Lucene search
K

545 matches found

Fedora
Fedora
added 2025/09/10 12:53 a.m.3 views

[SECURITY] Fedora 42 Update: containers-common-0.64.2-1.fc42

This package contains common configuration files and documentation for contai ner tools ecosystem, such as Podman, Buildah and Skopeo. It is required because the most of configuration files and docs come from pro jects which are vendored into Podman, Buildah, Skopeo, etc. but they are not packag ...

8.1CVSS7.1AI score0.01008EPSS
Exploits0
Snyk
Snyk
added 2025/09/03 8:41 p.m.6 views

Relative Path Traversal

Overview Affected versions of this package are vulnerable to Relative Path Traversal via the resource parameter in the jsx and sx endpoints. An attacker can access and read sensitive configuration files by crafting URLs with "../" sequence that traverse directories. Remediation Upgrade...

9.8CVSS5.8AI score0.01639EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2025/09/03 5:42 p.m.15 views

XWiki configuration files can be accessed through the webjars API

Impact It's possible to get access and read configuration files by using URLs such as http://localhost:8080/xwiki/webjars/wiki%3Axwiki/..%2F..%2F..%2F..%2F..%2FWEB-INF%2Fxwiki.cfg. The trick here is to encode the / which is decoded when parsing the URL segment, but not re-encoded when assembling...

9.3CVSS5.7AI score0.01557EPSS
Exploits0References5Affected Software2
Positive Technologies
Positive Technologies
added 2025/09/03 12:0 a.m.6 views

PT-2025-35832

Name of the Vulnerable Software and Affected Versions XWiki Platform versions 4.2-milestone-2 through 16.10.6 Description The XWiki Platform is a generic wiki platform. Configuration files are accessible through jsx and sx endpoints. An attacker can access and read configuration files using URLs...

9.3CVSS6.5AI score0.01639EPSS
Exploits0References17
Positive Technologies
Positive Technologies
added 2025/08/28 12:0 a.m.4 views

PT-2025-35120

Name of the Vulnerable Software and Affected Versions Paymenter versions prior to 1.2.11 Description Paymenter is a free and open-source webshop solution for hostings. The ticket attachments functionality allows a malicious authenticated user to upload arbitrary files. This could result in...

9.9CVSS6AI score0.00374EPSS
Exploits0References12
OSV
OSV
added 2025/08/19 4:15 p.m.4 views

CVE-2025-51539

EzGED3 3.5.0 contains an unauthenticated arbitrary file read vulnerability due to improper access control and insufficient input validation in a script exposed via the web interface. A remote attacker can supply a crafted path parameter to a PHP script to read arbitrary files from the filesystem...

5.3CVSS6AI score0.00667EPSS
Exploits1References1
CNVD
CNVD
added 2025/08/14 12:0 a.m.4 views

Microsoft GitHub Copilot Remote Code Execution Vulnerability

GitHub Copilot is an AI-driven code assistant developed by Microsoft, widely used in Visual Studio Code, Visual Studio and other development environments, providing intelligent code completion and generation services for millions of developers worldwide. Microsoft GitHub Copilot remote code...

7.8CVSS8.9AI score0.02559EPSS
Exploits2References1
Positive Technologies
Positive Technologies
added 2025/08/13 12:0 a.m.11 views

PT-2025-33081 · Netop · Netop Remote Control Client

Name of the Vulnerable Software and Affected Versions: NetOp Remote Control Client version 9.5 Description: NetOp Remote Control Client version 9.5 is susceptible to a stack-based buffer overflow when processing .dws configuration files. If a .dws file contains a string exceeding 520 bytes, the...

8.4CVSS7.6AI score0.004EPSS
Exploits0References9
OSV
OSV
added 2025/07/21 6:15 p.m.5 views

CVE-2025-44652

In Netgear RAX30 V1.0.10.943, the USERLIMITGLOBAL option is set to 0 in multiple bftpd-related configuration files. This can cause DoS attacks when unlimited users are connected...

7.5CVSS5.8AI score0.0055EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/07/11 3:43 p.m.33 views

CVE-2025-53662

Jenkins IFTTT Build Notifier Plugin 1.2 and earlier stores IFTTT Maker Channel Keys unencrypted in job config.xml files on the Jenkins controller, where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system...

6.5CVSS7AI score0.00281EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/07/11 3:42 p.m.10 views

CVE-2025-53670

Jenkins Nouvola DiveCloud Plugin 1.08 and earlier stores DiveCloud API Keys and Credentials Encryption Keys unencrypted in job config.xml files on the Jenkins controller, where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system...

6.5CVSS7AI score0.0013EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/07/11 3:42 p.m.15 views

CVE-2025-53668

Jenkins VAddy Plugin 1.2.8 and earlier stores Vaddy API Auth Keys unencrypted in job config.xml files on the Jenkins controller, where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system...

6.5CVSS7AI score0.00203EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/07/11 3:42 p.m.14 views

CVE-2025-53656

Jenkins ReadyAPI Functional Testing Plugin 1.11 and earlier stores SLM License Access Keys, client secrets, and passwords unencrypted in job config.xml files on the Jenkins controller, where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file...

6.5CVSS7AI score0.00347EPSS
Exploits0References1
OSV
OSV
added 2025/07/09 6:30 p.m.5 views

GHSA-2G8W-9933-36VR Jenkins Warrior Framework Plugin vulnerability exposes unencrypted passwords to certain authenticated users

Jenkins Warrior Framework Plugin 1.2 and earlier stores passwords unencrypted in job config.xml files on the Jenkins controller, where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system...

4.3CVSS6.6AI score0.00291EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2025/07/09 6:30 p.m.9 views

Jenkins Warrior Framework Plugin vulnerability exposes unencrypted passwords to certain authenticated users

Jenkins Warrior Framework Plugin 1.2 and earlier stores passwords unencrypted in job config.xml files on the Jenkins controller, where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system...

6.5CVSS6.9AI score0.00291EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2025/07/09 6:30 p.m.5 views

GHSA-45HR-8GQ6-7F7F Jenkins Nouvola DiveCloud Plugin vulnerability stores unencrypted credentials

Jenkins Nouvola DiveCloud Plugin 1.08 and earlier stores DiveCloud API Keys and Credentials Encryption Keys unencrypted in job config.xml files on the Jenkins controller, where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system...

4.3CVSS6.6AI score0.0013EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2025/07/09 6:30 p.m.10 views

Jenkins VAddy Plugin vulnerability exposes unencrypted keys to certain authenticated users

Jenkins VAddy Plugin 1.2.8 and earlier stores Vaddy API Auth Keys unencrypted in job config.xml files on the Jenkins controller, where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system...

6.5CVSS6.9AI score0.00203EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2025/07/09 6:30 p.m.11 views

Jenkins Dead Man's Snitch Plugin vulnerability stores tokens in plain text

Jenkins Dead Man's Snitch Plugin 0.1 stores Dead Man's Snitch tokens unencrypted in job config.xml files on the Jenkins controller, where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system...

6.5CVSS6.2AI score0.00205EPSS
Exploits0References4Affected Software1
NVD
NVD
added 2025/07/09 4:15 p.m.20 views

CVE-2025-53663

Jenkins IBM Cloud DevOps Plugin 2.0.16 and earlier stores SonarQube authentication tokens unencrypted in job config.xml files on the Jenkins controller, where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system...

6.5CVSS0.00208EPSS
Exploits0References2
NVD
NVD
added 2025/07/09 4:15 p.m.7 views

CVE-2025-53653

Jenkins Aqua Security Scanner Plugin 3.2.8 and earlier stores Scanner Tokens for Aqua API unencrypted in job config.xml files on the Jenkins controller, where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system...

4.3CVSS0.00191EPSS
Exploits0References2
Rows per page
Query Builder