[SECURITY] Fedora 42 Update: munge-0.5.18-1.fc42

MUNGE MUNGE Uid 'N' Gid Emporium is an authentication service for creating and validating credentials. It is designed to be highly scalable for use in an HPC cluster environment. It allows a process to authenticate the UID and GID of another local or remote process within a group of hosts having...

EUVD-2024-25196

Malicious code in bioql PyPI...

EUVD-2022-2382

Malicious code in bioql PyPI...

EUVD-2022-6009

Malicious code in bioql PyPI...

EUVD-2022-2338

Malicious code in bioql PyPI...

CVE-2025-47889

In Jenkins WSO2 Oauth Plugin 1.0 and earlier, authentication claims are accepted without validation by the "WSO2 Oauth" security realm, allowing unauthenticated attackers to log in to controllers using this security realm using any username and any password, including usernames that do not exist...

CVE-2025-47889

In Jenkins WSO2 Oauth Plugin 1.0 and earlier, authentication claims are accepted without validation by the "WSO2 Oauth" security realm, allowing unauthenticated attackers to log in to controllers using this security realm using any username and any password, including usernames that do not exist...

CVE-2025-47889

CVE-2025-47889 affects Jenkins WSO2 Oauth Plugin 1.0 and earlier. The root cause is that authentication claims are accepted without validation by the WSO2 Oauth security realm, enabling unauthenticated logins with any username/password (including non-existent usernames). This can grant accessed c...

PT-2025-21242 · Jenkins · Jenkins Wso2 Oauth Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins WSO2 Oauth Plugin versions 1.0 and earlier Description: The issue allows unauthenticated attackers to log in to controllers using the "WSO2 Oauth" security realm with any username and any password, including usernames that do not exis...

CVE-2024-28022

A vulnerability exists in the UNEM server / APIGateway that if exploited allows a malicious user to perform an arbitrary number of authentication attempts using different passwords, and eventually gain access to other components in the same security realm using the targeted account...

BIT-JENKINS-2022-20612

A cross-site request forgery CSRF vulnerability in Jenkins 2.329 and earlier, LTS 2.319.1 and earlier allows attackers to trigger build of job without parameters when no security realm is set...

GHSA-P4WR-9WFM-F9JW Jenkins SAML Single Sign On(SSO) Plugin missing permission check

Jenkins SAML Single Sign OnSSO Plugin 2.3.0 and earlier does not perform a permission check in an HTTP endpoint. This allows attackers with Overall/Read permission to download a string representation of the current security realm Java ObjecttoString, which potentially includes sensitive...

Jenkins SAML Single Sign On(SSO) Plugin missing permission check

Jenkins SAML Single Sign OnSSO Plugin 2.3.0 and earlier does not perform a permission check in an HTTP endpoint. This allows attackers with Overall/Read permission to download a string representation of the current security realm Java ObjecttoString, which potentially includes sensitive...

CVE-2023-37945

A missing permission check in Jenkins SAML Single Sign OnSSO Plugin 2.1.0 through 2.3.0 both inclusive allows attackers with Overall/Read permission to download a string representation of the current security realm...

Information disclosure

A missing permission check in Jenkins SAML Single Sign OnSSO Plugin 2.1.0 through 2.3.0 both inclusive allows attackers with Overall/Read permission to download a string representation of the current security realm...

CVE-2023-37945

A missing permission check in Jenkins SAML Single Sign OnSSO Plugin 2.1.0 through 2.3.0 both inclusive allows attackers with Overall/Read permission to download a string representation of the current security realm...

Oracle Database 19c Access Bypass Vulnerability

Oracle Database Vault had a flaw that would allow unauthorized privileged users to extract data from a protected table. Oracle 19c versions 19.18 and below are affected. Fixed in the Oracle Critical Patch Update October 2022. Title: Oracle Database Vault Protected Table With Realm Data Extraction...

SUSE CVE-2014-2064

The loadUserByUsername function in hudson/security/HudsonPrivateSecurityRealm.java in Jenkins before 1.551 and LTS before 1.532.2 allows remote attackers to determine whether a user exists via vectors related to failed login attempts...

GHSA-5XPC-C4XV-7W62 Path traversal vulnerability in Jenkins PWauth Security Realm Plugin

Jenkins PWauth Security Realm Plugin 0.4 and earlier does not restrict the names of files in methods implementing form validation, allowing attackers with Overall/Read permission to check for the existence of an attacker-specified file path on the Jenkins controller file system...

Path traversal vulnerability in Jenkins PWauth Security Realm Plugin

Jenkins PWauth Security Realm Plugin 0.4 and earlier does not restrict the names of files in methods implementing form validation, allowing attackers with Overall/Read permission to check for the existence of an attacker-specified file path on the Jenkins controller file system...