CVE-2025-67637

Jenkins 2.540 and earlier, LTS 2.528.2 and earlier stores build authorization tokens unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system...

CVE-2025-67643

CVE-2025-67643 affects Jenkins Redpen - Pipeline Reporter for Jira Plugin (versions 1.054.v7b_9517b_6b_202 and earlier). The vulnerability is a path traversal flaw: improper validation of the workspace directory path during artifact uploads to Jira, enabling attackers with Item/Configure permissi...

CVE-2025-67637

Jenkins 2.540 and earlier, LTS 2.528.2 and earlier stores build authorization tokens unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system...

CVE-2025-67637

CVE-2025-67637 affects Jenkins 2.540 and earlier, and LTS 2.528.2 and earlier. The issue is that build authorization tokens are stored unencrypted in job config.xml on the Jenkins controller, making them viewable by users with Item/Extended Read permission or with access to the controller filesys...

CVE-2025-62109

Insertion of Sensitive Information Into Sent Data vulnerability in INFINITUM FORM Geo Controller cf-geoplugin allows Retrieve Embedded Sensitive Data.This issue affects Geo Controller: from n/a through = 8.9.4...

CVE-2022-50646

In the Linux kernel, the following vulnerability has been resolved: scsi: hpsa: Fix possible memory leak in hpsainitone The hpdaallocctlrinfo allocates h and its field replymap. However, in hpsainitone, if allocpercpu failed, the hpsainitone jumps to clean1 directly, which frees h and leaks the...

SUSE CVE-2022-50646

In the Linux kernel, the following vulnerability has been resolved: scsi: hpsa: Fix possible memory leak in hpsainitone The hpdaallocctlrinfo allocates h and its field replymap. However, in hpsainitone, if allocpercpu failed, the hpsainitone jumps to clean1 directly, which frees h and leaks the...

SUSE CVE-2022-50653

In the Linux kernel, the following vulnerability has been resolved: mmc: atmel-mci: fix return value check of mmcaddhost mmcaddhost may return error, if we ignore its return value, it will lead two issues: 1. The memory that allocated in mmcallochost is leaked. 2. In the remove path, mmcremovehos...

CVE-2025-65822

CVE-2025-65822 concerns the ESP32 SoC in the Meatmeet Pro, where JTAG is left enabled. The Red Hat/NVD/CNNVD and related entries describe that a physical attacker can connect via the JTAG port on a Meatmeet Pro device and reflash firmware with malicious code, potentially causing loss of device fu...

Jenkins Redpen - Pipeline Reporter for Jira Plugin 安全漏洞

Jenkins Redpen - Pipeline Reporter for Jira Plugin is an open source plugin for Jenkins. A security vulnerability exists in Jenkins Redpen - Pipeline Reporter for Jira Plugin 1.054.v7b9517b6b202 and prior versions, which stems from failure to properly validate workspace directory paths, which cou...

PT-2025-50355

Name of the Vulnerable Software and Affected Versions Jenkins versions 2.540 and earlier Jenkins LTS versions 2.528.2 and earlier Description Jenkins stores build authorization tokens unencrypted in config.xml files on the Jenkins controller. This allows users with Item/Extended Read permission, ...

CVE-2025-36017

IBM Controller 11.1.0 through 11.1.1 and IBM Cognos Controller 11.0.0 through 11.0.1 FP6 stores unencrypted sensitive information in environmental variables files which can be obtained by an authenticated user...

CVE-2025-36102

IBM Controller 11.1.0 through 11.1.1 and IBM Cognos Controller 11.0.0 through 11.0.1 FP6 could allow a privileged user to bypass validation, passing user input into the application as trusted data, due to client-side enforcement of server-side security...

CVE-2025-36015

IBM Controller 11.1.0 through 11.1.1 and IBM Cognos Controller 11.0.0 through 11.0.1 FP6 could allow an authenticated user to cause a denial of service due to improper validation of a specified quantity size input...

CVE-2025-33111

IBM Controller 11.1.0 through 11.1.1 and IBM Cognos Controller 11.0.0 through 11.0.1 FP6 is vulnerable to creation of temporary files without atomic operations which may expose sensitive information to an authenticated user due to race condition attacks...

CVE-2023-53739 Tinycontrol LAN Controller v3 LK3 1.58a Unauthenticated Configuration Backup Disclosure

Tinycontrol LAN Controller v3 LK3 version 1.58a contains an unauthenticated vulnerability that allows remote attackers to download configuration backup files containing sensitive credentials. Attackers can retrieve the lk3settings.bin file and extract base64-encoded user and admin passwords witho...

CVE-2023-53739 Tinycontrol LAN Controller v3 LK3 1.58a Unauthenticated Configuration Backup Disclosure

Tinycontrol LAN Controller v3 LK3 version 1.58a contains an unauthenticated vulnerability that allows remote attackers to download configuration backup files containing sensitive credentials. Attackers can retrieve the lk3settings.bin file and extract base64-encoded user and admin passwords witho...

CVE-2023-53739

Tinycontrol LAN Controller v3 LK3 (version 1.58a) exposes an unauthenticated vulnerability that allows remote attackers to download configuration backup files (lk3_settings.bin) and extract base64-encoded user and admin passwords. Root cause appears to be improper access control on backups, leadi...

EUVD-2025-202031

Insertion of Sensitive Information Into Sent Data vulnerability in INFINITUM FORM Geo Controller cf-geoplugin allows Retrieve Embedded Sensitive Data.This issue affects Geo Controller: from n/a through = 8.9.4...

EUVD-2025-201917

A vulnerability has been identified in SIMATIC CN 4100 All versions V4.0.1. The affected device contains a USB port which allows unauthenticated connections. This could allow an attacker with physical access to the device to trigger reboot that could cause denial of service condition...