CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

189 matches found

Snyk•added 2026/03/05 12:20 a.m.•5 views

Directory Traversal

Overview @backstage/integration is a Helpers for managing integrations towards external systems Affected versions of this package are vulnerable to Directory Traversal via the SCM URL parsing. An attacker can access unauthorized SCM provider API endpoints by supplying specially crafted SCM URLs...

5.1CVSS6.3AI score0.00348EPSS

Exploits0References2

Github Security Blog•added 2026/03/05 12:20 a.m.•6 views

Backstage vulnerable to potential reading of SCM URLs using built in token

Impact A vulnerability in the SCM URL parsing used by Backstage integrations allowed path traversal sequences in encoded form to be included in file paths. When these URLs were processed by integration functions that construct API URLs, the traversal segments could redirect requests to unintended...

2.7CVSS5.9AI score0.00348EPSS

Exploits0References3Affected Software1

CNNVD•added 2026/03/05 12:0 a.m.•5 views

EPSON ESC/POS 访问控制错误漏洞

EPSON ESC/POS is a protocol used by the Japanese company EPSON for controlling POS printers. EPSON ESC/POS has a vulnerability related to access control. This vulnerability stems from the lack of user authentication and command authorization mechanisms, no control over network communication sourc...

9.8CVSS5.8AI score0.00447EPSS

Exploits0References3

Positive Technologies•added 2026/03/05 12:0 a.m.•3 views

PT-2026-23440

Name of the Vulnerable Software and Affected Versions Backstage versions prior to 1.20.1 Description Backstage is a framework for building developer portals. A flaw in how Backstage handles SCM URLs within integrations permitted path traversal sequences, even when encoded. This allowed requests t...

2.7CVSS5.8AI score0.00348EPSS

Exploits0References6

CNNVD•added 2026/01/26 12:0 a.m.•4 views

pnpm post-link vulnerability

PNPM is a package manager developed by the open-source project Pnpm. Prior to version 10.28.2, Pnpm had a backlink vulnerability. This vulnerability stemmed from the use of symbolic links when installing dependencies via file: or git:. Such practices could lead to local data leaks...

6.7CVSS5.8AI score0.00469EPSS

Exploits1References3

RedhatCVE•added 2025/11/13 9:51 p.m.•9 views

CVE-2025-33119

IBM QRadar SIEM 7.5 through 7.5.0 UP14 stores user credentials in configuration files in source control which can be read by an authenticated user...

6.5CVSS6.6AI score0.00208EPSS

Exploits0References1

EUVD•added 2025/11/13 12:30 a.m.•3 views

EUVD-2025-150401

IBM QRadar SIEM 7.5 through 7.5.0 UP14 stores user credentials in configuration files in source control which can be read by an authenticated user...

6.5CVSS6AI score0.00208EPSS

Exploits0References2

OSV•added 2025/11/12 10:15 p.m.•4 views

CVE-2025-33119

IBM QRadar SIEM 7.5 through 7.5.0 UP14 stores user credentials in configuration files in source control which can be read by an authenticated user...

6.5CVSS5.8AI score0.00208EPSS

Exploits0References1

NVD•added 2025/11/12 10:15 p.m.•4 views

CVE-2025-33119

IBM QRadar SIEM 7.5 through 7.5.0 UP14 stores user credentials in configuration files in source control which can be read by an authenticated user...

6.5CVSS0.00208EPSS

Exploits0References1

CVE•added 2025/11/12 9:19 p.m.•11 views

CVE-2025-33119

CVE-2025-33119 affects IBM QRadar SIEM versions 7.5 through 7.5.0 UP14. The underlying issue is the improper storage of credentials in configuration files within source control, which an authenticated user can read, leading to potential credential disclosure. The CVSS base score is 6.5 (Medium) w...

6.5CVSS6.1AI score0.00208EPSS

Exploits0References1Affected Software1

Cvelist•added 2025/11/12 9:19 p.m.•6 views

CVE-2025-33119 IBM QRadar SIEM Information Disclosure

IBM QRadar SIEM 7.5 through 7.5.0 UP14 stores user credentials in configuration files in source control which can be read by an authenticated user...

6.5CVSS0.00208EPSS

Exploits0References1

Vulnrichment•added 2025/11/12 9:19 p.m.•4 views

CVE-2025-33119 IBM QRadar SIEM Information Disclosure

IBM QRadar SIEM 7.5 through 7.5.0 UP14 stores user credentials in configuration files in source control which can be read by an authenticated user...

6.5CVSS6.1AI score0.00208EPSS

Exploits0References1

IBM Security Bulletins•added 2025/11/12 12:15 p.m.•4 views

Security Bulletin: IBM QRadar SIEM is affected by improper storage of credentials in configuration files

Summary IBM QRadar SIEM is affected by improper storage of credentials in configuration files in source control. IBM has addressed the issue in the latest update. Vulnerability Details CVEID:CVE-2025-33119 DESCRIPTION: IBM QRadar SIEM stores user credentials in configuration files in source contr...

6.5CVSS6.7AI score0.00208EPSS

Exploits0Affected Software1

Positive Technologies•added 2025/11/12 12:0 a.m.•3 views

PT-2025-46718

Name of the Vulnerable Software and Affected Versions IBM QRadar SIEM versions 7.5 through 7.5.0 UP14 Description IBM QRadar SIEM versions 7.5 through 7.5.0 UP14 stores user credentials in configuration files within source control. An authenticated user can read these credentials. Recommendations...

6.5CVSS6.5AI score0.00208EPSS

Exploits0References4

Github Security Blog•added 2025/10/29 3:31 p.m.•6 views

Jenkins MCP Server Plugin does not perform permission checks in multiple MCP tools

Jenkins MCP Server Plugin 0.84.v50ca24ef83f2 and earlier does not perform permission checks in several MCP tools. This allows to do the following: - Attackers with Item/Read permission can obtain information about the configured SCM in a job despite lacking Item/Extended Read permission getJobScm...

5.4CVSS6.5AI score0.00218EPSS

Exploits0References5Affected Software1

EUVD•added 2025/10/07 12:30 a.m.•5 views

EUVD-2017-16560

Malware in sbrugna...

9.8CVSS9.3AI score0.01377EPSS

Exploits0References4

EUVD•added 2025/10/07 12:30 a.m.•3 views

EUVD-2021-11693

Malware in sbrugna...

4.3CVSS4.7AI score0.00768EPSS

Exploits2References3