443 matches found
EUVD-2014-7956
Malicious code in bioql PyPI...
EUVD-2025-7072
Malicious code in bioql PyPI...
EUVD-2022-38748
Malicious code in bioql PyPI...
EUVD-2024-45835
Malicious code in bioql PyPI...
EUVD-2024-24440
Malicious code in bioql PyPI...
EUVD-2024-23018
Malicious code in bioql PyPI...
EUVD-2022-1569
Malicious code in bioql PyPI...
EUVD-2023-45781
Malicious code in bioql PyPI...
PT-2025-38760
Name of the Vulnerable Software and Affected Versions Creacast Creabox Manager version 4.4.4 Description A critical Remote Code Execution issue exists in Creacast Creabox Manager version 4.4.4. An authenticated attacker can inject arbitrary Lua code into the configuration through the edit.php...
CVE-2025-55202 Opencast has a partial path traversal vulnerability in UI config
Opencast is a free, open-source platform to support the management of educational audio and video content. In version 18.0 and versions before 17.7, the protections against path traversal attacks in the UI config module are insufficient, still partially allowing for attacks in very specific cases...
CVE-2025-55740
CVE-2025-55740 affects nginx-defender, a WAF/threat-detection system. The vulnerability is a configuration flaw where default credentials in example files (config.yaml and docker-compose.yml) are left unchanged (default_password: change_me_please; GF_SECURITY_ADMIN_PASSWORD=admin123). If exposed ...
CVE-2025-6000 Arbitrary Remote Code Execution via Plugin Catalog Abuse
A privileged Vault operator within the root namespace with write permission to sys/audit may obtain code execution on the underlying host if a plugin directory is set in Vault’s configuration. Fixed in Vault Community Edition 1.20.1 and Vault Enterprise 1.20.1, 1.19.7, 1.18.12, and 1.16.23...
Belkin F9K1122 Command Injection Vulnerability (CNVD-2025-20834)
The Belkin F9K1122 is a WiFi signal extender from Belkin Canada. The Belkin F9K1122 suffers from a command injection vulnerability that originates from a misbehavior of the parameters mwanipaddr/mwannetmask/mwangateway/mwanstaticdns1/mwanstaticdns2 in the file /goform/formSetWanStatic. can be...
Jenkins Xooa Plugin vulnerability exposes unencrypted tokens to authenticated users
Jenkins Xooa Plugin 0.0.7 and earlier stores the Xooa Deployment Token unencrypted in its global configuration file on the Jenkins controller, where it can be viewed by users with access to the Jenkins controller file system...
CVE-2025-53743
Jenkins Applitools Eyes Plugin 1.16.5 and earlier does not mask Applitools API keys displayed on the job configuration form, increasing the potential for attackers to observe and capture them...
CVE-2025-53667
Jenkins Dead Man's Snitch Plugin 0.1 does not mask Dead Man's Snitch tokens displayed on the job configuration form, increasing the potential for attackers to observe and capture them...
CVE-2025-53677
CVE-2025-53677 affects Jenkins Xooa Plugin versions 0.0.7 and earlier. The token is not masked on the global configuration form, enabling potential observation/capture of the Xooa Deployment Token by users with access to the Jenkins controller/file system. Remediation: update to a newer plugin ve...
CVE-2025-43932
JobCenter through 7e7b0b2 allows account takeover via the password reset feature because SERVERNAME is not configured and thus a reset depends on the Host HTTP header...
PT-2025-28906 · Jenkins · Jenkins Statistics Gatherer Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Statistics Gatherer Plugin versions 2.0.3 and earlier Description: The Jenkins Statistics Gatherer Plugin stores the AWS Secret Key unencrypted in its global configuration file...
CVE-2025-43932
JobCenter through 7e7b0b2 allows account takeover via the password reset feature because SERVERNAME is not configured and thus a reset depends on the Host HTTP header...