4936 matches found
CVE-2025-28886
Cross-Site Request Forgery CSRF vulnerability in xjb REST API TO MiniProgram rest-api-to-miniprogram allows Cross Site Request Forgery.This issue affects REST API TO MiniProgram: from n/a through = 5.1.2...
CVE-2025-27494
A vulnerability has been identified in SiPass integrated AC5102 ACC-G2 All versions V6.4.9, SiPass integrated ACC-AP All versions V6.4.9. Affected devices improperly sanitize input for the pubkey endpoint of the REST API. This could allow an authenticated remote administrator to escalate privileg...
WordPress REST API TO MiniProgram plugin <= 5.1.2 - Cross Site Request Forgery (CSRF) vulnerability
Cross Site Request Forgery CSRF vulnerability discovered by Skalucy in WordPress Plugin REST API TO MiniProgram versions = 5.1.2...
CVE-2025-28886
Cross-Site Request Forgery CSRF vulnerability in xjb REST API TO MiniProgram rest-api-to-miniprogram allows Cross Site Request Forgery.This issue affects REST API TO MiniProgram: from n/a through = 5.1.2...
CVE-2025-28886
CVE-2025-28886 : A CSRF vulnerability in the WordPress plugin REST API TO MiniProgram affects the REST API TO MiniProgram plugin (versions up to 4.7.1; WordPress records also reference up to 5.1.2). The issue enables Cross-Site Request Forgery, enabling an attacker to cause the application to per...
CVE-2025-28886 WordPress REST API TO MiniProgram plugin <= 5.1.2 - Cross Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery CSRF vulnerability in xjb REST API TO MiniProgram rest-api-to-miniprogram allows Cross Site Request Forgery.This issue affects REST API TO MiniProgram: from n/a through = 5.1.2...
CVE-2025-28886 WordPress REST API TO MiniProgram plugin <= 5.1.2 - Cross Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery CSRF vulnerability in xjb REST API TO MiniProgram rest-api-to-miniprogram allows Cross Site Request Forgery.This issue affects REST API TO MiniProgram: from n/a through = 5.1.2...
CVE-2025-27494
A vulnerability has been identified in SiPass integrated AC5102 ACC-G2 All versions V6.4.9, SiPass integrated ACC-AP All versions V6.4.9. Affected devices improperly sanitize input for the pubkey endpoint of the REST API. This could allow an authenticated remote administrator to escalate privileg...
Information Disclosure
Jenkins is vulnerable to information disclosure. The vulnerability is due to improper redaction of encrypted secret values in config.xml when accessed via REST API or CLI, allowing attackers with View/Read permission to retrieve sensitive information...
CVE-2025-27494
CVE-2025-27494 affects Siemens SiPass integrated AC5102 (ACC-G2) and ACC-AP with all versions before V6.4.9. The issue stems from improper input sanitization at the REST API’s pubkey endpoint, enabling an authenticated remote administrator to inject commands that run with root privileges. Connect...
CVE-2025-27494
A vulnerability has been identified in SiPass integrated AC5102 ACC-G2 All versions V6.4.9, SiPass integrated ACC-AP All versions V6.4.9. Affected devices improperly sanitize input for the pubkey endpoint of the REST API. This could allow an authenticated remote administrator to escalate privileg...
CVE-2025-27494
A vulnerability has been identified in SiPass integrated AC5102 ACC-G2 All versions V6.4.9, SiPass integrated ACC-AP All versions V6.4.9. Affected devices improperly sanitize input for the pubkey endpoint of the REST API. This could allow an authenticated remote administrator to escalate privileg...
PT-2025-10746 · Unknown · Sipass Integrated Acc-Ap +1
Name of the Vulnerable Software and Affected Versions: SiPass integrated AC5102 ACC-G2 versions prior to V6.4.9 SiPass integrated ACC-AP versions prior to V6.4.9 Description: A vulnerability has been identified where affected devices improperly sanitize input for the "pubkey" endpoint of the REST...
BIT-JENKINS-2025-27622
Jenkins 2.499 and earlier, LTS 2.492.1 and earlier does not redact encrypted values of secrets when accessing config.xml of agents via REST API or CLI, allowing attackers with Agent/Extended Read permission to view encrypted values of secrets...
BIT-JENKINS-2025-27623
Jenkins 2.499 and earlier, LTS 2.492.1 and earlier does not redact encrypted values of secrets when accessing config.xml of views via REST API or CLI, allowing attackers with View/Read permission to view encrypted values of secrets...
CVE-2025-27623
A flaw was found in Jenkins. Affected versions of Jenkins do not redact encrypted values of secrets when accessing the config.xml of views via REST API or CLI. This flaw allows attackers with view/read permission to view encrypted values of secrets...
Jenkins reveals encrypted values of secrets stored in agent configuration to users with Agent/Extended Read permission
Jenkins 2.499 and earlier, LTS 2.492.1 and earlier does not redact encrypted values of secrets when accessing config.xml of agents via REST API or CLI. This allows attackers with Agent/Extended Read permission to view encrypted values of secrets. Jenkins 2.500, LTS 2.492.2 redacts the encrypted...
Jenkins reveals encrypted values of secrets stored in agent configuration to users with Agent/Extended Read permission
Jenkins 2.499 and earlier, LTS 2.492.1 and earlier does not redact encrypted values of secrets when accessing config.xml of views via REST API or CLI. This allows attackers with View/Read permission to view encrypted values of secrets. Jenkins 2.500, LTS 2.492.2 redacts the encrypted values of...
GHSA-P34J-R3CH-C985 Jenkins reveals encrypted values of secrets stored in agent configuration to users with Agent/Extended Read permission
Jenkins 2.499 and earlier, LTS 2.492.1 and earlier does not redact encrypted values of secrets when accessing config.xml of agents via REST API or CLI. This allows attackers with Agent/Extended Read permission to view encrypted values of secrets. Jenkins 2.500, LTS 2.492.2 redacts the encrypted...
Cleartext Storage of Sensitive Information
Overview org.jenkins-ci.main:jenkins-core is an open source automation server. Affected versions of this package are vulnerable to Cleartext Storage of Sensitive Information due to improper redaction of encrypted values in config.xml when accessed via REST API or CLI. An attacker with View/Read...