PT-2026-38330

Name of the Vulnerable Software and Affected Versions Spring Cloud Config versions 3.1.0 through 3.1.13 Spring Cloud Config versions 4.1.0 through 4.1.9 Spring Cloud Config versions 4.2.0 through 4.2.6 Spring Cloud Config versions 4.3.0 through 4.3.2 Spring Cloud Config versions 5.0.0 through 5.0...

What Is Exposure Management? A Modern Guide

Attackers don't just look for a single high-severity vulnerability; they look for a path of least resistance. They connect the dots between a misconfigured cloud service, an exposed credential, and an unpatched server to reach their goal. To build a strong defense, you need to see your environmen...

Elasticsearch 8.19.10, 9.1.10, 9.2.4 Security Update (ESA-2026-07)

Elasticsearch yawkat LZ4 Java - CVE-2025-66566 ESA-2026-07 An Information Disclosure vulnerability CVE-2025-66566 exists in the yawkat LZ4 Java library used by Elasticsearch that allows an attacker to read previous buffer contents through specially crafted compressed input sent via the transport...

CVE-2025-13875 Yohann0617 oci-helper OCI Configuration Upload OciServiceImpl.java addCfg path traversal

A weakness has been identified in Yohann0617 oci-helper up to 3.2.4. This issue affects the function addCfg of the file src/main/java/com/yohann/ocihelper/service/impl/OciServiceImpl.java of the component OCI Configuration Upload. Executing manipulation of the argument File can lead to path...

CVE-2025-64132

Jenkins MCP Server Plugin 0.84.v50ca24ef83f2 and earlier does not perform permission checks in multiple MCP tools, allowing attackers to trigger builds and obtain information about job and cloud configuration they should not be able to access...

CVE-2025-64132

CVE-2025-64132 affects Jenkins MCP Server Plugin versions up to 0.84.v50ca_24ef83f2 and earlier. The root cause is missing permission checks in multiple MCP tools, allowing attackers to trigger builds and view information about jobs and cloud configuration that should be restricted. Publicly docu...

CVE-2025-64132

Jenkins MCP Server Plugin 0.84.v50ca24ef83f2 and earlier does not perform permission checks in multiple MCP tools, allowing attackers to trigger builds and obtain information about job and cloud configuration they should not be able to access...

EUVD-2021-31449

Malicious code in bioql PyPI...

EUVD-2021-31448

Malicious code in bioql PyPI...

EUVD-2021-31450

Malicious code in bioql PyPI...

JetBrains TeamCity Information Disclosure Vulnerability (CNVD-2025-13586)

JetBrains TeamCity is a powerful continuous integration and continuous delivery CI/CD tool developed by JetBrains. JetBrains TeamCity suffers from an information disclosure vulnerability that stems from mishandling of an exception that results in the disclosure of credentials on the cloud...

JetBrains TeamCity 安全漏洞

JetBrains TeamCity is a powerful continuous integration and continuous delivery CI/CD tool developed by JetBrains. JetBrains TeamCity suffers from an information disclosure vulnerability that stems from mishandling of an exception that results in the disclosure of credentials on the cloud...

Dango-Translator Command Injection Vulnerability

Dango-Translator is an OCR-based raw meat translation software by the individual developer of Fatty Duanzi PantsuDango. A security vulnerability exists in Dango-Translator version 4.5.5, which stems from a Remote Command Execution RCE vulnerability in the component app/config/cloudconfig.json...

Common Cloud Configuration Errors & Fixes

Cloud configuration errors are a major concern for modern DevOps teams, introducing a new attack surface with numerous potential points of vulnerability. Read on to discover some of the most common errors and learn how to resolve them...

Common Cloud-Native Security Misconfigurations & Fixes

Cloud configuration errors are a major concern for modern DevOps teams, introducing a new attack surface with numerous potential points of vulnerability. Read on to discover some of the most common errors and learn how to resolve them...

DLL Hijacking Vulnerability in Haiwell's Cloud SCADA Cloud Configuration Software

Haiwell Haiwell cloud configuration software Cloud SCADA is an industrial automation monitoring and management platform software developed by Xiamen Haiwell Technology Co. A DLL hijacking vulnerability exists in Haiwell Cloud SCADA. An attacker can exploit this vulnerability to load a malicious d...

Code Execution Vulnerability in Haiwell's Cloud Configuration Software Cloud SCADA

Haiwell Haiwell cloud configuration software Cloud SCADA is an industrial automation monitoring and management platform software developed by Xiamen Haiwell Technology Co. A code execution vulnerability exists in Haiwell Cloud SCADA, which can be exploited by an attacker to execute arbitrary code...

Arbitrary File Deletion Vulnerability in Haiwell's Cloud Configuration Software Cloud SCADA

Haiwell Haiwell cloud configuration software Cloud SCADA is an industrial automation monitoring and management platform software developed by Xiamen Haiwell Technology Co. Haiwell Haiwei Cloud SCADA configuration software Cloud SCADA arbitrary file deletion vulnerability, an attacker can exploit...

Arbitrary File Download Vulnerability in Haiwell SCADA

Haiwei Cloud Configuration Software is an industrial automation monitoring and management platform software developed by Xiamen Haiwei Technology Co. An arbitrary file download vulnerability exists in Haiwell SCADA, which can be exploited by attackers to obtain sensitive information about the...

Hardcoded Credential Authorization Bypass Vulnerability in Haiwell SCADA

Haiwei Cloud Configuration Software is an industrial automation monitoring and management platform software developed by Xiamen Haiwei Technology Co. A hard-coded credential authorization bypass vulnerability exists in Haiwell SCADA, which can be exploited by an attacker to obtain sensitive...