Kaseya RapidFire Tools Network Detective 安全漏洞

Kaseya RapidFire Tools Network Detective is a network asset assessment and security scanning tool from Kaseya Corporation, USA. A security vulnerability exists in Kaseya RapidFire Tools Network Detective version 2.0.16.0, which originates from storing unencrypted credentials in configuration file...

PT-2025-29883 · Unknown · Limesurvey

Name of the Vulnerable Software and Affected Versions: LimeSurvey versions 2.0 through 2.06+ Build 151014 Description: An unauthenticated file download issue exists in the application. The application does not validate serialized input to the admin backup endpoint index.php/admin/update/sa/backup...

Zyxel NWA50AX PRO 路径遍历漏洞

The Zyxel NWA50AX PRO is a wireless router from China Hopkins Zyxel. A path traversal vulnerability exists in Zyxel NWA50AX PRO 7.10 ACGE.2 and earlier versions, which stems from a path traversal in the fileupload-cgi CGI program that could lead to the deletion of configuration files...

CVE-2025-53742

Jenkins Applitools Eyes Plugin 1.16.5 and earlier stores Applitools API keys unencrypted in job config.xml files on the Jenkins controller, where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system...

Jenkins Nouvola DiveCloud Plugin vulnerability stores unencrypted credentials

Jenkins Nouvola DiveCloud Plugin 1.08 and earlier stores DiveCloud API Keys and Credentials Encryption Keys unencrypted in job config.xml files on the Jenkins controller, where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system...

Jenkins ReadyAPI Functional Testing Plugin vulnerability stores unencrypted authentication credentials

Jenkins ReadyAPI Functional Testing Plugin 1.11 and earlier stores SLM License Access Keys, client secrets, and passwords unencrypted in job config.xml files on the Jenkins controller as part of its configuration. These credentials can be viewed by users with Item/Extended Read permission or acce...

GHSA-3WGG-3J4J-3F69 Jenkins Aqua Security Scanner Plugin vulnerability exposes scanner tokens

Jenkins Aqua Security Scanner Plugin 3.2.8 and earlier stores Scanner Tokens for Aqua API unencrypted in job config.xml files on the Jenkins controller as part of its configuration. These tokens can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file...

CVE-2025-53666

Jenkins Dead Man's Snitch Plugin 0.1 stores Dead Man's Snitch tokens unencrypted in job config.xml files on the Jenkins controller, where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system...

CVE-2025-53662

Jenkins IFTTT Build Notifier Plugin 1.2 and earlier stores IFTTT Maker Channel Keys unencrypted in job config.xml files on the Jenkins controller, where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system...

CVE-2025-49843

conda-smithy is a tool for combining a conda recipe with configurations to build using freely hosted CI services into a single repository. Prior to version 3.47.1, the travisheaders function in the conda-smithy repository creates files with permissions exceeding 0o600, allowing read and write...

CVE-2025-33117

IBM QRadar SIEM 7.5 through 7.5.0 Update Package 12 could allow a privileged user to modify configuration files that would allow the upload of a malicious autoupdate file to execute arbitrary commands...

Bizerba BRAIN2 安全漏洞

Bizerba BRAIN2 is an industrial software platform from Bizerba, Germany. A security vulnerability exists in Bizerba BRAIN2 that stems from the possibility that a standard Windows user could access and decrypt database configuration files...

CVE-2025-49843 conda-smithy Has Incorrect Default File Permissions

conda-smithy is a tool for combining a conda recipe with configurations to build using freely hosted CI services into a single repository. Prior to version 3.47.1, the travisheaders function in the conda-smithy repository creates files with permissions exceeding 0o600, allowing read and write...

conda-forge conda-smithy 安全漏洞

conda-forge conda-smithy is a conda-forge open source tool for managing raw materials for Conda Forge. A security vulnerability exists in conda-forge conda-smithy versions prior to 3.47.1, which stems from a file created by the travisheaders function having too many permissions, which could lead ...

TencentOS Server 3: c-ares (TSSA-2024:0313)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2024:0313 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities:...

CVE-2025-44043

Keyoti SearchUnit prior to 9.0.0. is vulnerable to Server-Side Request Forgery SSRF in /KeyotiSearchEngineWebCommon/SearchService.svc/GetResults and /KeyotiSearchEngineWebCommon/SearchService.svc/GetLocationAndContentCategories. An attacker can specify their own SMB server as the indexDirectory...

CVE-2025-44043

Keyoti SearchUnit (prior to 9.0.0) is affected by two CVEs: CVE-2025-44043 (SSRF) in /SearchService.svc/GetResults and /GetLocationAndContentCategories, where an attacker can specify an SMB server as indexDirectory to cause the server to read/write configuration and log files on the attacker’s ho...

The vulnerability of platform monitoring systems for events detection, threat detection, and security analytics in IBM QRadar Suite and IBM Cloud Pak for Security lies in the storage of authentication data in unencrypted form within configuration files. This allows attackers to exploit their privileges.

The vulnerabilities of event monitoring platforms, threat detection systems, and security analytics tools from IBM QRadar Suite and IBM Cloud Pak for Security are related to the storage of authentication data in unencrypted form within configuration files. Exploiting these vulnerabilities can all...

Python Library jupyter_core < 5.8.0 Uncontrolled Search Path

The detected version of the Python package, jupytercore, is prior to 5.8.0. It is, therefore, affected by a vulnerability, as explained in the GHSA-33p9-3p43-82vq advisory. Jupyter Core is a package for the core common functionality of Jupyter projects. When using Jupyter Core prior to version...

CVE-2025-25022

IBM QRadar Suite Software 1.10.12.0 through 1.11.2.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 could allow an unauthenticated user in the environment to obtain highly sensitive information in configuration files...