CVE-2026-57287

Jenkins Job Configuration History Plugin 1356.ve360da6c523a and earlier does not redact the encrypted values of secrets when displaying historical job and agent configurations, allowing attackers with Extended Read permission to view encrypted secret values that would otherwise be redacted...

EUVD-2026-38767

Jenkins Job Configuration History Plugin 1356.ve360da6c523a and earlier does not redact the encrypted values of secrets when displaying historical job and agent configurations, allowing attackers with Extended Read permission to view encrypted secret values that would otherwise be redacted...

CVE-2026-8671 Log Files contain encrypted secrets

Insertion of sensitive information into log file vulnerability in syslink software AG Avantra on Linux, Windows allows Resource Leak Exposure. This issue affects Avantra: before 25.3.0...

CVE-2026-8671 Log Files contain encrypted secrets

Insertion of sensitive information into log file vulnerability in syslink software AG Avantra on Linux, Windows allows Resource Leak Exposure. This issue affects Avantra: before 25.3.0...

CVE-2026-8671

CVE-2026-8671 : The connected records describe an issue in Syslink Software AG Avantra for Linux and Windows where sensitive information can be inserted into log files, resulting in a resource leak exposure. Affected scope is Avantra older than 25.3.0. The CVSS 3.1 metrics indicate an adjacent at...

EUVD-2025-6147

Malicious code in bioql PyPI...

EUVD-2025-16319

Malicious code in bioql PyPI...

EUVD-2022-5499

Malicious code in bioql PyPI...

EUVD-2025-9526

Malicious code in bioql PyPI...

EUVD-2025-6148

Malicious code in bioql PyPI...

Fortinet FortiPortal Log Message Disclosure Vulnerability

Fortinet FortiPortal is an advanced, feature-rich hosted security analysis and management support tool for Fortinet's FortiGate, FortiWiFi and FortiAP product lines, available as a virtual machine for MSPs. Fortinet FortiPortal suffers from a log information disclosure vulnerability that originat...

CVE-2025-46777

A insertion of sensitive information into log file in Fortinet FortiPortal versions 7.4.0, versions 7.2.0 through 7.2.5, and versions 7.0.0 through 7.0.9 may allow an authenticated attacker with at least read-only admin permissions to view encrypted secrets via the FortiPortal System Log...

CVE-2025-46777

A insertion of sensitive information into log file in Fortinet FortiPortal versions 7.4.0, versions 7.2.0 through 7.2.5, and versions 7.0.0 through 7.0.9 may allow an authenticated attacker with at least read-only admin permissions to view encrypted secrets via the FortiPortal System Log...

CVE-2025-46777

A insertion of sensitive information into log file in Fortinet FortiPortal versions 7.4.0, versions 7.2.0 through 7.2.5, and versions 7.0.0 through 7.0.9 may allow an authenticated attacker with at least read-only admin permissions to view encrypted secrets via the FortiPortal System Log...

CVE-2025-46777

Fortinet FortiPortal is affected by a log information disclosure vulnerability. In FortiPortal versions 7.4.0, 7.2.0–7.2.5, and 7.0.0–7.0.9, an authenticated user with at least read-only admin permissions may cause sensitive data to be written to the system log, allowing viewing of encrypted secr...

Fortinet FortiPortal 日志信息泄露漏洞

Fortinet FortiPortal is an advanced, feature-rich hosted security analysis and management support tool for Fortinet's FortiGate, FortiWiFi and FortiAP product lines, available as a virtual machine for MSPs. Fortinet FortiPortal suffers from a log information disclosure vulnerability that originat...

PT-2025-23069 · Fortinet · Fortiportal

Name of the Vulnerable Software and Affected Versions: Fortinet FortiPortal versions 7.0.0 through 7.0.9 Fortinet FortiPortal versions 7.2.0 through 7.2.5 Fortinet FortiPortal version 7.4.0 Description: The issue allows an authenticated attacker with at least read-only admin permissions to view...

BIT-JENKINS-2025-31721

A missing permission check in Jenkins 2.503 and earlier, LTS 2.492.2 and earlier allows attackers with Computer/Create permission but without Computer/Configure permission to copy an agent, gaining access to encrypted secrets in its configuration...

Missing Authorization

Overview org.jenkins-ci.main:jenkins-core is an open source automation server. Affected versions of this package are vulnerable to Missing Authorization in the doCreateItem method. A user with Computer/Create permission can copy an agent and thereby access encrypted secrets in its configuration...

GHSA-WR6W-JXG7-QPFH Jenkins Missing Permission Check

Jenkins 2.503 and earlier, LTS 2.492.2 and earlier does not perform a permission check in an HTTP endpoint. This allows attackers with Computer/Create permission but without Computer/Configure permission to copy an agent, gaining access to encrypted secrets in its configuration. This is due to an...