CVE-2025-53659

CVE-2025-53659 affects the Jenkins QMetry Test Management Plugin 1.13 and earlier. The vulnerability arises because QMetry Automation API Keys are stored unencrypted in job config.xml files on the Jenkins controller and can be viewed by users with Item/Extended Read permission or by anyone with a...

CVE-2025-53659

Jenkins QMetry Test Management Plugin 1.13 and earlier stores Qmetry Automation API Keys unencrypted in job config.xml files on the Jenkins controller, where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system...

CVE-2025-53659

Jenkins QMetry Test Management Plugin 1.13 and earlier stores Qmetry Automation API Keys unencrypted in job config.xml files on the Jenkins controller, where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system...

PT-2025-28912 · Jenkins · Jenkins Qmetry Test Management Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins QMetry Test Management Plugin versions 1.13 and earlier Description: The Jenkins QMetry Test Management Plugin does not properly protect Qmetry Automation API Keys. These keys are stored unencrypted in job config.xml files on the...

PT-2025-28911 · Jenkins · Jenkins Qmetry Test Management Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins QMetry Test Management Plugin versions 1.13 and earlier Description: The Jenkins QMetry Test Management Plugin stores Qmetry Automation API Keys unencrypted in job config.xml files on the Jenkins controller. These keys are accessible ...

PT-2025-28952 · Ruckus +1 · Smartzone +2

Name of the Vulnerable Software and Affected Versions: RUCKUS SmartZone SZ versions prior to 6.1.2p3 Refresh Build Description: RUCKUS SmartZone SZ is susceptible to a directory traversal issue that allows unauthorized access to files. The issue is caused by insufficient validation of user-suppli...

PT-2025-28923 · Jenkins · Jenkins Nouvola Divecloud Plugin

Name of the Vulnerable Software and Affected Versions: Jenkins Nouvola DiveCloud Plugin versions 1.08 and earlier Description: The Jenkins Nouvola DiveCloud Plugin does not mask DiveCloud API Keys and Credentials Encryption Keys displayed on the job configuration form, potentially allowing...

PT-2025-28931 · Cloudbees +1 · Jenkins +1

Name of the Vulnerable Software and Affected Versions: Jenkins Applitools Eyes Plugin versions 1.16.5 and earlier Description: The Jenkins Applitools Eyes Plugin stores Applitools API keys unencrypted in job config.xml files on the Jenkins controller. Users with Item/Extended Read permission or...

PT-2025-28932 · Jenkins · Jenkins Applitools Eyes Plugin

Name of the Vulnerable Software and Affected Versions: Jenkins Applitools Eyes Plugin versions 1.16.5 and earlier Description: The Jenkins Applitools Eyes Plugin does not mask Applitools API keys displayed on the job configuration form. This increases the potential for attackers to observe and...

PT-2025-28922 · Jenkins · Jenkins Nouvola Divecloud Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Nouvola DiveCloud Plugin versions prior to 1.09 Description: The Jenkins Nouvola DiveCloud Plugin stores DiveCloud API Keys and Credentials Encryption Keys unencrypted in config.xml files on the Jenkins controller. Users with...

PT-2025-28920 · Jenkins · Jenkins Vaddy Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins VAddy Plugin versions prior to 1.2.9 Description: The Jenkins VAddy Plugin stores VAddy API Auth Keys unencrypted in job config.xml files on the Jenkins controller. These keys are accessible to users with Item/Extended Read permission...

Jenkins plugin Applitools Eyes 安全漏洞

Jenkins and Jenkins plugin are both Jenkins open source products.Jenkins is an application software. An open source automation server Jenkins provides hundreds of plugins to support building, deploying and automating any project.Jenkins plugin is an application software plugin. A security...

PT-2025-28950 · Ruckus +1 · Smartzone +2

Name of the Vulnerable Software and Affected Versions: RUCKUS SmartZone SZ versions prior to 6.1.2p3 Refresh Build Description: RUCKUS SmartZone SZ is susceptible to an OS command injection issue through a specific parameter within an API route. Recommendations: Update RUCKUS SmartZone SZ to...

CVE-2025-3780 WCFM – Frontend Manager for WooCommerce along with Bookings Subscription Listings Compatible <= 6.7.16 - Missing Authorization to Unauthenticated Plugin Settings Modification

The WCFM – Frontend Manager for WooCommerce along with Bookings Subscription Listings Compatible plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wcfmredirecttosetup function in all versions up to, and including, 6.7.16. This makes i...

PT-2025-28802 · WordPress · Wcfm – Frontend Manager For Woocommerce +1

Name of the Vulnerable Software and Affected Versions: WCFM – Frontend Manager for WooCommerce along with Bookings Subscription Listings Compatible plugin for WordPress versions up to and including 6.7.16 Description: The WCFM – Frontend Manager for WooCommerce along with Bookings Subscription...

MAL-2025-191914 Malicious code in typing-extensions-plus (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 78c15498f688e49c1d6a8b369eae95e0e77016cd05d74f89a72fa9e845c71da5 Importing the module starts code responsible of exfiltrating crypto tokens and API keys. Package imitates typing-extensions --- Category: MALICIOUS - The...

AgentSmith Flaw in LangSmith’s Prompt Hub Exposed User API Keys, Data

A CVSS 8.8 AgentSmith flaw in LangSmith's Prompt Hub exposed AI agents to data theft and LLM manipulation. Learn how malicious AI agents could steal API keys and hijack LLM responses. Fix deployed...

CVE-2025-26521

When an Apache CloudStack user-account creates a CKS-based Kubernetes cluster in a project, the API key and the secret key of the 'kubeadmin' user of the caller account are used to create the secret config in the CKS-based Kubernetes cluster. A member of the project who can access the CKS-based...

CVE-2025-47849 Apache CloudStack: Insecure access of user's API/Secret Keys in the same domain

A privilege escalation vulnerability exists in Apache CloudStack versions 4.10.0.0 through 4.20.0.0 where a malicious Domain Admin user in the ROOT domain can get the API key and secret key of user-accounts of Admin role type in the same domain. This operation is not appropriately restricted and...

The Hidden Threat in Your Stack: Why Non-Human Identity Management is the Next Cybersecurity Frontier

Modern enterprise networks are highly complex environments that rely on hundreds of apps and infrastructure services. These systems need to interact securely and efficiently without constant human oversight, which is where non-human identities NHIs come in. NHIs — including application secrets, A...