GHSA-WFHP-QGM8-5P5C Jenkins has a build information disclosure vulnerability through Run Parameter

Jenkins 2.550 and earlier, LTS 2.541.1 and earlier accepts Run Parameter values that refer to builds the user submitting the build does not have access to, allowing attackers with Item/Build and Item/Configure permission to obtain information about the existence of jobs, the existence of builds,...

jenkins -- multiple vulnerabilities

Jenkins Security Advisory: Description High SECURITY-3669 / CVE-2026-27099 Stored XSS vulnerability in node offline cause description Medium SECURITY-3658 / CVE-2026-27100 Build information disclosure vulnerability through Run Parameter...

Enhancing Fuzz Testing Efficiency through Automated Fuzz Target Generation

Fuzzing continues to be the most effective method for identifying security vulnerabilities in software. In the context of fuzz testing, the fuzzer supplies varied inputs to fuzz targets, which are designed to comprehensively exercise critical sections of the client code. Various studies have...

EUVD-2020-7760

Malware in sbrugna...

EUVD-2022-34366

Malicious code in bioql PyPI...

PT-2025-36640

Summary Atlantis publicly exposes detailed version information on its /status endpoint. This information disclosure could allow attackers to identify and target known vulnerabilities associated with the specific versions, potentially compromising the service's security posture. Details The /statu...

Updated golang packages fix security vulnerabilities

Various uses of the Go toolchain in untrusted VCS repositories can result in unexpected code execution. When using the Go toolchain in directories fetched using various VCS tools such as directly cloning Git or Mercurial repositories can cause the toolchain to execute unexpected commands, if said...

CVE-2020-15775

An issue was discovered in Gradle Enterprise 2017.1 - 2020.2.4. The /usage page of Gradle Enterprise conveys high level build information such as project names and build counts over time. This page is incorrectly viewable anonymously...

Fortinet FortiManager Detection Consolidation

Consolidation of Fortinet FortiManager detections. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only include"pluginfeedinfo.inc"; ifdescription...

CVE-2023-5720

A flaw was found in Quarkus, where it does not properly sanitize artifacts created using the Gradle plugin, allowing certain build system information to remain. This flaw allows an attacker to access potentially sensitive information from the build system within the application...

Quarkus Security Vulnerabilities

Quarkus is a cloud-native Linux container-first framework for writing Java applications. A security vulnerability exists in Quarkus that stems from not properly cleaning artifacts created using the Gradle plugin, which allows for the retention of certain build system information, allowing an...

SUSE CVE-2017-1000399

The Jenkins 2.73.1 and earlier, 2.83 and earlier remote API at /queue/item/ID/api showed information about tasks in the queue typically builds waiting to start. This included information about tasks that the current user otherwise has no access to, e.g. due to lack of Item/Read permission. This h...

CVE-2022-2075

In affected versions of Octopus Deploy it is possible to perform a Regex Denial of Service targeting the build information request validation...

CVE-2022-2075

In affected versions of Octopus Deploy it is possible to perform a Regex Denial of Service targeting the build information request validation...

Design/Logic Flaw

In affected versions of Octopus Deploy it is possible to perform a Regex Denial of Service targeting the build information request validation...

CVE-2022-2075

In affected versions of Octopus Deploy it is possible to perform a Regex Denial of Service targeting the build information request validation...

Octopus Deploy 安全漏洞

Octopus Deploy is an automation tool for .NET, Java, and other application development and deployment from Octopus Deploy Australia. A security vulnerability exists in Octopus Deploy that stems from performing a regular expression denial of service against build information request validation...

PT-2022-14841 · Unknown · Octopus Deploy

Name of the Vulnerable Software and Affected Versions: Octopus Deploy affected versions not specified Description: The issue allows for a Regex Denial of Service targeting the build information request validation. Recommendations: At the moment, there is no information about a newer version that...

Information Disclosure Vulnerability in Multiple Trend Micro Products (CNVD-2021-28319)

Trend Micro OfficeScan XG is a suite of distributed anti-virus software.Trend Micro Apex One is a suite of endpoint security software that provides automated threat detection and response. Trend Micro Worry-Free Business Security is a suite of enterprise-class information security protection...

CVE-2021-25242

An improper access control vulnerability in Trend Micro Apex One on-prem and SaaS, OfficeScan XG SP1, and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain version and build information...