CVE-2025-64144

Jenkins ByteGuard Build Actions Plugin 1.0 stores API tokens unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Item/Extended Read permission, or access to the Jenkins controller file system...

CVE-2025-64144

Jenkins ByteGuard Build Actions Plugin 1.0 stores API tokens unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Item/Extended Read permission, or access to the Jenkins controller file system...

CVE-2025-64143

Jenkins OpenShift Pipeline Plugin 1.0.57 and earlier stores authorization tokens unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Item/Extended Read permission, or access to the Jenkins controller file system...

CVE-2025-64143

Jenkins OpenShift Pipeline Plugin 1.0.57 and earlier stores authorization tokens unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Item/Extended Read permission, or access to the Jenkins controller file system...

CVE-2025-64143

The CVE-2025-64143 issue affects the Jenkins OpenShift Pipeline Plugin, version 1.0.57 and earlier, which stores authorization tokens unencrypted in job config.xml on the Jenkins controller. This allows users with Item/Extended Read permission or control‑plane access to view tokens, exposing sens...

net: nfc: nci: Add parameter validation for packet data

...

Azure Access Technology BLU-IC2和Azure Access Technology BLU-IC4 安全漏洞

The Azure Access Technology BLU-IC2 and Azure Access Technology BLU-IC4 are both networked access controllers from Azure Access Technology, USA. An information disclosure vulnerability exists in Azure Access Technology BLU-IC2 and Azure Access Technology BLU-IC4, which is caused by incorrect...

PT-2025-44293

Name of the Vulnerable Software and Affected Versions Jenkins ByteGuard Build Actions Plugin version 1.0 Description The Jenkins ByteGuard Build Actions Plugin version 1.0 stores API tokens unencrypted in config.xml files on the Jenkins controller. These files are accessible to users with...

PT-2025-44295

Name of the Vulnerable Software and Affected Versions Jenkins Curseforge Publisher Plugin version 1.0 Description The Jenkins Curseforge Publisher Plugin version 1.0 stores API Keys unencrypted in config.xml files on the Jenkins controller. These files are accessible to users with Item/Extended...

Jenkins Azure CLI Plugin 安全漏洞

Jenkins Azure CLI Plugin is an open source command line plugin for Jenkins. A security vulnerability exists in Jenkins Azure CLI Plugin version 0.9 and earlier, which stems from an unrestricted number of commands that can be executed on the Jenkins controller, which could lead to the execution of...

Aviatrix Controller Unrestricted Upload of File (CVE-2021-40870)

While the Aviatrix UI requires authentication, many API calls do not enforce a check for authentication. Some of these API calls allow an unauthenticated attacker to upload arbitrary files, including .php scripts, to the filesystem. These uploaded scripts will be processed by the web frontend,...

CVE-2025-12304

A vulnerability has been found in dulaiduwang003 TIME-SEA-PLUS up to fb299162f18498dd9cf17da906886d80a077d53b. This affects the function alipayIsSucceed of the file PayController.java of the component Order Status Handler. The manipulation leads to improper authorization. Remote exploitation of t...

CVE-2025-12297

A vulnerability was detected in atjiu pybbs up to 6.0.0. This affects an unknown function of the file UserApiController.java. The manipulation results in information disclosure. The attack may be launched remotely. The exploit is now public and may be used...

CVE-2025-12351

Honeywell S35 Series Cameras contains an authorization bypass Vulnerability through User controller key. An attacker could potentially exploit this vulnerability, leading to Privilege Escalation to admin privileged functionalities . Honeywell also recommends updating to the most recent version of...

CVE-2025-40076

The CVE-2025-40076 entry describes a Linux kernel PCI issue in the rcar-host driver where the MSI parent IRQ domain could be NULL due to how irq_domain_info is passed during a transition to msi_create_parent_irq_domain(). This could cause a NULL pointer dereference in generic_handle_domain_irq() ...

CVE-2025-40043 net: nfc: nci: Add parameter validation for packet data

In the Linux kernel, the following vulnerability has been resolved: net: nfc: nci: Add parameter validation for packet data Syzbot reported an uninitialized value bug in nciinitreq, which was introduced by commit 5aca7966d2a7 "Merge tag 'perf-tools-fixes-for-v6.17-2025-09-16' of...

PT-2025-44225

Name of the Vulnerable Software and Affected Versions Supermicro BMC firmware versions affected versions not specified Description The Supermicro BMC firmware contains a flaw in its validation logic. An attacker can exploit this to update the system firmware with a specially crafted image...

CVE-2025-12304

A vulnerability has been found in dulaiduwang003 TIME-SEA-PLUS up to fb299162f18498dd9cf17da906886d80a077d53b. This affects the function alipayIsSucceed of the file PayController.java of the component Order Status Handler. The manipulation leads to improper authorization. Remote exploitation of t...

CVE-2025-12305 quequnlong shiyi-blog Job SysJobController.java deserialization

A vulnerability was found in quequnlong shiyi-blog up to 1.2.1. This impacts an unknown function of the file src/main/java/com/mojian/controller/SysJobController.java of the component Job Handler. The manipulation results in deserialization. The attack can be executed remotely. The exploit has be...

CVE-2025-12305 quequnlong shiyi-blog Job SysJobController.java deserialization

A vulnerability was found in quequnlong shiyi-blog up to 1.2.1. This impacts an unknown function of the file src/main/java/com/mojian/controller/SysJobController.java of the component Job Handler. The manipulation results in deserialization. The attack can be executed remotely. The exploit has be...