545 matches found
[SECURITY] Fedora 42 Update: containers-common-0.64.2-1.fc42
This package contains common configuration files and documentation for contai ner tools ecosystem, such as Podman, Buildah and Skopeo. It is required because the most of configuration files and docs come from pro jects which are vendored into Podman, Buildah, Skopeo, etc. but they are not packag ...
Relative Path Traversal
Overview Affected versions of this package are vulnerable to Relative Path Traversal via the resource parameter in the jsx and sx endpoints. An attacker can access and read sensitive configuration files by crafting URLs with "../" sequence that traverse directories. Remediation Upgrade...
XWiki configuration files can be accessed through the webjars API
Impact It's possible to get access and read configuration files by using URLs such as http://localhost:8080/xwiki/webjars/wiki%3Axwiki/..%2F..%2F..%2F..%2F..%2FWEB-INF%2Fxwiki.cfg. The trick here is to encode the / which is decoded when parsing the URL segment, but not re-encoded when assembling...
PT-2025-35832
Name of the Vulnerable Software and Affected Versions XWiki Platform versions 4.2-milestone-2 through 16.10.6 Description The XWiki Platform is a generic wiki platform. Configuration files are accessible through jsx and sx endpoints. An attacker can access and read configuration files using URLs...
PT-2025-35120
Name of the Vulnerable Software and Affected Versions Paymenter versions prior to 1.2.11 Description Paymenter is a free and open-source webshop solution for hostings. The ticket attachments functionality allows a malicious authenticated user to upload arbitrary files. This could result in...
CVE-2025-51539
EzGED3 3.5.0 contains an unauthenticated arbitrary file read vulnerability due to improper access control and insufficient input validation in a script exposed via the web interface. A remote attacker can supply a crafted path parameter to a PHP script to read arbitrary files from the filesystem...
Microsoft GitHub Copilot Remote Code Execution Vulnerability
GitHub Copilot is an AI-driven code assistant developed by Microsoft, widely used in Visual Studio Code, Visual Studio and other development environments, providing intelligent code completion and generation services for millions of developers worldwide. Microsoft GitHub Copilot remote code...
PT-2025-33081 · Netop · Netop Remote Control Client
Name of the Vulnerable Software and Affected Versions: NetOp Remote Control Client version 9.5 Description: NetOp Remote Control Client version 9.5 is susceptible to a stack-based buffer overflow when processing .dws configuration files. If a .dws file contains a string exceeding 520 bytes, the...
CVE-2025-44652
In Netgear RAX30 V1.0.10.943, the USERLIMITGLOBAL option is set to 0 in multiple bftpd-related configuration files. This can cause DoS attacks when unlimited users are connected...
CVE-2025-53662
Jenkins IFTTT Build Notifier Plugin 1.2 and earlier stores IFTTT Maker Channel Keys unencrypted in job config.xml files on the Jenkins controller, where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system...
CVE-2025-53670
Jenkins Nouvola DiveCloud Plugin 1.08 and earlier stores DiveCloud API Keys and Credentials Encryption Keys unencrypted in job config.xml files on the Jenkins controller, where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system...
CVE-2025-53668
Jenkins VAddy Plugin 1.2.8 and earlier stores Vaddy API Auth Keys unencrypted in job config.xml files on the Jenkins controller, where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system...
CVE-2025-53656
Jenkins ReadyAPI Functional Testing Plugin 1.11 and earlier stores SLM License Access Keys, client secrets, and passwords unencrypted in job config.xml files on the Jenkins controller, where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file...
GHSA-2G8W-9933-36VR Jenkins Warrior Framework Plugin vulnerability exposes unencrypted passwords to certain authenticated users
Jenkins Warrior Framework Plugin 1.2 and earlier stores passwords unencrypted in job config.xml files on the Jenkins controller, where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system...
Jenkins Warrior Framework Plugin vulnerability exposes unencrypted passwords to certain authenticated users
Jenkins Warrior Framework Plugin 1.2 and earlier stores passwords unencrypted in job config.xml files on the Jenkins controller, where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system...
GHSA-45HR-8GQ6-7F7F Jenkins Nouvola DiveCloud Plugin vulnerability stores unencrypted credentials
Jenkins Nouvola DiveCloud Plugin 1.08 and earlier stores DiveCloud API Keys and Credentials Encryption Keys unencrypted in job config.xml files on the Jenkins controller, where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system...
Jenkins VAddy Plugin vulnerability exposes unencrypted keys to certain authenticated users
Jenkins VAddy Plugin 1.2.8 and earlier stores Vaddy API Auth Keys unencrypted in job config.xml files on the Jenkins controller, where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system...
Jenkins Dead Man's Snitch Plugin vulnerability stores tokens in plain text
Jenkins Dead Man's Snitch Plugin 0.1 stores Dead Man's Snitch tokens unencrypted in job config.xml files on the Jenkins controller, where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system...
CVE-2025-53663
Jenkins IBM Cloud DevOps Plugin 2.0.16 and earlier stores SonarQube authentication tokens unencrypted in job config.xml files on the Jenkins controller, where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system...
CVE-2025-53653
Jenkins Aqua Security Scanner Plugin 3.2.8 and earlier stores Scanner Tokens for Aqua API unencrypted in job config.xml files on the Jenkins controller, where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system...