CVE-2026-41161 Username Enumeration via Timing Attack

Sync-in Server is a secure, open-source platform for file storage, sharing, collaboration, and syncing. Prior to version 2.2.0, the /api/auth/login endpoint contains a logic flaw that allows unauthenticated remote attackers to enumerate valid usernames by measuring the application's response time...

EUVD-2025-20846

Malicious code in bioql PyPI...

CVE-2025-53668

Jenkins VAddy Plugin 1.2.8 and earlier stores Vaddy API Auth Keys unencrypted in job config.xml files on the Jenkins controller, where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system...

CVE-2025-53669

Jenkins VAddy Plugin 1.2.8 and earlier does not mask Vaddy API Auth Keys displayed on the job configuration form, increasing the potential for attackers to observe and capture them...

Jenkins VAddy Plugin vulnerability exposes plaintext keys on its job configuration form

Jenkins VAddy Plugin 1.2.8 and earlier does not mask Vaddy API Auth Keys displayed on the job configuration form, increasing the potential for attackers to observe and capture them...

GHSA-8GP3-M447-GW2V Jenkins VAddy Plugin vulnerability exposes plaintext keys on its job configuration form

Jenkins VAddy Plugin 1.2.8 and earlier does not mask Vaddy API Auth Keys displayed on the job configuration form, increasing the potential for attackers to observe and capture them...

GHSA-MR49-VMP6-2PWQ Jenkins VAddy Plugin vulnerability exposes unencrypted keys to certain authenticated users

Jenkins VAddy Plugin 1.2.8 and earlier stores Vaddy API Auth Keys unencrypted in job config.xml files on the Jenkins controller, where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system...

Jenkins VAddy Plugin vulnerability exposes unencrypted keys to certain authenticated users

Jenkins VAddy Plugin 1.2.8 and earlier stores Vaddy API Auth Keys unencrypted in job config.xml files on the Jenkins controller, where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system...

CVE-2025-53669

Jenkins VAddy Plugin 1.2.8 and earlier does not mask Vaddy API Auth Keys displayed on the job configuration form, increasing the potential for attackers to observe and capture them...

CVE-2025-53668

Jenkins VAddy Plugin 1.2.8 and earlier stores Vaddy API Auth Keys unencrypted in job config.xml files on the Jenkins controller, where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system...

CVE-2025-53669

CVE-2025-53669 affects the Jenkins VAddy Plugin (versions 1.2.8 and earlier). The vulnerability arises because Vaddy API Auth Keys are displayed on the job configuration form without masking, enabling potential observers to view or capture them. Impact is exposure of sensitive API keys, as descri...

CVE-2025-53668

The CVE concerns Jenkins VAddy Plugin prior to 1.2.9. The plugin stores Vaddy API Auth Keys unencrypted in job config.xml files on the Jenkins controller, enabling access by users with Item/Extended Read permission or anyone with filesystem access to the controller. The root cause is unencrypted ...

CVE-2025-53668

Jenkins VAddy Plugin 1.2.8 and earlier stores Vaddy API Auth Keys unencrypted in job config.xml files on the Jenkins controller, where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system...

CVE-2025-53669

Jenkins VAddy Plugin 1.2.8 and earlier does not mask Vaddy API Auth Keys displayed on the job configuration form, increasing the potential for attackers to observe and capture them...

PT-2025-28921 · Jenkins · Jenkins Vaddy Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins VAddy Plugin versions 1.2.8 and earlier Description: The Jenkins VAddy Plugin does not mask Vaddy API Auth Keys displayed on the job configuration form, potentially allowing attackers to observe and capture them. Recommendations: Upda...

CVE-2023-50211

The CVE-2023-50211 entry concerns D-Link G416 routers. The vulnerability is a stack-based buffer overflow in the httpd API-AUTH Timestamp Processing function, triggered by insufficient validation of the length of user-supplied data copied into a fixed-length stack buffer. Impact is remote code ex...

CVE-2023-34644

Remote code execution vulnerability in Ruijie Networks Product: RG-EW series home routers and repeaters EW3.01B11P204, RG-NBS and RG-S1930 series switches SWITCH3.01B11P218, RG-EG series business VPN routers EG3.01B11P216, EAP and RAP series wireless access points AP3.01B11P218, NBC series wirele...