PT-2025-44295

Name of the Vulnerable Software and Affected Versions Jenkins Curseforge Publisher Plugin version 1.0 Description The Jenkins Curseforge Publisher Plugin version 1.0 stores API Keys unencrypted in config.xml files on the Jenkins controller. These files are accessible to users with Item/Extended...

EUVD-2016-5489

Malware in sbrugna...

EUVD-2016-3165

Malware in sbrugna...

EUVD-2024-38813

Malicious code in bioql PyPI...

EUVD-2022-2231

Malicious code in bioql PyPI...

Credential Exposure

Overview Affected versions of this package are vulnerable to Credential Exposure in the storage of sensitive data in config.xml files on the controller. An attacker can obtain confidential API keys and encryption keys by gaining Item/Extended Read permission or accessing the controller file syste...

CVE-2025-53742

Jenkins Applitools Eyes Plugin 1.16.5 and earlier stores Applitools API keys unencrypted in job config.xml files on the Jenkins controller, where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system...

CVE-2025-53675

Jenkins Warrior Framework Plugin 1.2 and earlier stores passwords unencrypted in job config.xml files on the Jenkins controller, where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system...

CVE-2025-53678

Jenkins User1st uTester Plugin 1.1 and earlier stores the uTester JWT token unencrypted in its global configuration file on the Jenkins controller, where it can be viewed by users with access to the Jenkins controller file system...

CVE-2025-53670

Jenkins Nouvola DiveCloud Plugin 1.08 and earlier stores DiveCloud API Keys and Credentials Encryption Keys unencrypted in job config.xml files on the Jenkins controller, where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system...

Juju zip slip vulnerability via authenticated endpoint

Impact Any user with a Juju account on a controller can upload a charm to the /charms endpoint. No specific permissions are required - it's just sufficient for the user to exist in the controller user database. A charm which exploits the zip slip vulnerability may be used to allow such a user to...

CVE-2020-2293

Jenkins Persona Plugin 2.4 and earlier allows users with Overall/Read permission to read arbitrary files on the Jenkins controller...

CVE-2025-31725

Jenkins monitor-remote-job Plugin 1.0 stores passwords unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Extended Read permission, or access to the Jenkins controller file system...

PT-2025-14516 · Jenkins · Jenkins Stack Hammer Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Stack Hammer Plugin versions 1.0.6 and earlier Description: The issue concerns the storage of Stack Hammer API keys in an unencrypted manner within job config.xml files on the Jenkins controller. This allows users with Extended Read...

CVE-2025-24514

A security issue was discovered in ingress-nginx https://github.com/kubernetes/ingress-nginx where the auth-url Ingress annotation can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets...

CVE-2025-24514

CVE-2025-24514 describes an unauthenticated vulnerability in ingress-nginx where the auth-url annotation injection can modify NGINX config, enabling arbitrary code execution in the ingress-nginx controller and disclosure of controller Secrets. Public PoCs/exploits exist (e.g., Exploit-DB entry 52...

USN-7149-1 intel-microcode vulnerabilities

Avraham Shalev and Nagaraju N Kodalapura discovered that some IntelR XeonR processors did not properly restrict access to the memory controller when using IntelR SGX. This may allow a local privileged attacker to further escalate their privileges. CVE-2024-21820, CVE-2024-23918 It was discovered...

The vulnerability of the RtsPer.sys driver in the Realtek SD card reader software allows a hacker to gain unauthorized access to the DMA controller.

The vulnerability of the RtsPer.sys driver in Realtek’s SD card readers is related to insufficient validation of input data. Exploiting this vulnerability can allow an attacker to gain unauthorized access to the DMA controller...

PT-2024-39032 · Unknown · Job Portal

Name of the Vulnerable Software and Affected Versions: JobPortal affected versions not specified Description: The issue is related to a SQL injection vulnerability. An attacker could send a specially designed query through the user id parameter in the "/jobportal/admin/user/controller.php" endpoi...

The vulnerability of Siemens LOGO programmable logic controllers’ software lies in the improper implementation of security functions for the user interface, allowing attackers to gain access to the controller.

The vulnerability of Siemens LOGO programmable logic controllers’ built-in software is related to the incorrect implementation of security functions for the user interface. Exploiting this vulnerability can allow an attacker, operating remotely, to gain access to the controller...