Lucene search
+L

191 matches found

Positive Technologies
Positive Technologies
added 2026/05/19 12:0 a.m.19 views

PT-2026-41882

A possible information disclosure vulnerability exists in the Vaadin Maven plugin and Vaadin Gradle plugin that exposes the full set of environment variables in build logs whenever the frontend build process exits with a non-zero status. Because the build environment may contain credentials...

5.8CVSS5.8AI score0.00117EPSS
Exploits0References3
Vaadin
Vaadin
added 2026/05/19 12:0 a.m.21 views

Possible information disclosure of environment variables in Vaadin Build Plugins via Failed Frontend Build

A security vulnerability in the Vaadin Maven plugin and Vaadin Gradle plugin exposes the full set of environment variables in build logs whenever the frontend build process exits with a non-zero status. See CWE-209 Generation of Error Message Containing Sensitive Information Description A possibl...

5.8CVSS5.8AI score0.00117EPSS
Exploits0References1Affected Software4
RedhatCVE
RedhatCVE
added 2026/01/09 12:28 p.m.15 views

CVE-2023-40340

Jenkins NodeJS Plugin 1.6.0 and earlier does not properly mask i.e., replace with asterisks credentials specified in the Npm config file in Pipeline build logs...

7.5CVSS6.7AI score0.0053EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 10:55 a.m.11 views

CVE-2022-23109

Jenkins HashiCorp Vault Plugin 3.7.0 and earlier does not mask Vault credentials in Pipeline build logs or in Pipeline step descriptions when Pipeline: Groovy Plugin 2.85 or later is installed...

6.5CVSS6.8AI score0.00959EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2022-0614

Malicious code in bioql PyPI...

6.5CVSS6.5AI score0.00959EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2022-4204

Malicious code in bioql PyPI...

6.5CVSS6.5AI score0.0101EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2023-2191

Malicious code in bioql PyPI...

7.5CVSS7.5AI score0.0053EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.12 views

EUVD-2023-1976

Malicious code in bioql PyPI...

5.4CVSS6.3AI score0.00862EPSS
Exploits0References6
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2022-2271

Malicious code in bioql PyPI...

5.4CVSS5.5AI score0.01058EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2022-7372

Malicious code in bioql PyPI...

5.4CVSS5.6AI score0.00602EPSS
Exploits0References6
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2022-7371

Malicious code in bioql PyPI...

4.3CVSS4.9AI score0.00531EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2023-2390

Malicious code in bioql PyPI...

5.4CVSS5.6AI score0.00521EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2022-2144

Malicious code in bioql PyPI...

4.3CVSS4.9AI score0.00676EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.8 views

EUVD-2025-12534

Malicious code in bioql PyPI...

6.5CVSS6.4AI score0.00879EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2022-1841

Malicious code in bioql PyPI...

6.1CVSS6.2AI score0.00651EPSS
Exploits0References4
Snyk
Snyk
added 2025/07/09 6:30 p.m.5 views

Logging of Excessive Data

Overview org.jenkins-ci.plugins:htmlpublisher is a plugin for Jenkins that publishes HTML reports. Affected versions of this package are vulnerable to Logging of Excessive Data in the publishReports functionality. An attacker can obtain sensitive information about the file system structure by...

6.3CVSS6.5AI score0.00413EPSS
Exploits0References2
OSV
OSV
added 2025/07/09 6:30 p.m.8 views

GHSA-9768-HPRV-CRJ5 Jenkins Credentials Binding Plugin vulnerability can expose sensitive information in logger messages

Jenkins Credentials Binding Plugin 687.v619cb15e923f and earlier does not properly mask i.e., replace with asterisks credentials present in exception error messages that are written to the build log. Credentials Binding Plugin 687.689.v1af775332fc9 rethrows exceptions that contain credentials,...

5.3CVSS6AI score0.00321EPSS
Exploits0References4
AlpineLinux
AlpineLinux
added 2025/07/09 4:15 p.m.5 views

CVE-2025-53651

Jenkins HTML Publisher Plugin 425 and earlier displays log messages that include the absolute paths of files archived during the Publish HTML reports post-build step, exposing information about the Jenkins controller file system in the build log...

6.3CVSS6.8AI score0.00413EPSS
Exploits0References2
AlpineLinux
AlpineLinux
added 2025/07/09 4:15 p.m.5 views

CVE-2025-53650

Jenkins Credentials Binding Plugin 687.v619cb15e923f and earlier does not properly mask i.e., replace with asterisks credentials present in exception error messages that are written to the build log...

7.3CVSS7.1AI score0.00321EPSS
Exploits0References2
CVE
CVE
added 2025/07/09 3:39 p.m.30 views

CVE-2025-53651

CVE-2025-53651 affects the Jenkins HTML Publisher Plugin, 425 and earlier. The issue arises because log messages include the absolute paths of files archived during the Publish HTML reports post-build step, exposing information about the Jenkins controller filesystem in build logs. The Connected ...

6.3CVSS6.2AI score0.00413EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder