Jenkins Eggplant Runner Plugin protection mechanism disabled

Jenkins Eggplant Runner Plugin 0.0.1.301.v963cffe8ddb8 and earlier sets the Java system property jdk.http.auth.tunneling.disabledSchemes to an empty value as part of applying a proxy configuration. This disables a protection mechanism of the Java runtime addressing CVE-2016-5597. As of publicatio...

CVE-2025-64135

Jenkins Eggplant Runner Plugin 0.0.1.301.v963cffe8ddb8 and earlier sets the Java system property jdk.http.auth.tunneling.disabledSchemes to an empty value, disabling a protection mechanism of the Java runtime...

CVE-2025-64135

Jenkins Eggplant Runner Plugin 0.0.1.301.v963cffe8ddb8 and earlier sets the Java system property jdk.http.auth.tunneling.disabledSchemes to an empty value, disabling a protection mechanism of the Java runtime...

CVE-2025-40084

CVE-2025-40084 affects the Linux kernel’s ksmbd transport_ipc path. The flaw arises when handle_response() reads a 4-byte handle from the payload without verifying that the declared payload size is at least 4 bytes, allowing a malformed or truncated ksmbd.mountd message to cause a read past the p...

CVE-2025-64135

Jenkins Eggplant Runner Plugin 0.0.1.301.v963cffe8ddb8 and earlier sets the Java system property jdk.http.auth.tunneling.disabledSchemes to an empty value, disabling a protection mechanism of the Java runtime...

SUSE CVE-2025-40068

In the Linux kernel, the following vulnerability has been resolved: fs: ntfs3: Fix integer overflow in rununpack The MFT record relative to the file being opened contains its runlist, an array containing information about the file's location on the physical disk. Analysis of all Call Stack paths...

PT-2025-44318

Name of the Vulnerable Software and Affected Versions BLU-IC2 versions through 1.19.5 BLU-IC4 versions through 1.19.5 Description A systemic lack of Cross-Site Request Forgery CSRF token implementation exists. This complete absence of CSRF protections in BLU-IC controllers allows for trivial...

Jenkins plugin Eggplant Runner 安全漏洞

Jenkins and Jenkins plugin are both Jenkins open source products.Jenkins is an application software. An open source automation server Jenkins provides hundreds of plugins to support building, deploying and automating any project.Jenkins plugin is an application software plugin. A security...

PT-2026-42470

Name of the Vulnerable Software and Affected Versions Apex One/SEP agent affected versions not specified Description An origin validation error in the process protection communication mechanism allows a local attacker to escalate privileges. To exploit this issue, the attacker must first have the...

Simple OAuth (OAuth2) & OpenID Connect - Critical - Access bypass - SA-CONTRIB-2025-114

This module introduces an OAuth 2.0 authorization server, which can be configured to protect your Drupal instance with access tokens, or allow clients to request new access tokens and refresh them. The module doesn't sufficiently respect granted scopes, it affects all access checks that are based...

Is Protective DNS Blocking the Wild West?

We perform a passive measurement study investigating how a Protective DNS service might perform in a Research & Education Network serving hundreds of member institutions. Utilizing freely-available DNS blocklists consisting of domain names deemed to be threats, we test hundreds of millions of...

CBP Searched a Record Number of Phones at the US Border Over the Past Year

The total number of US Customs and Border Protection device searches jumped by 17 percent over the 2024 fiscal year, but more invasive forensic searches remain relatively rare...

Why Early Threat Detection Is a Must for Long-Term Business Growth

In cybersecurity, speed isn't just a win — it's a multiplier. The faster you learn about emerging threats, the faster you adapt your defenses, the less damage you suffer, and the more confidently your business keeps scaling. Early threat detection isn't about preventing a breach someday: it's abo...

CVE-2025-40077

CVE-2025-40077 is a Linux kernel/FP (F2FS) related fix: the issue was an overflow risk during a left shift involving folio->index. The described root cause is casting folio->index from pgoff_t to loff_t to prevent overflow, with the correction implemented in f2fs code paths. The connected O...

EUVD-2025-36460

In the Linux kernel, the following vulnerability has been resolved: fs: ntfs3: Fix integer overflow in rununpack The MFT record relative to the file being opened contains its runlist, an array containing information about the file's location on the physical disk. Analysis of all Call Stack paths...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a failure to use a lock protection mechanism, which could lead to a race condition...

EUVD-2025-36224

Relative Path Traversal vulnerability in Apache Tomcat. The fix for bug 60013 introduced a regression where the rewritten URL was normalized before it was decoded. This introduced the possibility that, for rewrite rules that rewrite query parameters to the URL, an attacker could manipulate the...

CVE-2023-49440

AhnLab EPP 1.0.15 is vulnerable to SQL Injection via the "preview parameter."...

EUVD-2025-36108

The IDonate WordPress plugin before 2.1.13 does not have authorisation and CSRF when deleting users via an action handler, allowing unauthenticated attackers to delete arbitrary users...

CVE-2025-11154

The IDonate WordPress plugin before 2.1.13 does not have authorisation and CSRF when deleting users via an action handler, allowing unauthenticated attackers to delete arbitrary users...