EUVD-2025-36655

Jenkins OpenShift Pipeline Plugin stores authorization tokens unencrypted in job config.xml files...

CVE-2025-64146

Jenkins Curseforge Publisher Plugin 1.0 stores API Keys unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Item/Extended Read permission, or access to the Jenkins controller file system...

CVE-2025-64144

Jenkins ByteGuard Build Actions Plugin 1.0 stores API tokens unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Item/Extended Read permission, or access to the Jenkins controller file system...

CVE-2025-64144

Summary: CVE-2025-64144 affects the Jenkins ByteGuard Build Actions Plugin (version 1.0, and earlier). It stores API tokens unencrypted in job config.xml files on the Jenkins controller, enabling tokens to be viewed by users with Item/Extended Read permission or by anyone with access to the contr...

CVE-2025-12206

A flaw has been found in Kamailio 5.5. The impacted element is the function rveisconstant of the file src/core/rvalue.c. This manipulation causes null pointer dereference. The attack needs to be launched locally. The exploit has been published and may be used. It is still unclear if this...

DEBIAN-CVE-2025-12205

A vulnerability was detected in Kamailio 5.5. The affected element is the function srpushyystate of the file src/core/cfg.lex of the component Configuration File Handler. The manipulation results in use after free. The attack must be initiated from a local position. The exploit is now public and...

UBUNTU-CVE-2025-12206

A flaw has been found in Kamailio 5.5. The impacted element is the function rveisconstant of the file src/core/rvalue.c. This manipulation causes null pointer dereference. The attack needs to be launched locally. The exploit has been published and may be used. It is still unclear if this...

UBUNTU-CVE-2025-12207

A vulnerability has been found in Kamailio 5.5. This affects the function yyerrorat of the file src/core/cfg.y of the component Grammar Rule Handler. Such manipulation leads to null pointer dereference. The attack needs to be performed locally. The exploit has been disclosed to the public and may...

CVE-2025-12199

Rejected reason: REJECT DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: Based on the analysis by MITRE and review of community feedback, the reported conditions represent...

DEBIAN-CVE-2025-12199

Bulletin has no description...

CVE-2025-12198

Rejected reason: REJECT DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: Based on the analysis by MITRE and review of community feedback, the reported conditions represent...

DEBIAN-CVE-2025-12198

Bulletin has no description...

CVE-2025-12200

...

CVE-2025-12199

...

EUVD-2025-36060

A vulnerability was found in dnsmasq up to 2.73rc6. Affected by this vulnerability is the function checkservers of the file src/network.c of the component Config File Handler. The manipulation results in null pointer dereference. The attack needs to be approached locally. The exploit has been mad...

CVE-2025-12199

Removed by vendor...

CVE-2025-12199

...

EUVD-2025-36061

A vulnerability has been found in dnsmasq up to 2.73rc6. Affected is the function parsehex of the file src/util.c of the component Config File Handler. The manipulation of the argument i leads to heap-based buffer overflow. Local access is required to approach this attack. The exploit has been...

CVE-2025-12198

...

CVE-2025-12198

Removed by vendor...