EUVD-2022-4852

Malicious code in bioql PyPI...

EUVD-2022-5766

Malicious code in bioql PyPI...

EUVD-2022-4831

Malicious code in bioql PyPI...

EUVD-2022-2174

Malicious code in bioql PyPI...

CVE-2025-6982

Use of Hard-coded Credentials in TP-Link Archer C50 V3 = 180703/V4 = 250117 /V5 = 200407 , and C20 V5...

CVE-2025-6982

Use of Hard-coded Credentials in TP-Link Archer C50 V3 = 180703/V4 = 250117 /V5 = 200407 , and C20 V5 USV5260419 or EUV5260317 allows attackers to decrypt the config.xml files...

PT-2025-29877

Name of the Vulnerable Software and Affected Versions: TP-Link Archer C50 versions = 180703 TP-Link Archer C50 versions = 250117 TP-Link Archer C50 versions = 200407 Description: The use of hard-coded credentials allows attackers to decrypt config.xml files. Recommendations: TP-Link Archer C50...

Insufficiently Protected Credentials

Overview org.jenkins-ci.plugins:ifttt-build-notifier is a Simple Jenkins Build Status Notifier for IFTTT Maker Channel Trigger. Affected versions of this package are vulnerable to Insufficiently Protected Credentials via the storage of sensitive keys in config.xml files. An attacker can gain...

Insufficiently Protected Credentials

Overview Affected versions of this package are vulnerable to Insufficiently Protected Credentials due to storing authentication tokens unencrypted in config.xml files on the controller. An attacker can obtain sensitive authentication tokens by gaining Item/Extended Read permission or accessing th...

Cleartext Storage of Sensitive Information

Overview org.jenkins-ci.plugins:soapui-pro-functional-testing is a plugin used to run SoapUI Pro tests from Jenkins builds. Affected versions of this package are vulnerable to Cleartext Storage of Sensitive Information due to the storage of sensitive information such as SLM License Access Keys,...

Credential Exposure

Overview Affected versions of this package are vulnerable to Credential Exposure via the storage of sensitive Qmetry Automation API Keys in plaintext within config.xml files. An attacker can obtain confidential credentials by gaining Item/Extended Read permission or accessing the Jenkins controll...

Cleartext Storage of Sensitive Information

Overview Affected versions of this package are vulnerable to Cleartext Storage of Sensitive Information due to the storage of sensitive authentication keys in plaintext within config.xml files. An attacker can obtain confidential credentials by gaining Item/Extended Read permission or direct acce...

Credential Exposure

Overview Affected versions of this package are vulnerable to Credential Exposure in the storage of credentials in config.xml files. An attacker can obtain sensitive information by accessing these files either through the Jenkins controller file system or by having Item/Extended Read permission...

CVE-2025-53675

Jenkins Warrior Framework Plugin 1.2 and earlier stores passwords unencrypted in job config.xml files on the Jenkins controller, where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system...

CVE-2025-53666

Jenkins Dead Man's Snitch Plugin 0.1 stores Dead Man's Snitch tokens unencrypted in job config.xml files on the Jenkins controller, where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system...

CVE-2025-53656

Jenkins ReadyAPI Functional Testing Plugin 1.11 and earlier stores SLM License Access Keys, client secrets, and passwords unencrypted in job config.xml files on the Jenkins controller, where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file...

CVE-2025-53662

Jenkins IFTTT Build Notifier Plugin 1.2 and earlier stores IFTTT Maker Channel Keys unencrypted in job config.xml files on the Jenkins controller, where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system...

CVE-2025-53662

The CVE-2025-53662 issue affects Jenkins IFTTT Build Notifier Plugin versions 1.2 and earlier, where IFTTT Maker Channel Keys are stored unencrypted in job config.xml files on the Jenkins controller. This allows users with Item/Extended Read permission or access to the controller filesystem to vi...

PT-2025-28931 · Cloudbees +1 · Jenkins +1

Name of the Vulnerable Software and Affected Versions: Jenkins Applitools Eyes Plugin versions 1.16.5 and earlier Description: The Jenkins Applitools Eyes Plugin stores Applitools API keys unencrypted in job config.xml files on the Jenkins controller. Users with Item/Extended Read permission or...

PT-2025-28905 · Jenkins · Jenkins Aqua Security Scanner Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Aqua Security Scanner Plugin versions 3.2.8 and earlier Description: The Jenkins Aqua Security Scanner Plugin stores Scanner Tokens for the Aqua API unencrypted in job config.xml files on the Jenkins controller. These tokens are...