CVE-2026-1063

A vulnerability has been found in bastillion-io Bastillion up to 4.0.1. This vulnerability affects unknown code of the file src/main/java/io/bastillion/manage/control/AuthKeysKtrl.java of the component Public Key Management System. Such manipulation leads to command injection. It is possible to...

CVE-2026-1063

The vulnerability CVE-2026-1063 affects Bastillion (Bastillion up to 4.0.1) in the Public Key Management System. The issue involves manipulation in src/main/java/io/bastillion/manage/control/AuthKeysKtrl.java that enables command injection. Attack is described as executable remotely and publicly ...

CVE-2026-1063

A vulnerability has been found in bastillion-io Bastillion up to 4.0.1. This vulnerability affects unknown code of the file src/main/java/io/bastillion/manage/control/AuthKeysKtrl.java of the component Public Key Management System. Such manipulation leads to command injection. It is possible to...

Bastillion command injection vulnerability

Bastillion is an open-source key management tool developed by bastillion-io. Versions of Bastillion 4.0.1 and earlier contained a command injection vulnerability. This vulnerability stemmed from incorrect operations on the Public Key Management System component in the file...

EUVD-2025-20846

Malicious code in bioql PyPI...

CVE-2025-53668

Jenkins VAddy Plugin 1.2.8 and earlier stores Vaddy API Auth Keys unencrypted in job config.xml files on the Jenkins controller, where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system...

CVE-2025-53669

Jenkins VAddy Plugin 1.2.8 and earlier does not mask Vaddy API Auth Keys displayed on the job configuration form, increasing the potential for attackers to observe and capture them...

GHSA-8GP3-M447-GW2V Jenkins VAddy Plugin vulnerability exposes plaintext keys on its job configuration form

Jenkins VAddy Plugin 1.2.8 and earlier does not mask Vaddy API Auth Keys displayed on the job configuration form, increasing the potential for attackers to observe and capture them...

Jenkins VAddy Plugin vulnerability exposes plaintext keys on its job configuration form

Jenkins VAddy Plugin 1.2.8 and earlier does not mask Vaddy API Auth Keys displayed on the job configuration form, increasing the potential for attackers to observe and capture them...

GHSA-MR49-VMP6-2PWQ Jenkins VAddy Plugin vulnerability exposes unencrypted keys to certain authenticated users

Jenkins VAddy Plugin 1.2.8 and earlier stores Vaddy API Auth Keys unencrypted in job config.xml files on the Jenkins controller, where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system...

Jenkins VAddy Plugin vulnerability exposes unencrypted keys to certain authenticated users

Jenkins VAddy Plugin 1.2.8 and earlier stores Vaddy API Auth Keys unencrypted in job config.xml files on the Jenkins controller, where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system...

CVE-2025-53669

Jenkins VAddy Plugin 1.2.8 and earlier does not mask Vaddy API Auth Keys displayed on the job configuration form, increasing the potential for attackers to observe and capture them...

CVE-2025-53668

Jenkins VAddy Plugin 1.2.8 and earlier stores Vaddy API Auth Keys unencrypted in job config.xml files on the Jenkins controller, where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system...

CVE-2025-53668

Jenkins VAddy Plugin 1.2.8 and earlier stores Vaddy API Auth Keys unencrypted in job config.xml files on the Jenkins controller, where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system...

CVE-2025-53668

The CVE concerns Jenkins VAddy Plugin prior to 1.2.9. The plugin stores Vaddy API Auth Keys unencrypted in job config.xml files on the Jenkins controller, enabling access by users with Item/Extended Read permission or anyone with filesystem access to the controller. The root cause is unencrypted ...

CVE-2025-53669

CVE-2025-53669 affects the Jenkins VAddy Plugin (versions 1.2.8 and earlier). The vulnerability arises because Vaddy API Auth Keys are displayed on the job configuration form without masking, enabling potential observers to view or capture them. Impact is exposure of sensitive API keys, as descri...

CVE-2025-53669

Jenkins VAddy Plugin 1.2.8 and earlier does not mask Vaddy API Auth Keys displayed on the job configuration form, increasing the potential for attackers to observe and capture them...

PT-2025-28921 · Jenkins · Jenkins Vaddy Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins VAddy Plugin versions 1.2.8 and earlier Description: The Jenkins VAddy Plugin does not mask Vaddy API Auth Keys displayed on the job configuration form, potentially allowing attackers to observe and capture them. Recommendations: Upda...

CVE-2021-24649

The WP User Frontend WordPress plugin before 3.5.29 uses a user supplied argument called urhidden in its registration form, which contains the role for the account to be created with, encrypted via wpufencryption. This could allow an attacker having access to the AUTHKEY and AUTHSALT constant via...