CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

4598 matches found

Snyk•added 2025/10/29 3:31 p.m.•1 views

Cleartext Transmission of Sensitive Information

Overview org.jenkins-ci.plugins:curseforge-publisher is a This plugin allows users to upload build artifacts to CurseForge as mod releases. Affected versions of this package are vulnerable to Cleartext Transmission of Sensitive Information in the storage of API keys in unencrypted form within...

5.3CVSS6.8AI score0.0003EPSS

Exploits0References2

Github Security Blog•added 2025/10/29 3:31 p.m.•10 views

Jenkins ByteGuard Build Actions Plugin stores API tokens unencrypted in job config.xml files

Jenkins ByteGuard Build Actions Plugin 1.0 and earlier stores API tokens unencrypted in job config.xml files on the Jenkins controller as part of its configuration. These tokens can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system. Additionally...

4.3CVSS6.7AI score0.0003EPSS

Exploits0References4Affected Software1

Snyk•added 2025/10/29 3:31 p.m.•5 views

Cleartext Transmission of Sensitive Information

Overview io.jenkins.plugins:byteguard-build-actions is a ByteGuard adds a human verification step to your most consequential scripts. We use a mechanism similar to multifactor authentication for soliciting approval from team members before a function executes. This functionality can be used to...

5.3CVSS6.6AI score0.00019EPSS

Exploits0References2

CVE•added 2025/10/29 1:29 p.m.•10 views

CVE-2025-64146

CVE-2025-64146 affects the Jenkins Curseforge Publisher Plugin (version 1.0) and older, where API keys are stored unencrypted in job config.xml on the Jenkins controller. This configuration data can be viewed by users with Item/Extended Read permission or by anyone with access to the Jenkins cont...

4.3CVSS6.5AI score0.0003EPSS

Exploits0References2Affected Software1

Gitee•added 2025/10/28 5:17 p.m.•126 views

nuclei_poc

This repository is an offensive tool for Nuclei POCs. It is a Python script that clones GitHub repositories, extracts Nuclei POCs, and organizes them into categorized folders. The script runs automatically every day using GitHub Actions. The primary vulnerability class targeted by this tool is no...

8AI score

Exploits0

RedhatCVE•added 2025/10/28 2:38 a.m.•3 views

CVE-2025-12205

A vulnerability was detected in Kamailio 5.5. The affected element is the function srpushyystate of the file src/core/cfg.lex of the component Configuration File Handler. The manipulation results in use after free. The attack must be initiated from a local position. The exploit is now public and...

7.8CVSS4.9AI score0.00021EPSS

Exploits1References1

Cvelist•added 2025/10/28 12:0 a.m.•16 views

CVE-2025-60805

An issue was discovered in BESSystem BES Application Server thru 9.5.x allowing unauthorized attackers to gain sensitive information via the "pre-resource" option in bes-web.xml...

0.00049EPSS

Exploits0References4

Tenable Nessus•added 2025/10/28 12:0 a.m.•4 views

Linux Distros Unpatched Vulnerability : CVE-2025-12207

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability has been found in Kamailio 5.5. This affects the function yyerrorat of the file src/core/cfg.y of the component Grammar Rule Handler. Such...

5.5CVSS5.2AI score0.00031EPSS

Exploits1References3

RedhatCVE•added 2025/10/27 7:26 a.m.•2 views

CVE-2025-12200

No description is available for this CVE. Mitigation No mitigation is currently available that meets Red Hat Product Security’s standards for usability, deployment, applicability, or stability. To reduce the risk, restrict write access to the dnsmasq.conf file and related configuration directorie...

4.1AI score0.00012EPSS

Exploits0References7

OSV•added 2025/10/27 3:15 a.m.•2 views

CVE-2025-12205

7.8CVSS5AI score

Exploits0References8

NVD•added 2025/10/27 3:15 a.m.•4 views

CVE-2025-12205

7.8CVSS0.00021EPSS

Exploits1References8

OSV•added 2025/10/27 3:15 a.m.•3 views

DEBIAN-CVE-2025-12204

A security vulnerability has been detected in Kamailio 5.5. Impacted is the function rvedestroy of the file src/core/rvalue.c of the component Configuration File Handler. The manipulation leads to heap-based buffer overflow. The attack must be carried out locally. The exploit has been disclosed...

7.8CVSS5.5AI score0.00008EPSS

Exploits1References1

NVD•added 2025/10/27 3:15 a.m.•3 views

CVE-2025-12204

7.8CVSS0.00008EPSS

Exploits1References8

OSV•added 2025/10/27 3:15 a.m.•1 views

UBUNTU-CVE-2025-12205

7.8CVSS5.4AI score0.00021EPSS

Exploits1References6

CVE•added 2025/10/27 2:32 a.m.•13 views

CVE-2025-12205

Kamailio 5.5 is affected by a vulnerability in the function sr_push_yy_state (src/core/cfg.lex) that causes use-after-free. The issue requires local access to exploit. Public exploit exists, but the real-world existence of the vulnerability has been doubted in the sources. Connected advisories (R...

7.8CVSS4.8AI score0.00021EPSS

Exploits1References8Affected Software1