EUVD-2022-3653

Malicious code in bioql PyPI...

EUVD-2022-3300

Malicious code in bioql PyPI...

EUVD-2023-1546

Malicious code in bioql PyPI...

EUVD-2022-2484

Malicious code in bioql PyPI...

EUVD-2022-2516

Malicious code in bioql PyPI...

CVE-2025-53650

Jenkins Credentials Binding Plugin 687.v619cb15e923f and earlier does not properly mask i.e., replace with asterisks credentials present in exception error messages that are written to the build log...

CVE-2019-1003097

Jenkins Crowd Integration Plugin stores credentials unencrypted in the global config.xml configuration file on the Jenkins master where they can be viewed by users with access to the master file system...

CVE-2017-1000245

The SSH Plugin stores credentials which allow jobs to access remote servers via the SSH protocol. User passwords and passphrases for encrypted SSH keys are stored in plaintext in a configuration file...

CVE-2019-1003095

Jenkins Perfecto Mobile Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system...

CVE-2019-1003061

Jenkins jenkins-cloudformation-plugin Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system...

CVE-2018-1999028

An exposure of sensitive information vulnerability exists in Jenkins Accurev Plugin 0.7.16 and earlier in AccurevSCM.java that allows attackers to capture credentials with a known credentials ID stored in Jenkins...

Vulnerabilities fixed in VMware Aria Operations

VMware has fixed vulnerabilities in VMware Aria Operations. The vulnerabilities include an information leak that allows malicious users with View Only Admin privileges to potentially read the login credentials of integrated VMware products. In addition, there is a stored cross-site scripting...

CVE-2025-22222

VMware Aria Operations contains an information disclosure vulnerability. A malicious user with non-administrative privileges may exploit this vulnerability to retrieve credentials for an outbound plugin if a valid service credential ID is known...

PT-2025-4398 · Vmware · Vmware Aria Operations

Name of the Vulnerable Software and Affected Versions: VMware Aria Operations affected versions not specified Description: The issue is related to an information disclosure vulnerability in VMware Aria Operations. A malicious user with non-administrative privileges may exploit this vulnerability ...

VMware Aria Operations 安全漏洞

VMware Aria Operations is a unified, AI-driven, self-driving IT operations management platform for private, hybrid, and multi-cloud environments from VMware. A security vulnerability exists in VMware Aria Operations. An attacker could exploit the vulnerability to retrieve plug-in credentials...

CVE-2020-2309

A missing/An incorrect permission check in Jenkins Kubernetes Plugin 1.27.3 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins...

CVE-2020-2188

A missing permission check in Jenkins Amazon EC2 Plugin 1.50.1 and earlier in form-related methods allowed users with Overall/Read access to enumerate credentials ID of credentials stored in Jenkins...

Command injection

Jenkins QMetry for JIRA - Test Management Plugin transmits credentials in its configuration in plain text as part of job configuration forms, potentially resulting in their exposure...

CVE-2019-10467

Jenkins Sonar Gerrit Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system...