82 matches found
CVE-2023-36830
SQLFluff is a SQL linter. Prior to version 2.1.2, in environments where untrusted users have access to the config files, there is a potential security vulnerability where those users could use the librarypath config value to allow arbitrary python code to be executed via macros. For many users wh...
CVE-2023-32076
in-toto is a framework to protect supply chain integrity. The in-toto configuration is read from various directories and allows users to configure the behavior of the framework. The files are from directories following the XDG base directory specification. In versions 1.4.0 and prior, among the...
CVE-2019-1003094
Jenkins Open STF Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system...
CVE-2019-19107
The Configuration pages in ABB Telephone Gateway TG/S 3.2 and Busch-Jaeger 6186/11 Telefon-Gateway for user profiles and services transfer the password in plaintext although hidden when displayed...
PT-2025-22125
Name of the Vulnerable Software and Affected Versions: Rapid7 AppSpider Pro versions prior to 7.5.018 Description: The issue is related to a stored cross-site scripting vulnerability in the ScanName field. Although the application prevents the inclusion of special characters within the ScanName...
PT-2025-20393 · Totolink · Totolink Nr1800X
Name of the Vulnerable Software and Affected Versions: TOTOLINK NR1800X version 9.1.0u.6681 B20230703 Description: The issue is an authenticated stack overflow that occurs via the ssid parameter in the setWiFiBasicCfg function. This allows for potential exploitation. No information is provided...
youtube-dl vulnerable to file system modification and RCE through improper file-extension sanitization
Description This advisory follows the security advisory GHSA-79w7-vh3h-8g4j published by the yt-dlp/yt-dlp project to aid remediation of the issue in the ytdl-org/youtube-dl project. Vulnerability youtube-dl does not limit the extensions of downloaded files, which could lead to arbitrary filename...
CVE-2025-31724
Jenkins Cadence vManager Plugin 4.0.0-282.v5096ac2db275 and earlier stores Verisium Manager vAPI keys unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Extended Read permission, or access to the Jenkins controller file system...
CVE-2025-31728
The CVE-2025-31728 entry concerns the Jenkins AsakusaSatellite Plugin (versions ≤ 0.1.1). Affected: AsakusaSatellite API keys are displayed in the job configuration form and are not masked, enabling observation/capture by users with permissions to view job configs or access the Jenkins controller...
PT-2025-14518 · Jenkins · Jenkins Asakusasatellite Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins AsakusaSatellite Plugin versions 0.1.1 and earlier Description: The issue concerns the exposure of AsakusaSatellite API keys on the job configuration form, which could allow attackers to observe and capture them. Recommendations: For...
Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to kafka-clients-3.7.1.jar CVE-2024-31141
Summary IBM Maximo Application Suite - Monitor Component is vulnerable to kafka-clients-3.7.1.jar CVE-2024-31141. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2024-31141 DESCRIPTION: Files or Directories Accessible to External Parties,...
OPENSUSE-SU-2025:14813-1 keylime-config-7.12.1-1.1 on GA media
These are all security issues fixed in the keylime-config-7.12.1-1.1 package on the GA media of openSUSE Tumbleweed...
PT-2024-21144 · Openfyde +1 · Openfyde +3
Name of the Vulnerable Software and Affected Versions: FydeOS for PC version 17.1 R114 FydeOS for VMware version 17.0 R114 FydeOS for You version 17.1 R114 OpenFyde version R114 Description: The issue allows attackers to gain root access without a password due to the root password being saved as ...
Siemens SIMATIC RTLS Locating Manager Hidden Function Vulnerability
SIMATIC RTLS Locating Manager is used to configure, operate and maintain the SIMATIC RTLS unit, a real-time wireless positioning system that provides locating solutions. A hidden function vulnerability exists in Siemens SIMATIC RTLS Locating Manager due to an affected application containing hidde...
CVE-2024-23687
CVE-2024-23687 affects the FOLIO module-data-export-spring. The issue arises from hard-coded credentials in the module, allowing unauthenticated access to critical APIs and enabling modification of user data, configurations (including single sign-on), and fees/fines. Affected versions are before ...
GHSA-Q4PP-J36H-3GQG Minimal `basti` IAM Policy Allows Shell Access
Summary The provided Minimal IAM Policy for bastic connect does not include ssm:SessionDocumentAccessCheck. This results in the ability to get a shell session on the bastion, not just the intended access for Port Forwarding. Details basti connect is designed to "securely connect to your...
CVE-2023-33000
Jenkins NS-ND Integration Performance Publisher Plugin 4.8.0.149 and earlier does not mask credentials displayed on the configuration form, increasing the potential for attackers to observe and capture them...
PT-2022-26910 · Jenkins · Jenkins S3 Explorer Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins S3 Explorer Plugin versions 1.0.8 and earlier Description: The issue concerns the Jenkins S3 Explorer Plugin, where the AWS SECRET ACCESS KEY form field is not masked, increasing the potential for attackers to observe and capture it...
CVE-2022-41226
Jenkins Compuware Common Configuration Plugin 1.0.14 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...
PT-2022-23207 · Blue Prism · Blue Prism Enterprise
Name of the Vulnerable Software and Affected Versions: Blue Prism Enterprise versions 6.0 through 7.01 Description: The issue allows a domain authenticated user to send a crafted message to the Blue Prism Server in a misconfigured environment, potentially leading to remote code execution due to...