Lucene search
K

82 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 5:3 a.m.11 views

CVE-2023-36830

SQLFluff is a SQL linter. Prior to version 2.1.2, in environments where untrusted users have access to the config files, there is a potential security vulnerability where those users could use the librarypath config value to allow arbitrary python code to be executed via macros. For many users wh...

7.8CVSS7.5AI score0.0039EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 4:10 a.m.4 views

CVE-2023-32076

in-toto is a framework to protect supply chain integrity. The in-toto configuration is read from various directories and allows users to configure the behavior of the framework. The files are from directories following the XDG base directory specification. In versions 1.4.0 and prior, among the...

5.5CVSS7.1AI score0.00241EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 7:41 a.m.6 views

CVE-2019-1003094

Jenkins Open STF Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system...

6.5CVSS6.7AI score0.01226EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 4:52 a.m.3 views

CVE-2019-19107

The Configuration pages in ABB Telephone Gateway TG/S 3.2 and Busch-Jaeger 6186/11 Telefon-Gateway for user profiles and services transfer the password in plaintext although hidden when displayed...

6.2CVSS7.2AI score0.00216EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/05/20 12:0 a.m.4 views

PT-2025-22125

Name of the Vulnerable Software and Affected Versions: Rapid7 AppSpider Pro versions prior to 7.5.018 Description: The issue is related to a stored cross-site scripting vulnerability in the ScanName field. Although the application prevents the inclusion of special characters within the ScanName...

4.6CVSS5.7AI score0.00159EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2025/05/08 12:0 a.m.5 views

PT-2025-20393 · Totolink · Totolink Nr1800X

Name of the Vulnerable Software and Affected Versions: TOTOLINK NR1800X version 9.1.0u.6681 B20230703 Description: The issue is an authenticated stack overflow that occurs via the ssid parameter in the setWiFiBasicCfg function. This allows for potential exploitation. No information is provided...

8.8CVSS6.5AI score0.0056EPSS
Exploits1References8
Github Security Blog
Github Security Blog
added 2025/04/18 8:24 p.m.21 views

youtube-dl vulnerable to file system modification and RCE through improper file-extension sanitization

Description This advisory follows the security advisory GHSA-79w7-vh3h-8g4j published by the yt-dlp/yt-dlp project to aid remediation of the issue in the ytdl-org/youtube-dl project. Vulnerability youtube-dl does not limit the extensions of downloaded files, which could lead to arbitrary filename...

7.8CVSS7.2AI score0.00322EPSS
Exploits0References7Affected Software1
RedhatCVE
RedhatCVE
added 2025/04/04 3:39 p.m.32 views

CVE-2025-31724

Jenkins Cadence vManager Plugin 4.0.0-282.v5096ac2db275 and earlier stores Verisium Manager vAPI keys unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Extended Read permission, or access to the Jenkins controller file system...

4.3CVSS7AI score0.0029EPSS
Exploits0References1
CVE
CVE
added 2025/04/02 2:59 p.m.66 views

CVE-2025-31728

The CVE-2025-31728 entry concerns the Jenkins AsakusaSatellite Plugin (versions ≤ 0.1.1). Affected: AsakusaSatellite API keys are displayed in the job configuration form and are not masked, enabling observation/capture by users with permissions to view job configs or access the Jenkins controller...

5.5CVSS7AI score0.00266EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2025/04/02 12:0 a.m.5 views

PT-2025-14518 · Jenkins · Jenkins Asakusasatellite Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins AsakusaSatellite Plugin versions 0.1.1 and earlier Description: The issue concerns the exposure of AsakusaSatellite API keys on the job configuration form, which could allow attackers to observe and capture them. Recommendations: For...

6.5CVSS5.9AI score0.00266EPSS
Exploits0References10
IBM Security Bulletins
IBM Security Bulletins
added 2025/04/01 9:15 a.m.16 views

Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to kafka-clients-3.7.1.jar CVE-2024-31141

Summary IBM Maximo Application Suite - Monitor Component is vulnerable to kafka-clients-3.7.1.jar CVE-2024-31141. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2024-31141 DESCRIPTION: Files or Directories Accessible to External Parties,...

6.5CVSS6.8AI score0.01129EPSS
Exploits0Affected Software1
OSV
OSV
added 2025/02/16 12:0 a.m.2 views

OPENSUSE-SU-2025:14813-1 keylime-config-7.12.1-1.1 on GA media

These are all security issues fixed in the keylime-config-7.12.1-1.1 package on the GA media of openSUSE Tumbleweed...

4.3CVSS6.9AI score0.00365EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/10/09 12:0 a.m.5 views

PT-2024-21144 · Openfyde +1 · Openfyde +3

Name of the Vulnerable Software and Affected Versions: FydeOS for PC version 17.1 R114 FydeOS for VMware version 17.0 R114 FydeOS for You version 17.1 R114 OpenFyde version R114 Description: The issue allows attackers to gain root access without a password due to the root password being saved as ...

9.8CVSS6.9AI score0.00518EPSS
Exploits0References9
CNVD
CNVD
added 2024/05/16 12:0 a.m.6 views

Siemens SIMATIC RTLS Locating Manager Hidden Function Vulnerability

SIMATIC RTLS Locating Manager is used to configure, operate and maintain the SIMATIC RTLS unit, a real-time wireless positioning system that provides locating solutions. A hidden function vulnerability exists in Siemens SIMATIC RTLS Locating Manager due to an affected application containing hidde...

4.8CVSS6.8AI score0.00173EPSS
Exploits0References1
CVE
CVE
added 2024/01/19 9:15 p.m.83 views

CVE-2024-23687

CVE-2024-23687 affects the FOLIO module-data-export-spring. The issue arises from hard-coded credentials in the module, allowing unauthenticated access to critical APIs and enabling modification of user data, configurations (including single sign-on), and fees/fines. Affected versions are before ...

9.1CVSS8.7AI score0.00646EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2023/08/24 12:53 p.m.11 views

GHSA-Q4PP-J36H-3GQG Minimal `basti` IAM Policy Allows Shell Access

Summary The provided Minimal IAM Policy for bastic connect does not include ssm:SessionDocumentAccessCheck. This results in the ability to get a shell session on the bastion, not just the intended access for Port Forwarding. Details basti connect is designed to "securely connect to your...

7AI score
Exploits0References3
Vulnrichment
Vulnrichment
added 2023/05/16 4:0 p.m.9 views

CVE-2023-33000

Jenkins NS-ND Integration Performance Publisher Plugin 4.8.0.149 and earlier does not mask credentials displayed on the configuration form, increasing the potential for attackers to observe and capture them...

7.5AI score0.00569EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2022/10/19 12:0 a.m.4 views

PT-2022-26910 · Jenkins · Jenkins S3 Explorer Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins S3 Explorer Plugin versions 1.0.8 and earlier Description: The issue concerns the Jenkins S3 Explorer Plugin, where the AWS SECRET ACCESS KEY form field is not masked, increasing the potential for attackers to observe and capture it...

5.3CVSS4.9AI score0.00512EPSS
Exploits0References7
OSV
OSV
added 2022/09/21 4:15 p.m.5 views

CVE-2022-41226

Jenkins Compuware Common Configuration Plugin 1.0.14 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...

9.8CVSS5.8AI score0.00787EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2022/08/25 12:0 a.m.9 views

PT-2022-23207 · Blue Prism · Blue Prism Enterprise

Name of the Vulnerable Software and Affected Versions: Blue Prism Enterprise versions 6.0 through 7.01 Description: The issue allows a domain authenticated user to send a crafted message to the Blue Prism Server in a misconfigured environment, potentially leading to remote code execution due to...

8.8CVSS8.7AI score0.01506EPSS
Exploits0References4
Rows per page
Query Builder