304 matches found
Missing Authorization
Overview org.jenkins-ci.plugins:job-import-plugin is a package that imports jobs from another Jenkins instance. Affected versions of this package are vulnerable to Missing Authorization via the HTTP endpoint. An attacker can enumerate credential IDs by sending crafted requests if they have...
CVE-2026-48926
Jenkins Job Import Plugin 143.v044a2e819b27 and earlier does not perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins...
CVE-2026-48926
Jenkins Job Import Plugin 143.v044a2e819b27 and earlier does not perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins...
CVE-2026-48926
Jenkins Job Import Plugin 143.v044a2e819b27 and earlier does not perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins...
CVE-2026-48926
The CVE-2026-48926 entry concerns Jenkins Job Import Plugin (versions 143.v044a_2e819b_27 and earlier) where an HTTP endpoint does not enforce a permission check. The flaw enables users with Overall/Read access to enumerate credentials IDs stored in Jenkins, indicating an authorization issue with...
PT-2026-44019
Jenkins Job Import Plugin 143.v044a 2e819b 27 and earlier does not perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins...
Jenkins Job Import Plugin 安全漏洞
The Jenkins Job Import Plugin is an open-source plugin for Jenkins that allows the import and migration of Jenkins tasks. The Jenkins Job Import Plugin versions 143.v044a2e819b27 and earlier contain security vulnerabilities. These vulnerabilities stem from the lack of permission checks at the HTT...
GHSA-PHP6-83FG-GW3G FlowiseAI Exposes Basic Auth Credentials via API
Detection Method: Kolega.dev Deep Code Scan | Attribute | Value | |---|---| | Severity | Medium | | CWE | CWE-522 Insufficiently Protected Credentials | | Location | packages/server/src/enterprise/controllers/account.controller.ts:128-135 | | Practical Exploitability | Medium | | Developer Approv...
PT-2026-41205
Detection Method: Kolega.dev Deep Code Scan | Attribute | Value | |---|---| | Severity | Medium | | CWE | CWE-522 Insufficiently Protected Credentials | | Location | packages/server/src/enterprise/controllers/account.controller.ts:128-135 | | Practical Exploitability | Medium | | Developer Approv...
EUVD-2026-20904
An observable response discrepancy vulnerability in the SonicWall SMA1000 series appliances allows a remote attacker to enumerate SSL VPN user credentials...
CVE-2026-4113
An observable response discrepancy vulnerability in the SonicWall SMA1000 series appliances allows a remote attacker to enumerate SSL VPN user credentials...
CVE-2026-4113
Summary : CVE-2026-4113 affects SonicWall SMA1000 series appliances. An observable response discrepancy allows a remote attacker to enumerate SSL VPN user credentials. Affected products (from connected docs) : SonicWall SMA1000 series appliances (SMA 1000). Impact : Credential enumeration via rem...
CVE-2026-4113
An observable response discrepancy vulnerability in the SonicWall SMA1000 series appliances allows a remote attacker to enumerate SSL VPN user credentials...
CVE-2026-4113
An observable response discrepancy vulnerability in the SonicWall SMA1000 series appliances allows a remote attacker to enumerate SSL VPN user credentials...
SonicWALL SMA1000 安全漏洞
SonicWALL SMA1000 is a series of security mobile access solutions developed by the American company SonicWALL. It simplifies end-to-end secure remote access for enterprise resources across local, cloud, and hybrid data centers. There is a security vulnerability in SonicWall SMA1000, which stems...
SonicWall SMA1000 Series Appliances Affected By Multiple Vulnerabilities
1 CVE-2026-4112 - Privilege Escalation via SQL InjectionImproper neutralization of special elements used in an SQL command “SQL Injection” in SonicWall SMA1000 series appliances allows a remote authenticated attacker with read-only administrator privileges to escalate privileges to primary...
PT-2026-31394
Name of the Vulnerable Software and Affected Versions SonicWall SMA1000 series appliances Description An SQL injection flaw exists in SonicWall SMA1000 series appliances. A remote authenticated attacker with read-only administrator privileges can escalate privileges to primary administrator. The...
PT-2026-31397
Name of the Vulnerable Software and Affected Versions SonicWall SMA1000 series appliances affected versions not specified Description Improper handling of Unicode encoding in SonicWall SMA1000 series appliances allows a remote authenticated SSLVPN user to bypass Workplace/Connect Tunnel TOTP...
PT-2026-31395
Name of the Vulnerable Software and Affected Versions SonicWall SMA1000 series appliances affected versions not specified Description A remote attacker can enumerate SSL VPN user credentials due to an observable response discrepancy. Recommendations At the moment, there is no information about a...
CVE-2026-33419
MinIO is a high-performance object storage system. Prior to RELEASE.2026-03-17T21-25-16Z, MinIO AIStor's STS Security Token Service AssumeRoleWithLDAPIdentity endpoint is vulnerable to LDAP credential brute-forcing due to two combined weaknesses: 1 distinguishable error responses that enable...