1858 matches found
CVE-2025-58460
A missing permission check in Jenkins OpenTelemetry Plugin 3.1543.v8446b92bcd64 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...
CVE-2024-49731
In apk-versions.txt, there is a possible corruption of telemetry opt-in settings on other watches when setting up a new Pixel Watch due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for...
CVE-2024-49731
In apk-versions.txt, there is a possible corruption of telemetry opt-in settings on other watches when setting up a new Pixel Watch due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for...
CVE-2024-49731
CVE-2024-49731 affects Wear OS on Pixel Watch during setup, where a logic error in apk-versions.txt can corrupt telemetry opt-in settings on other watches. Impact stated: local privilege escalation without additional execution privileges; user interaction is required to exploit. Documents consist...
CVE-2024-49731
In apk-versions.txt, there is a possible corruption of telemetry opt-in settings on other watches when setting up a new Pixel Watch due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for...
CVE-2024-49731
In apk-versions.txt, there is a possible corruption of telemetry opt-in settings on other watches when setting up a new Pixel Watch due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for...
PT-2025-36084
Name of the Vulnerable Software and Affected Versions: Pixel Watch affected versions not specified Description: A logic error in the code may lead to corruption of telemetry opt-in settings on other watches during the setup of a new Pixel Watch. This could result in local escalation of privilege...
io.jenkins.plugins:junit-sql-storage (>=322.ve33b_238fb_757 <=324.v90e2a_a_a_a_0dd7) potentially affected by CVE-2025-58460 via io.jenkins.plugins:opentelemetry (=3.1215.vc9db_a_0b_34c2a_)
io.jenkins.plugins:opentelemetry MAVEN version =3.1215.vc9dba0b34c2a is affected by a known vulnerability. The following packages have a transitive dependency on io.jenkins.plugins:opentelemetry and may be impacted: - io.jenkins.plugins:junit-sql-storage =322.ve33b238fb757, =324.v90e2aaaa0dd7...
CVE-2025-58460
A missing permission check in Jenkins OpenTelemetry Plugin 3.1543.v8446b92bcd64 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...
CVE-2025-58460
A missing permission check in Jenkins OpenTelemetry Plugin 3.1543.v8446b92bcd64 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...
CVE-2025-58460
A missing permission check in Jenkins OpenTelemetry Plugin 3.1543.v8446b92bcd64 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...
CVE-2025-58460
A missing permission check in Jenkins OpenTelemetry Plugin 3.1543.v8446b92bcd64 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...
MAL-2025-46933 Malicious code in monolith-twirp-modelsgateway-telemetry (RubyGems)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 62052c32a08bc8af05a1012fc5a5e9b63a09eea906ff0affeeef77f4604b70ec The OpenSSF Package Analysis project identified 'monolith-twirp-modelsgateway-telemetry' @ 1.0.0 rubygems as malicious. It is considered malicio...
GHSA-8F82-53H8-2P34 vulnerabilities
Vulnerabilities for packages: splunk-otel-collector-fips, splunk-otel-collector, vault...
CVE-2025-20262
CVE-2025-20262 affects Cisco Nexus 3000/9000 NX-OS standalone in PIM6. The issue arises from improper processing of PIM6 ephemeral data queries, allowing an authenticated, low-privileged remote attacker to crash the PIM6 process and cause DoS via adjacency flaps and DoS of PIM6/ephemeral query pr...
CVE-2025-20262 Cisco Nexus 3000 and 9000 Series Switches Protocol Independent Multicast Version 6 Denial of Service Vulnerability
A vulnerability in the Protocol Independent Multicast Version 6 PIM6 feature of Cisco Nexus 3000 Series Switches and Cisco Nexus 9000 Series Switches in standalone NX-OS mode could allow an authenticated, low-privileged, remote attacker to trigger a crash of the PIM6 process, resulting in a denia...
Embeded Malicious Code
Overview @nx/devkit is an AI-first build platform that connects everything from your editor to CI. Helping you deliver fast, without breaking things. This package contains a set of utilities for creating Nx plugins. Affected versions of this package are vulnerable to Embeded Malicious Code throug...
PT-2025-34888 · Cisco · Cisco Nexus 3000 Series Switches +1
Name of the Vulnerable Software and Affected Versions: Cisco Nexus 3000 Series Switches Cisco Nexus 9000 Series Switches Description: A vulnerability in the Protocol Independent Multicast Version 6 PIM6 feature could allow an authenticated, low-privileged, remote attacker to trigger a crash of th...
CVE-2025-55443
Telpo MDM 1.4.6 thru 1.4.9 for Android contains sensitive administrator credentials and MQTT server connection details IP/port that are stored in plaintext within log files on the device's external storage. This allows attackers with access to these logs to: 1. Authenticate to the MDM web platfor...
CVE-2025-55443
Affected product: Telpo MDM Android, versions 1.4.6–1.4.9. Vulnerability: Sensitive administrator credentials and MQTT server connection details are stored in plaintext in log files on external storage, enabling access to the MDM web platform to perform administrative operations and to the MQTT s...