4651 matches found
CVE-2025-32353
CVE-2025-32353 affects Kaseya Rapid Fire Tools Network Detective 2.0.16.0. The root cause is unencrypted privileged credentials stored in the collector.txt configuration file, exposing sensitive data to unauthorized access at the local level. The published metrics indicate a high impact, with loc...
PT-2025-29769 · Eclipse · Eclipse Glassfish
Name of the Vulnerable Software and Affected Versions: Eclipse GlassFish version 7.0.15 Description: Eclipse GlassFish version 7.0.15 is susceptible to Stored Cross-site Scripting attacks. The attacks can be performed by modifying the configuration file within the underlying operating system...
CVE-2025-6265
A path traversal vulnerability in the fileupload-cgi CGI program of Zyxel NWA50AX PRO firmware version 7.10ACGE.2 and earlier could allow an authenticated attacker with administrator privileges to access specific directories and delete files, such as the configuration file, on the affected device...
CVE-2025-6265
A path traversal vulnerability in the fileupload-cgi CGI program of Zyxel NWA50AX PRO firmware version 7.10ACGE.2 and earlier could allow an authenticated attacker with administrator privileges to access specific directories and delete files, such as the configuration file, on the affected device...
CVE-2025-6265
A path traversal vulnerability in the fileupload-cgi CGI program of Zyxel NWA50AX PRO firmware version 7.10ACGE.2 and earlier could allow an authenticated attacker with administrator privileges to access specific directories and delete files, such as the configuration file, on the affected device...
CVE-2025-6265
A path traversal vulnerability in the fileupload-cgi CGI program of Zyxel NWA50AX PRO firmware version 7.10ACGE.2 and earlier could allow an authenticated attacker with administrator privileges to access specific directories and delete files, such as the configuration file, on the affected device...
CVE-2025-53673
Jenkins Sensedia Api Platform tools Plugin 1.0 stores the Sensedia API Manager integration token unencrypted in its global configuration file on the Jenkins controller, where it can be viewed by users with access to the Jenkins controller file system...
CVE-2025-53675
Jenkins Warrior Framework Plugin 1.2 and earlier stores passwords unencrypted in job config.xml files on the Jenkins controller, where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system...
The vulnerability of the Statistics Gatherer plugin in the Jenkins automation server, related to the storage of the AWS secret key in an unencrypted form, allows a malicious actor to gain unauthorized access to protected information.
The vulnerability of the Statistics Gatherer plugin in the Jenkins automation server relates to the storage of the AWS secret key in an unencrypted form within the configuration file org.jenkins.plugins.statistics.gatherer.StatisticsConfiguration.xml. Exploiting this vulnerability could allow a...
The vulnerability of the Statistics Gatherer plugin in the Jenkins automation server, related to the storage of the AWS secret key in an unencrypted form, allows a malicious actor to gain unauthorized access to protected information.
The vulnerability of the Statistics Gatherer plugin in the Jenkins automation server relates to the storage of the AWS secret key in an unencrypted form within the configuration file org.jenkins.plugins.statistics.gatherer.StatisticsConfiguration.xml. Exploiting this vulnerability could allow a...
Jenkins User1st uTester Plugin vulnerability exposes unencrypted token to authenticated users
Jenkins User1st uTester Plugin 1.1 and earlier stores the uTester JWT token unencrypted in its global configuration file on the Jenkins controller, where it can be viewed by users with access to the Jenkins controller file system...
Jenkins Kryptowire Plugin vulnerability stores unencrypted Kryptowire API key
Jenkins Kryptowire Plugin 0.2 and earlier stores the Kryptowire API key unencrypted in its global configuration file org.aerogear.kryptowire.GlobalConfigurationImpl.xml on the Jenkins controller as part of its configuration. This API key can be viewed by users with access to the Jenkins controlle...
GHSA-P9GH-RPJW-78QG Jenkins QMetry Test Management Plugin stores unencrypted API keys
QMetry Test Management Plugin 1.13 and earlier stores Qmetry Automation API Keys unencrypted in job config.xml files on the Jenkins controller as part of its configuration. These API keys can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system...
Insufficiently Protected Credentials
Overview Affected versions of this package are vulnerable to Insufficiently Protected Credentials in the storage of authentication tokens in plaintext within config.xml files on the controller. An attacker can gain unauthorized access to sensitive credentials by obtaining Item/Extended Read...
Jenkins IFTTT Build Notifier Plugin vulnerability exposes IFTTT Maker Channel Keys
Jenkins IFTTT Build Notifier Plugin 1.2 and earlier stores IFTTT Maker Channel Keys unencrypted in job config.xml files on the Jenkins controller as part of its configuration. These keys can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system. As ...
GHSA-26X3-7JW5-7MG4 Jenkins Statistics Gatherer Plugin does not mask AWS Secret Key
Jenkins Statistics Gatherer Plugin 2.0.3 and earlier stores the AWS Secret Key unencrypted in its global configuration file org.jenkins.plugins.statistics.gatherer.StatisticsConfiguration.xml on the Jenkins controller as part of its configuration. This key can be viewed by users with access to th...
GHSA-CVG7-767R-W3FQ Jenkins Kryptowire Plugin vulnerability stores unencrypted Kryptowire API key
Jenkins Kryptowire Plugin 0.2 and earlier stores the Kryptowire API key unencrypted in its global configuration file org.aerogear.kryptowire.GlobalConfigurationImpl.xml on the Jenkins controller as part of its configuration. This API key can be viewed by users with access to the Jenkins controlle...
GHSA-3C9F-C64M-H4WC Jenkins Statistics Gatherer Plugin vulnerability exposes AWS Secret Key
Jenkins Statistics Gatherer Plugin 2.0.3 and earlier stores the AWS Secret Key unencrypted in its global configuration file org.jenkins.plugins.statistics.gatherer.StatisticsConfiguration.xml on the Jenkins controller as part of its configuration. This key can be viewed by users with access to th...
Jenkins Statistics Gatherer Plugin vulnerability exposes AWS Secret Key
Jenkins Statistics Gatherer Plugin 2.0.3 and earlier stores the AWS Secret Key unencrypted in its global configuration file org.jenkins.plugins.statistics.gatherer.StatisticsConfiguration.xml on the Jenkins controller as part of its configuration. This key can be viewed by users with access to th...
Cleartext Storage of Sensitive Information
Overview org.jenkins-ci.plugins:aqua-security-scanner is a Jenkins plugin for calling the Aqua API to scan a Docker image Affected versions of this package are vulnerable to Cleartext Storage of Sensitive Information in the storage of Scanner Tokens for Aqua API in config.xml files on the...