CVE-2024-10031

In Eclipse GlassFish version 7.0.15 is possible to perform Stored Cross-site Scripting attacks by modifying the configuration file in the underlying operating system...

CVE-2024-10031

In Eclipse GlassFish version 7.0.15 is possible to perform Stored Cross-site Scripting attacks by modifying the configuration file in the underlying operating system...

CVE-2024-10031

In Eclipse GlassFish version 7.0.15 is possible to perform Stored Cross-site Scripting attacks by modifying the configuration file in the underlying operating system...

Eclipse GlassFish 跨站脚本漏洞

Eclipse GlassFish is an open source application server from the Eclipse Foundation. A cross-site scripting vulnerability exists in Eclipse GlassFish version 7.0.15, which stems from the fact that modifying a configuration file could lead to a stored cross-site scripting attack...

TP-LINK Archer C50 安全漏洞

TP-LINK Archer C50 is a wireless router from China P&L TP-LINK. A security vulnerability exists in the TP-LINK Archer C50 V3 180703 and earlier, V4 250117 and earlier, and V5 200407 and earlier, which stems from hard-coded credentials and could lead to configuration file decryption...

CVE-2025-32353

Kaseya Rapid Fire Tools Network Detective 2.0.16.0 has Unencrypted Credentials for privileged access stored in the collector.txt configuration file...

CVE-2025-32353

Kaseya Rapid Fire Tools Network Detective 2.0.16.0 has Unencrypted Credentials for privileged access stored in the collector.txt configuration file...

CVE-2025-32353

CVE-2025-32353 affects Kaseya Rapid Fire Tools Network Detective 2.0.16.0. The root cause is unencrypted privileged credentials stored in the collector.txt configuration file, exposing sensitive data to unauthorized access at the local level. The published metrics indicate a high impact, with loc...

PT-2025-29769 · Eclipse · Eclipse Glassfish

Name of the Vulnerable Software and Affected Versions: Eclipse GlassFish version 7.0.15 Description: Eclipse GlassFish version 7.0.15 is susceptible to Stored Cross-site Scripting attacks. The attacks can be performed by modifying the configuration file within the underlying operating system...

CVE-2025-6265

A path traversal vulnerability in the fileupload-cgi CGI program of Zyxel NWA50AX PRO firmware version 7.10ACGE.2 and earlier could allow an authenticated attacker with administrator privileges to access specific directories and delete files, such as the configuration file, on the affected device...

CVE-2025-6265

A path traversal vulnerability in the fileupload-cgi CGI program of Zyxel NWA50AX PRO firmware version 7.10ACGE.2 and earlier could allow an authenticated attacker with administrator privileges to access specific directories and delete files, such as the configuration file, on the affected device...

CVE-2025-6265

A path traversal vulnerability in the fileupload-cgi CGI program of Zyxel NWA50AX PRO firmware version 7.10ACGE.2 and earlier could allow an authenticated attacker with administrator privileges to access specific directories and delete files, such as the configuration file, on the affected device...

CVE-2025-6265

A path traversal vulnerability in the fileupload-cgi CGI program of Zyxel NWA50AX PRO firmware version 7.10ACGE.2 and earlier could allow an authenticated attacker with administrator privileges to access specific directories and delete files, such as the configuration file, on the affected device...

CVE-2025-53673

Jenkins Sensedia Api Platform tools Plugin 1.0 stores the Sensedia API Manager integration token unencrypted in its global configuration file on the Jenkins controller, where it can be viewed by users with access to the Jenkins controller file system...

CVE-2025-53675

Jenkins Warrior Framework Plugin 1.2 and earlier stores passwords unencrypted in job config.xml files on the Jenkins controller, where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system...

Jenkins User1st uTester Plugin vulnerability exposes unencrypted token to authenticated users

Jenkins User1st uTester Plugin 1.1 and earlier stores the uTester JWT token unencrypted in its global configuration file on the Jenkins controller, where it can be viewed by users with access to the Jenkins controller file system...

Jenkins Kryptowire Plugin vulnerability stores unencrypted Kryptowire API key

Jenkins Kryptowire Plugin 0.2 and earlier stores the Kryptowire API key unencrypted in its global configuration file org.aerogear.kryptowire.GlobalConfigurationImpl.xml on the Jenkins controller as part of its configuration. This API key can be viewed by users with access to the Jenkins controlle...

GHSA-P9GH-RPJW-78QG Jenkins QMetry Test Management Plugin stores unencrypted API keys

QMetry Test Management Plugin 1.13 and earlier stores Qmetry Automation API Keys unencrypted in job config.xml files on the Jenkins controller as part of its configuration. These API keys can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system...

Insufficiently Protected Credentials

Overview Affected versions of this package are vulnerable to Insufficiently Protected Credentials in the storage of authentication tokens in plaintext within config.xml files on the controller. An attacker can gain unauthorized access to sensitive credentials by obtaining Item/Extended Read...

Jenkins IFTTT Build Notifier Plugin vulnerability exposes IFTTT Maker Channel Keys

Jenkins IFTTT Build Notifier Plugin 1.2 and earlier stores IFTTT Maker Channel Keys unencrypted in job config.xml files on the Jenkins controller as part of its configuration. These keys can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system. As ...