CVE-2018-1000150

An exposure of sensitive information vulnerability exists in Jenkins Reverse Proxy Auth Plugin 1.5 and older in ReverseProxySecurityRealmauthContext that allows attackers with local file system access to obtain a list of authorities for logged in users...

EUVD-2018-3480

Malware in sbrugna...

EUVD-2021-26269

Malware in sbrugna...

EUVD-2017-0218

Malware in sbrugna...

EUVD-2025-23852

Malicious code in bioql PyPI...

EUVD-2022-3637

Malicious code in bioql PyPI...

EUVD-2022-3655

Malicious code in bioql PyPI...

EUVD-2022-3572

Malicious code in bioql PyPI...

EUVD-2022-3573

Malicious code in bioql PyPI...

CVE-2025-50234

MCCMS v2.7.0 has an SSRF vulnerability located in the index method of the sys\apps\controllers\api\Gf.php file, where the pic parameter is processed. The pic parameter is decrypted using the sysauth$pic, 1 function, which utilizes a hard-coded key McEncryptionKey bD2voYwPpNuJ7B8, defined in the...

CVE-2022-38708

IBM Cognos Analytics 11.1.7 11.2.0, and 11.2.1 could be vulnerable to a Server-Side Request Forgery Attack SSRF attack by constructing URLs from user-controlled data. This could enable attackers to make arbitrary requests to the internal network or to the local file system. IBM X-Force ID: 234180...

CVE-2021-39913

Accidental logging of system root password in the migration log in all versions of GitLab CE/EE before 14.2.6, all versions starting from 14.3 before 14.3.4, and all versions starting from 14.4 before 14.4.1 allows an attacker with local file system access to obtain system root-level privileges...

CVE-2018-1000196

A exposure of sensitive information vulnerability exists in Jenkins Gitlab Hook Plugin 1.4.2 and older in gitlabnotifier.rb, views/gitlabnotifier/global.erb that allows attackers with local Jenkins master file system access or control of a Jenkins administrator's web browser e.g. malicious...

BIT-GITLAB-2021-39913

Accidental logging of system root password in the migration log in all versions of GitLab CE/EE before 14.2.6, all versions starting from 14.3 before 14.3.4, and all versions starting from 14.4 before 14.4.1 allows an attacker with local file system access to obtain system root-level privileges...

Information Disclosure

gitlab is vulnerable to Information Disclosure. The vulnerability exists due to the insertion of sensitive information into log file which allows an attacker with local file system access to obtain system root-level privileges...

CVE-2023-25261

Certain Stimulsoft GmbH products are affected by: Remote Code Execution. This affects Stimulsoft Designer Desktop 2023.1.4 and Stimulsoft Designer Web 2023.1.3 and Stimulsoft Viewer Web 2023.1.3. Access to the local file system is not prohibited in any way. Therefore, an attacker may include sour...

Jenkins z/OS Connector Plugin allows local attacker to retrieve configured password

A exposure of sensitive information vulnerability exists in Jenkins z/OS Connector Plugin 1.2.6.1 and earlier in SCLMSCM.java that allows an attacker with local file system access or control of a Jenkins administrator's web browser e.g. malicious extension to retrieve the configured password. IBM...

GHSA-CG6Q-GP23-VWX8 Jenkins Crowd 2 Integration Plugin stored credentials in plain text

An insufficiently protected credentials vulnerability exists in Jenkins Crowd 2 Integration Plugin 2.0.0 and earlier in CrowdSecurityRealm.java, CrowdConfigurationService.java that allows attackers with local file system access to obtain the credentials used to connect to Crowd 2...

Jenkins Crowd 2 Integration Plugin stored credentials in plain text

An insufficiently protected credentials vulnerability exists in Jenkins Crowd 2 Integration Plugin 2.0.0 and earlier in CrowdSecurityRealm.java, CrowdConfigurationService.java that allows attackers with local file system access to obtain the credentials used to connect to Crowd 2...

GitLab < 14.2.6 (CVE-2021-39913)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - Accidental logging of system root password in the migration log in all versions of GitLab CE/EE before 14.2.6, all versions starting from 14.3 before 14.3.4, and all versions starting from 14.4 before...