92 matches found
CVE-2026-10528
Orthanc DICOM Server (
EUVD-2026-33854
A security flaw has been discovered in Orthanc DICOM Server up to 1.12.11. This issue affects the function DcmItem::read of the file OrthancFramework/Sources/DicomParsing/FromDcmtkBridge.cpp of the component DCMTK Parser. Performing a manipulation results in stack-based buffer overflow. Attacking...
CVE-2026-33003
Jenkins LoadNinja Plugin 2.1 and earlier stores LoadNinja API keys unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system...
Sensitive Information Disclosure
Jenkins Curseforge Publisher Plugin is vulnerable to Sensitive Information Disclosure. The vulnerability is due to storing API keys in plaintext in job configuration files, allowing users with Item/Extended Read permission or file system access on the Jenkins controller to view and misuse the...
EUVD-2022-1003
Malicious code in bioql PyPI...
EUVD-2022-4887
Malicious code in bioql PyPI...
EUVD-2022-6349
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2019-20165
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in GPAC version 0.8.0 and 0.9.0-development-20191109. There is a NULL pointer dereference in the function ilstitemRead in...
Credential Exposure
Overview Affected versions of this package are vulnerable to Credential Exposure in the storage of credentials in config.xml files. An attacker can obtain sensitive information by accessing these files either through the Jenkins controller file system or by having Item/Extended Read permission...
CVE-2025-53656
Jenkins ReadyAPI Functional Testing Plugin 1.11 and earlier stores SLM License Access Keys, client secrets, and passwords unencrypted in job config.xml files on the Jenkins controller, where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file...
PT-2025-28905 · Jenkins · Jenkins Aqua Security Scanner Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Aqua Security Scanner Plugin versions 3.2.8 and earlier Description: The Jenkins Aqua Security Scanner Plugin stores Scanner Tokens for the Aqua API unencrypted in job config.xml files on the Jenkins controller. These tokens are...
CVE-2020-19488
An issue was discovered in boxcodeapple.c:119 in Gpac MP4Box 0.8.0, allows attackers to cause a Denial of Service due to an invalid read on function ilstitemRead...
CVE-2019-1003045
A vulnerability in Jenkins ECS Publisher Plugin 1.0.0 and earlier allows attackers with Item/Extended Read permission, or local file system access to the Jenkins home directory to obtain the API token configured in this plugin's configuration...
CVE-2017-1000105
The optional Run/Artifacts permission can be enabled by setting a Java system property. Blue Ocean did not check this permission before providing access to archived artifacts, Item/Read permission was sufficient...
Jenkins monitor-remote-job Plugin Stores Passwords Unencrypted
Jenkins monitor-remote-job Plugin 1.0 stores passwords unencrypted in job config.xml files on the Jenkins controller as part of its configuration. These passwords can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system. As of publication of this...
GHSA-MR9J-QQJH-67F2 Jenkins Subversion Partial Release Manager Plugin missing permission check
A missing permission check in Jenkins Subversion Partial Release Manager Plugin 1.0.1 and earlier allows attackers with Item/Read permission to trigger a build...
CVE-2024-28159
A missing permission check in Jenkins Subversion Partial Release Manager Plugin 1.0.1 and earlier allows attackers with Item/Read permission to trigger a build...
CVE-2024-28159
A missing permission check in Jenkins Subversion Partial Release Manager Plugin 1.0.1 and earlier allows attackers with Item/Read permission to trigger a build...
CVE-2024-28159
A missing permission check in Jenkins Subversion Partial Release Manager Plugin 1.0.1 and earlier allows attackers with Item/Read permission to trigger a build...
Sensitive Information Exposure
jenkins-core is vulnerable to Sensitive Information Exposure. The vulnerability is due to the fitsSearchBuildVariables method in HistoryPageFilter.java. This method handles all build variables the same way without considering it's sensitivity which can lead attackers with Item/Read permission to...