CVE-2025-53668

Jenkins VAddy Plugin 1.2.8 and earlier stores Vaddy API Auth Keys unencrypted in job config.xml files on the Jenkins controller, where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system...

CVE-2025-53661

Jenkins Testsigma Test Plan run Plugin 1.6 and earlier does not mask Testsigma API keys displayed on the job configuration form, increasing the potential for attackers to observe and capture them...

CVE-2025-53661

CVE-2025-53661 affects Jenkins’ Testsigma Test Plan run Plugin (versions 1.6 and earlier). The vulnerability arises because the plugin does not mask Testsigma API keys that are displayed on the job configuration form, creating a real risk that attackers can observe or capture these keys. The issu...

CVE-2025-53660

CVE-2025-53660 affects Jenkins QMetry Test Management Plugin 1.13 and earlier. The vulnerability stems from Qmetry Automation API Keys being stored unencrypted in job config.xml and displayed on the job configuration form without masking, enabling observers with Item/Extended Read permissions or ...

CVE-2025-53659

Jenkins QMetry Test Management Plugin 1.13 and earlier stores Qmetry Automation API Keys unencrypted in job config.xml files on the Jenkins controller, where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system...

CVE-2025-53659

CVE-2025-53659 affects the Jenkins QMetry Test Management Plugin 1.13 and earlier. The vulnerability arises because QMetry Automation API Keys are stored unencrypted in job config.xml files on the Jenkins controller and can be viewed by users with Item/Extended Read permission or by anyone with a...

CVE-2025-53659

Jenkins QMetry Test Management Plugin 1.13 and earlier stores Qmetry Automation API Keys unencrypted in job config.xml files on the Jenkins controller, where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system...

PT-2025-28932 · Jenkins · Jenkins Applitools Eyes Plugin

Name of the Vulnerable Software and Affected Versions: Jenkins Applitools Eyes Plugin versions 1.16.5 and earlier Description: The Jenkins Applitools Eyes Plugin does not mask Applitools API keys displayed on the job configuration form. This increases the potential for attackers to observe and...

PT-2025-28920 · Jenkins · Jenkins Vaddy Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins VAddy Plugin versions prior to 1.2.9 Description: The Jenkins VAddy Plugin stores VAddy API Auth Keys unencrypted in job config.xml files on the Jenkins controller. These keys are accessible to users with Item/Extended Read permission...

PT-2025-28923 · Jenkins · Jenkins Nouvola Divecloud Plugin

Name of the Vulnerable Software and Affected Versions: Jenkins Nouvola DiveCloud Plugin versions 1.08 and earlier Description: The Jenkins Nouvola DiveCloud Plugin does not mask DiveCloud API Keys and Credentials Encryption Keys displayed on the job configuration form, potentially allowing...

Jenkins plugin Applitools Eyes 安全漏洞

Jenkins and Jenkins plugin are both Jenkins open source products.Jenkins is an application software. An open source automation server Jenkins provides hundreds of plugins to support building, deploying and automating any project.Jenkins plugin is an application software plugin. A security...

PT-2025-28931 · Cloudbees +1 · Jenkins +1

Name of the Vulnerable Software and Affected Versions: Jenkins Applitools Eyes Plugin versions 1.16.5 and earlier Description: The Jenkins Applitools Eyes Plugin stores Applitools API keys unencrypted in job config.xml files on the Jenkins controller. Users with Item/Extended Read permission or...

PT-2025-28922 · Jenkins · Jenkins Nouvola Divecloud Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Nouvola DiveCloud Plugin versions prior to 1.09 Description: The Jenkins Nouvola DiveCloud Plugin stores DiveCloud API Keys and Credentials Encryption Keys unencrypted in config.xml files on the Jenkins controller. Users with...

PT-2025-28912 · Jenkins · Jenkins Qmetry Test Management Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins QMetry Test Management Plugin versions 1.13 and earlier Description: The Jenkins QMetry Test Management Plugin does not properly protect Qmetry Automation API Keys. These keys are stored unencrypted in job config.xml files on the...

PT-2025-28950 · Ruckus +1 · Smartzone +2

Name of the Vulnerable Software and Affected Versions: RUCKUS SmartZone SZ versions prior to 6.1.2p3 Refresh Build Description: RUCKUS SmartZone SZ is susceptible to an OS command injection issue through a specific parameter within an API route. Recommendations: Update RUCKUS SmartZone SZ to...

PT-2025-28952 · Ruckus +1 · Smartzone +2

Name of the Vulnerable Software and Affected Versions: RUCKUS SmartZone SZ versions prior to 6.1.2p3 Refresh Build Description: RUCKUS SmartZone SZ is susceptible to a directory traversal issue that allows unauthorized access to files. The issue is caused by insufficient validation of user-suppli...

PT-2025-28911 · Jenkins · Jenkins Qmetry Test Management Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins QMetry Test Management Plugin versions 1.13 and earlier Description: The Jenkins QMetry Test Management Plugin stores Qmetry Automation API Keys unencrypted in job config.xml files on the Jenkins controller. These keys are accessible ...

CVE-2025-3780 WCFM – Frontend Manager for WooCommerce along with Bookings Subscription Listings Compatible <= 6.7.16 - Missing Authorization to Unauthenticated Plugin Settings Modification

The WCFM – Frontend Manager for WooCommerce along with Bookings Subscription Listings Compatible plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wcfmredirecttosetup function in all versions up to, and including, 6.7.16. This makes i...

PT-2025-28802 · WordPress · Wcfm – Frontend Manager For Woocommerce +1

Name of the Vulnerable Software and Affected Versions: WCFM – Frontend Manager for WooCommerce along with Bookings Subscription Listings Compatible plugin for WordPress versions up to and including 6.7.16 Description: The WCFM – Frontend Manager for WooCommerce along with Bookings Subscription...

MAL-2025-191914 Malicious code in typing-extensions-plus (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 78c15498f688e49c1d6a8b369eae95e0e77016cd05d74f89a72fa9e845c71da5 Importing the module starts code responsible of exfiltrating crypto tokens and API keys. Package imitates typing-extensions --- Category: MALICIOUS - The...