Radiometrics VizAir 访问控制错误漏洞

Radiometrics VizAir is a weather monitoring and warning system from Radiometrics, Inc. An access control error vulnerability exists in Radiometrics VizAir that stems from the lack of an authentication mechanism for critical functionality, which could allow an unauthenticated attacker to modify...

MantisBT 授权问题漏洞

MantisBT is a Web-based open source defect tracking system of the MantisBT team . The system provides project management and defect tracking services in the form of Web operations. An authorization issue vulnerability exists in MantisBT 2.27.1 and earlier versions, which stems from insufficient...

CVE-2025-54471

NeuVector used a hard-coded cryptographic key embedded in the source code. At compilation time, the key value was replaced with the secret key value and used to encrypt sensitive configurations when NeuVector stores the data...

CVE-2025-64132

Jenkins MCP Server Plugin 0.84.v50ca24ef83f2 and earlier does not perform permission checks in multiple MCP tools, allowing attackers to trigger builds and obtain information about job and cloud configuration they should not be able to access...

CVE-2025-54471

NeuVector used a hard-coded cryptographic key embedded in the source code. At compilation time, the key value was replaced with the secret key value and used to encrypt sensitive configurations when NeuVector stores the data...

CVE-2025-54471

NeuVector used a hard-coded cryptographic key embedded in the source code. At compilation time, the key value was replaced with the secret key value and used to encrypt sensitive configurations when NeuVector stores the data...

CVE-2025-54471

The CVE-2025-54471 entry concerns NeuVector where a hard-coded cryptographic key was embedded in the source and replaced at compile time, then used to encrypt sensitive configurations stored by NeuVector. Affected data and configurations could be exposed due to the improper key handling. The prov...

CVE-2025-54471 NeuVector is shipping cryptographic material into its binary

NeuVector used a hard-coded cryptographic key embedded in the source code. At compilation time, the key value was replaced with the secret key value and used to encrypt sensitive configurations when NeuVector stores the data...

CVE-2025-54471 NeuVector is shipping cryptographic material into its binary

NeuVector used a hard-coded cryptographic key embedded in the source code. At compilation time, the key value was replaced with the secret key value and used to encrypt sensitive configurations when NeuVector stores the data...

Nagios XI 安全漏洞

Nagios XI is a suite of IT infrastructure monitoring solutions from the US-based Nagios. The solution supports monitoring and alerting of applications, services, operating systems, and more. A security vulnerability exists in Nagios XI versions prior to 2024R1.2, which stems from mishandling of...

Cleartext Transmission of Sensitive Information

Overview org.jenkins-ci.plugins:curseforge-publisher is a This plugin allows users to upload build artifacts to CurseForge as mod releases. Affected versions of this package are vulnerable to Cleartext Transmission of Sensitive Information in the storage of API keys in unencrypted form within...

EUVD-2025-36654

Jenkins ByteGuard Build Actions Plugin stores API tokens unencrypted in job config.xml files...

CVE-2025-64132

Jenkins MCP Server Plugin 0.84.v50ca24ef83f2 and earlier does not perform permission checks in multiple MCP tools, allowing attackers to trigger builds and obtain information about job and cloud configuration they should not be able to access...

CVE-2025-64132

Jenkins MCP Server Plugin 0.84.v50ca24ef83f2 and earlier does not perform permission checks in multiple MCP tools, allowing attackers to trigger builds and obtain information about job and cloud configuration they should not be able to access...

CVE-2025-41090

microCLAUDIA in v3.2.0 and prior has an improper access control vulnerability. This flaw allows an authenticated user to perform unauthorized actions on other organizations' systems by sending direct API requests. To do so, the attacker can use organization identifiers obtained through a...

Jenkins plugin MCP Server 安全漏洞

Jenkins and Jenkins plugin are both Jenkins open source products.Jenkins is an application software. An open source automation server Jenkins provides hundreds of plugins to support building, deploying and automating any project.Jenkins plugin is an application software plugin. A security...

CVE-2025-41090

microCLAUDIA in v3.2.0 and prior has an improper access control vulnerability. This flaw allows an authenticated user to perform unauthorized actions on other organizations' systems by sending direct API requests. To do so, the attacker can use organization identifiers obtained through a...

CVE-2025-41090

CVE-2025-41090 concerns microCLAUDIA, affecting version 3.2.0 and older. The issue is an improper access-control vulnerability that allows an authenticated user to perform actions on other organizations’ systems by issuing direct API requests, using organization identifiers obtained from a compro...

CVE-2025-41090 Improper Access Control in CCN-CERT microCLAUDIA

microCLAUDIA in v3.2.0 and prior has an improper access control vulnerability. This flaw allows an authenticated user to perform unauthorized actions on other organizations' systems by sending direct API requests. To do so, the attacker can use organization identifiers obtained through a...

CVE-2025-41090 Improper Access Control in CCN-CERT microCLAUDIA

microCLAUDIA in v3.2.0 and prior has an improper access control vulnerability. This flaw allows an authenticated user to perform unauthorized actions on other organizations' systems by sending direct API requests. To do so, the attacker can use organization identifiers obtained through a...