Information Disclosure

Jenkins is vulnerable to information disclosure. The vulnerability is due to improper redaction of encrypted secret values in config.xml when accessed via REST API or CLI, allowing attackers with View/Read permission to retrieve sensitive information...

UBUNTU-CVE-2025-1550

The Keras Model.loadmodel function permits arbitrary code execution, even with safemode=True, through a manually constructed, malicious .keras archive. By altering the config.json file within the archive, an attacker can specify arbitrary Python modules and functions, along with their arguments, ...

Nintex Automation 安全漏洞

Nintex Automation is a workflow automation software from Nintex. A security vulnerability exists in Nintex Automation versions prior to 5.8, which originates from a configuration file in the K2 SmartForms Designer folder that contains a password that can be read by an unauthorized user...

CVE-2025-2120 Thinkware Car Dashcam F800 Pro Configuration File hostapd.conf cleartext storage in a file or on disk

A vulnerability was found in Thinkware Car Dashcam F800 Pro up to 20250226. It has been rated as problematic. This issue affects some unknown processing of the file /tmp/hostapd.conf of the component Configuration File Handler. The manipulation leads to cleartext storage in a file or on disk. It ...

CVE-2025-2120

Thinkware Car Dashcam F800 Pro (up to 20250226) is affected by CVE-2025-2120 via the Configuration File Handler, where processing of /tmp/hostapd.conf leads to cleartext storage on disk. Root cause: cleartext storage of sensitive data. Attacker can exploit on the physical device; exploit disclose...

CVE-2025-2120 Thinkware Car Dashcam F800 Pro Configuration File hostapd.conf cleartext storage in a file or on disk

A vulnerability was found in Thinkware Car Dashcam F800 Pro up to 20250226. It has been rated as problematic. This issue affects some unknown processing of the file /tmp/hostapd.conf of the component Configuration File Handler. The manipulation leads to cleartext storage in a file or on disk. It ...

SUSE CVE-2020-5253

NetHack before version 3.6.0 allowed malicious use of escaping of characters in the configuration file usually .nethackrc which could be exploited. This bug is patched in NetHack 3.6.0...

OESA-2025-1243 libcap security update

This is a library for getting and setting POSIX.1e formerly POSIX 6 draft 15 capabilities. Security Fixes: The PAM module pamcap.so of libcap configuration supports group names starting with “@”, during actual parsing, configurations not starting with “@” are incorrectly recognized as group names...

CVE-2025-27685

Vasion Print formerly PrinterLogic before Virtual Appliance Host 1.0.735 Application 20.0.1330 allows Configuration File Contains CA & Private Key V-2022-001...

CVE-2025-27623

A flaw was found in Jenkins. Affected versions of Jenkins do not redact encrypted values of secrets when accessing the config.xml of views via REST API or CLI. This flaw allows attackers with view/read permission to view encrypted values of secrets...

CVE-2025-27623

Jenkins 2.499 and earlier, LTS 2.492.1 and earlier does not redact encrypted values of secrets when accessing config.xml of views via REST API or CLI, allowing attackers with View/Read permission to view encrypted values of secrets...

CVE-2025-27685

Vasion Print formerly PrinterLogic before Virtual Appliance Host 1.0.735 Application 20.0.1330 allows Configuration File Contains CA & Private Key V-2022-001...

CVE-2025-27685

Vasion Print formerly PrinterLogic before Virtual Appliance Host 1.0.735 Application 20.0.1330 allows Configuration File Contains CA & Private Key V-2022-001...

CVE-2025-27685

Vulnerability CVE-2025-27685 affects Vasion Print (formerly PrinterLogic) prior to Virtual Appliance Host 1.0.735, Application 20.0.1330. The issue arises from a configuration file that contains a CA certificate and a private key (V-2022-001). Public references in the connected sources corroborat...

CVE-2025-27685

Vasion Print formerly PrinterLogic before Virtual Appliance Host 1.0.735 Application 20.0.1330 allows Configuration File Contains CA & Private Key V-2022-001...

Linux Distros Unpatched Vulnerability : CVE-2022-24891

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ESAPI The OWASP Enterprise Security API is a free, open source, web application security control library. Prior to version 2.3.0.0, there is a potential for a...

CVE-2025-27685

Vasion Print formerly PrinterLogic before Virtual Appliance Host 1.0.735 Application 20.0.1330 allows Configuration File Contains CA & Private Key V-2022-001...

Linux Distros Unpatched Vulnerability : CVE-2024-12798

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ACE vulnerability in JaninoEventEvaluator by QOS.CH logback-core upto including version 0.1 to 1.3.14 and 1.4.0 to 1.5.12 in Java applications allows attacker t...

Vasion Print 安全漏洞

Vasion Print is a SaaS-based, cloud-hosted application from Vasion for managing and deploying printers. A security vulnerability exists in Vasion Print that stems from a configuration file containing a CA and private key...

Security Bulletin: Vulnerability in logback affects IBM Storage Insights

Summary logback is vulnerable to forging requests, arbitrary code execution, These vulnerabilities affect IBM Storage Insights. Vulnerability Details CVEID:CVE-2024-12801 DESCRIPTION: Server-Side Request Forgery SSRF in SaxEventRecorder by QOS.CH logback version 0.1 to 1.3.14 and 1.4.0 to 1.5.12 ...