CVE-2025-7384

The Database for Contact Form 7, WPforms, Elementor forms plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.4.3 via deserialization of untrusted input in the getleaddetail function. This makes it possible for unauthenticated attackers to inject a P...

CVE-2025-55012 Zed AI Agent Remote Code Execution

Zed is a multiplayer code editor. Prior to version 0.197.3, in the Zed Agent Panel allowed for an AI agent to achieve Remote Code Execution RCE by bypassing user permission checks. An AI Agent could have exploited a permissions bypass vulnerability to create or modify a project-specific...

CVE-2025-8763

A vulnerability was found in Ruijie EG306MG 3.01B11P309. It has been rated as problematic. This issue affects some unknown processing of the file /etc/strongswan.conf of the component strongSwan. The manipulation of the argument idontcareaboutsecurityanduseaggressivemodepsk leads to missing...

CVE-2025-8763

CVE-2025-8763 concerns Ruijie EG306MG 3.0(1)B11P309 where the strongSwan component processes the /etc/strongswan.conf file. The root cause is manipulation of the argument i_dont_care_about_security_and_use_aggressive_mode_psk, leading to missing encryption of sensitive data. The vulnerability can...

Wanzhou WOES Intelligent Optimization Energy Saving System 注入漏洞

Wanzhou WOES Intelligent Optimization Energy Saving System is an Intelligent Optimization Energy Saving System from the Chinese company Wanzhou. An injection vulnerability exists in version 1.0 of the Wanzhou WOES Intelligent Optimization Energy Saving System, which is caused by an incorrect...

The vulnerability of the smb.conf configuration file (/etc-ro/smb.conf) of the Tenda AC18 router-based Samba server allows a hacker to bypass existing security restrictions and gain unauthorized access to protected information.

The vulnerability of the smb.conf configuration file /etc-ro/smb.conf of the Tenda AC18 router-based Samba server is related to weak password requirements. Exploiting this vulnerability allows a malicious actor to bypass existing security restrictions and gain unauthorized access to protected...

CVE-2014-125116

A remote code execution vulnerability exists in HybridAuth versions 2.0.9 through 2.2.2 due to insecure use of the install.php installation script. The script remains accessible after deployment and fails to sanitize input before writing to the application’s config.php file. An unauthenticated...

CLSA-2025-1753376162 graphviz: Fix of CVE-2023-46045

CVE-2023-46045: fix out-of-bounds read via crafted config6a file...

CVE-2025-34129

A command injection vulnerability exists in LILIN Digital Video Recorder DVR devices prior to firmware version 2.0b6020200207 due to insufficient sanitization of the FTP and NTP Server fields in the service configuration. An attacker with access to the configuration interface can upload a malicio...

The vulnerability of the Applitools Eyes plugin in Jenkins automation servers, related to the storage of keys in an open manner, allows a malicious actor to gain unauthorized access to protected information.

The vulnerability of the Applitools Eyes plugin in Jenkins automation servers lies in the fact that keys are stored in an open manner within the config.xml configuration file. Exploiting this vulnerability allows a malicious actor, operating remotely, to gain unauthorized access to protected...

CVE-2025-7360

The HT Contact Form Widget For Elementor Page Builder & Gutenberg Blocks & Form Builder. plugin for WordPress is vulnerable to arbitrary file moving due to insufficient file path validation in the handlefilesupload function in all versions up to, and including, 2.2.1. This makes it possible for...

Grub2: net: out-of-bounds write in grub_net_search_config_file()

...

The vulnerability of the QMetry Test Management plugin for Jenkins’ automation server lies in the fact that the API keys of Qmetry Automation are stored publicly, allowing an attacker to gain unauthorized access to the protected information.

The vulnerability of the QMetry Test Management plugin for the Jenkins automation server lies in the fact that API keys from Qmetry Automation are stored publicly in the config.xml file. Exploiting this vulnerability could allow an attacker to gain unauthorized access to protected information...

The vulnerability of the QMetry Test Management plugin for Jenkins’ automation server lies in the fact that the API keys of Qmetry Automation are stored publicly, allowing an attacker to gain unauthorized access to the protected information.

The vulnerability of the QMetry Test Management plugin for the Jenkins server relates to the storage of Qmetry Automation API keys in an open manner within the config.xml file. Exploiting this vulnerability could allow a malicious actor to gain unauthorized access to protected information...

The vulnerability of the ReadyAPI Functional Testing plugin for Jenkins servers lies in the storage of registration data in an open manner, allowing attackers to gain unauthorized access to protected information.

The vulnerability of the ReadyAPI Functional Testing plugin for the Jenkins automation server lies in the way registration data is stored in an open manner within the config.xml file. Exploiting this vulnerability could allow a malicious actor to gain unauthorized access to protected information...

CVE-2025-41665

An low privileged remote attacker can enforce the watchdog of the affected devices to reboot the PLC due to incorrect default permissions of a config file...

Missing Encryption of Sensitive Data

Overview Affected versions of this package are vulnerable to Missing Encryption of Sensitive Data via the storage of tokens in plain text within config.xml files. An attacker can gain unauthorized access to sensitive token information by obtaining Item/Extended Read permission or accessing the...

Credential Exposure

Overview Affected versions of this package are vulnerable to Credential Exposure in the storage of sensitive data in config.xml files on the controller. An attacker can obtain confidential API keys and encryption keys by gaining Item/Extended Read permission or accessing the controller file syste...

CVE-2025-53659

Jenkins QMetry Test Management Plugin 1.13 and earlier stores Qmetry Automation API Keys unencrypted in job config.xml files on the Jenkins controller, where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system...

CVE-2025-53664

Jenkins Apica Loadtest Plugin 1.10 and earlier stores Apica Loadtest LTP authentication tokens unencrypted in job config.xml files on the Jenkins controller, where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system...