CVE-2025-53653

Jenkins Aqua Security Scanner Plugin 3.2.8 and earlier stores Scanner Tokens for Aqua API unencrypted in job config.xml files on the Jenkins controller, where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system...

CVE-2025-53678

Jenkins User1st uTester Plugin 1.1 and earlier stores the uTester JWT token unencrypted in its global configuration file on the Jenkins controller, where it can be viewed by users with access to the Jenkins controller file system...

CVE-2025-53656

CVE-2025-53656 affects Jenkins ReadyAPI Functional Testing Plugin (versions 1.11 and earlier). The plugin stores SLM License Access Keys, client secrets, and passwords unencrypted in job config.xml files on the Jenkins controller, making these credentials viewable by users with Item/Extended Read...

CVE-2025-53654

Jenkins Statistics Gatherer Plugin 2.0.3 and earlier stores the AWS Secret Key unencrypted in its global configuration file on the Jenkins controller, where it can be viewed by users with access to the Jenkins controller file system...

CVE-2025-7378 An improper input validation vulnerability was found on manipulating configuration of ADM

An improper Input Validation vulnerability allows injecting arbitrary values of the NAS configuration file in ASUSTOR ADM. This could potentially lead to system misconfiguration and break the format of the configuation file, causing the NAS to exhibit unexpected behavior. This issue affects ADM:...

CVE-2025-7378 An improper input validation vulnerability was found on manipulating configuration of ADM

An improper Input Validation vulnerability allows injecting arbitrary values of the NAS configuration file in ASUSTOR ADM. This could potentially lead to system misconfiguration and break the format of the configuation file, causing the NAS to exhibit unexpected behavior. This issue affects ADM:...

CVE-2025-7101

A vulnerability was found in BoyunCMS up to 1.4.20. It has been classified as critical. This affects an unknown part of the file /install/installok.php of the component Configuration File Handler. The manipulation of the argument dbpass leads to code injection. It is possible to initiate the atta...

PT-2025-28924 · Jenkins · Jenkins Kryptowire Plugin

Name of the Vulnerable Software and Affected Versions: Jenkins Kryptowire Plugin versions 0.2 and earlier Description: The Jenkins Kryptowire Plugin stores the Kryptowire API key unencrypted in its global configuration file org.aerogear.kryptowire.GlobalConfigurationImpl.xml on the Jenkins...

PT-2025-28925 · Jenkins · Jenkins Sensedia Api Platform Tools Plugin

Name of the Vulnerable Software and Affected Versions: Jenkins Sensedia Api Platform Tools Plugin version 1.0 Description: The Jenkins Sensedia Api Platform Tools Plugin stores the Sensedia API Manager integration token unencrypted in its global configuration file on the Jenkins controller. This...

PT-2025-28907 · Jenkins · Jenkins Statistics Gatherer Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Statistics Gatherer Plugin versions 2.0.3 and earlier Description: The Jenkins Statistics Gatherer Plugin does not mask the AWS Secret Key on the global configuration form and stores it unencrypted in the...

CVE-2025-0293

CLRF injection in Ivanti Connect Secure before version 22.7R2.8 and Ivanti Policy Secure before version 22.7R1.5 allows a remote authenticated attacker with admin rights to write to a protected configuration file on disk...

CVE-2025-0293

CVE-2025-0293 describes a CLRF injection on Ivanti Connect Secure (ICS) and Ivanti Policy Secure (IPS). A remote authenticated attacker with admin rights can write to a protected configuration file on disk via the vulnerable code paths. Affected versions are ICS < 22.7R2.8 and IPS

CVE-2025-0293

CLRF injection in Ivanti Connect Secure before version 22.7R2.8 and Ivanti Policy Secure before version 22.7R1.5 allows a remote authenticated attacker with admin rights to write to a protected configuration file on disk...

Ivanti Connect Secure和Ivanti Policy Secure 注入漏洞

Ivanti Connect Secure ICS and Ivanti Policy Secure IPS are both products of Ivanti Corporation, U.S.A. Ivanti Connect Secure is a secure remote network connection tool.Ivanti Policy Secure is a network access control NAC solution. An injection vulnerability exists in Ivanti Connect Secure version...

PT-2025-28483 · Ivanti · Ivanti Connect Secure +1

Name of the Vulnerable Software and Affected Versions: Ivanti Connect Secure versions prior to 22.7R2.8 Ivanti Policy Secure versions prior to 22.7R1.5 Description: The issue allows a remote authenticated attacker with admin rights to write to a protected configuration file on disk through CLRF...

GHSA-Q2WP-RJMX-X6X9 Transformers's ReDoS vulnerability in get_configuration_file can lead to catastrophic backtracking

A Regular Expression Denial of Service ReDoS vulnerability was discovered in the Hugging Face Transformers library, specifically in the getconfigurationfile function within the transformers.configurationutils module. The affected version is 4.49.0, and the issue is resolved in version 4.51.0. The...

CVE-2025-3705

A physical attacker with no privileges can gain full control of the affected device due to improper neutralization of special elements used in an OS Command 'OS Command Injection' when loading a config file from a USB drive...

CVE-2025-3263

A Regular Expression Denial of Service ReDoS vulnerability was discovered in the Hugging Face Transformers library, specifically in the getconfigurationfile function within the transformers.configurationutils module. The affected version is 4.49.0, and the issue is resolved in version 4.51.0. The...

Regular Expression Denial of Service (ReDoS)

Overview transformers is a State-of-the-art Machine Learning for JAX, PyTorch and TensorFlow Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS via the getconfigurationfile function in the transformers.configurationutils modules. An attacker can cause t...

CVE-2025-7101

A vulnerability was found in BoyunCMS up to 1.4.20. It has been classified as critical. This affects an unknown part of the file /install/installok.php of the component Configuration File Handler. The manipulation of the argument dbpass leads to code injection. It is possible to initiate the atta...