user to gain unauthorized access to private personal information. Under specific circumstances, entries may be unintentionally moved from us...
CVE-2025-5334
Exposure of private personal information to an unauthorized actor in the user vaults component of Devolutions Remote Desktop Manager allows an authenticated user to gain unauthorized access to private personal information. Under specific circumstances, entries may be unintentionally moved from us...
CVE-2025-5334
Exposure of private personal information to an unauthorized actor in the user vaults component of Devolutions Remote Desktop Manager allows an authenticated user to gain unauthorized access to private personal information. Under specific circumstances, entries may be unintentionally moved from us...