101 matches found
PT-2026-49086
🔒 Security patch out for API Platform Core CVE-2026-54164: a type-confusion bug let writable relations accept a wrong-type IRI. Upgrade to 4.1.30 / 4.2.26 / 4.3.12+. Details: https://t.co/zRkVBEfHqh...
PT-2026-46233
🔒 API Platform CVE-2026-49858: JSON:API & HAL normalizers cached components across users on long-running runtimes FrankenPHP, RoadRunner, Swoole. Patched in 4.1.29 / 4.2.25 / 4.3.8 — upgrade now. https://t.co/1oIPjtQjqB...
CVE-2026-9808
An authorization bypass vulnerability exists in the Mautic 7 API v2 endpoints utilizing API Platform. Under certain conditions, roles configured with owner-scope restrictions such as viewown or editown are not properly enforced. This allows low-privilege authenticated API users to bypass...
CVE-2025-23204
API Platform Core is a system to create hypermedia-driven REST and GraphQL APIs. Starting in version 3.3.8, a security check that gets called after GraphQl resolvers is always replaced by another one as there's no break in a clause. As this falls back to security, the impact is there only when...
EUVD-2019-0695
Malware in sbrugna...
EUVD-2025-7991
Malicious code in bioql PyPI...
EUVD-2024-47149
Malicious code in bioql PyPI...
EUVD-2024-27740
Malicious code in bioql PyPI...
EUVD-2024-46488
Malicious code in bioql PyPI...
EUVD-2024-32497
Malicious code in bioql PyPI...
EUVD-2025-9735
Malicious code in bioql PyPI...
EUVD-2025-9737
Malicious code in bioql PyPI...
EUVD-2023-0802
Malicious code in bioql PyPI...
The vulnerability of the Sensedia API Platform Tools for Jenkins servers, related to the storage of tokens in unencrypted form, allows attackers to gain unauthorized access to protected information.
The vulnerability of the Sensedia Api Platform tools for Jenkins servers relates to the storage of tokens in an unencrypted form within the file com.sensedia.configuration.SensediaApiConfiguration.xml. Exploiting this vulnerability could allow a malicious actor to gain unauthorized access to...
The vulnerability of the Sensedia API Platform Tools for Jenkins servers, related to the storage of tokens in unencrypted form, allows attackers to gain unauthorized access to protected information.
The vulnerability of the Sensedia Api Platform tools for Jenkins servers relates to the storage of tokens in an unencrypted form within the file com.sensedia.configuration.SensediaApiConfiguration.xml. Exploiting this vulnerability could allow a malicious actor to gain unauthorized access to...
CVE-2025-53673
Jenkins Sensedia Api Platform tools Plugin 1.0 stores the Sensedia API Manager integration token unencrypted in its global configuration file on the Jenkins controller, where it can be viewed by users with access to the Jenkins controller file system...
Jenkins Sensedia API Platform Plugin vulnerability exposes unencrypted tokens in its global configuration file
Jenkins Sensedia Api Platform tools Plugin 1.0 stores the Sensedia API Manager integration token unencrypted in its global configuration file com.sensedia.configuration.SensediaApiConfiguration.xml on the Jenkins controller as part of its configuration. This token can be viewed by users with acce...
Insufficiently Protected Credentials
Overview Affected versions of this package are vulnerable to Insufficiently Protected Credentials in the global configuration form where the integration token is not properly masked. An attacker can obtain sensitive authentication credentials by viewing the configuration interface. Remediation...
CVE-2025-53674
Jenkins Sensedia Api Platform tools Plugin 1.0 does not mask the Sensedia API Manager integration token on the global configuration form, increasing the potential for attackers to observe and capture it...
CVE-2025-53673
Jenkins Sensedia Api Platform tools Plugin 1.0 stores the Sensedia API Manager integration token unencrypted in its global configuration file on the Jenkins controller, where it can be viewed by users with access to the Jenkins controller file system...