33 matches found
CVE-2019-16572
Jenkins Weibo Plugin 1.0.1 and earlier stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system...
CVE-2019-16542
Jenkins Anchore Container Image Scanner Plugin 1.0.19 and earlier stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system...
EUVD-2025-24558
Malicious code in bioql PyPI...
EUVD-2022-3653
Malicious code in bioql PyPI...
EUVD-2022-4836
Malicious code in bioql PyPI...
PT-2025-34192 · Undefined · Undefined
New vulnerabilities in Workhorse Software threaten sensitive data in cities and towns across Wisconsin. Key Points: - Two serious vulnerabilities discovered in Workhorse Software's accounting application. - Vulnerabilities expose sensitive personally identifiable information PII stored in the...
CVE-2025-54156
The Sante PACS Server Web Portal sends credential information without encryption...
PT-2025-33701 · Unknown · Sante Pacs Server Web Portal Dcm
Name of the Vulnerable Software and Affected Versions: Sante PACS Server Web Portal affected versions not specified Description: The Sante PACS Server Web Portal transmits credential information without encryption. Recommendations: At the moment, there is no information about a newer version that...
CVE-2025-54464
This vulnerability exists in ZKTeco WL20 due to storage of admin and user credentials without encryption in the device firmware. An attacker with physical access could exploit this vulnerability by extracting the firmware and reverse engineer the binary data to access the unencrypted credentials...
CVE-2025-54464
The CVE-2025-54464 entry concerns ZKTeco WL20. The vulnerability is described as cleartext storage of admin and user credentials within the device firmware. An attacker with physical access could extract the firmware, reverse‑engineer the binary data, and obtain unencrypted credentials, impacting...
CVE-2019-16543
Jenkins Spira Importer Plugin 3.2.2 and earlier stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system...
CVE-2019-1003097
Jenkins Crowd Integration Plugin stores credentials unencrypted in the global config.xml configuration file on the Jenkins master where they can be viewed by users with access to the master file system...
CVE-2019-10420
Jenkins Assembla Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system...
CVE-2019-1003095
Jenkins Perfecto Mobile Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system...
SUSE CVE-2017-1000387
Jenkins Build-Publisher plugin version 1.21 and earlier stores credentials to other Jenkins instances in the file hudson.plugins.buildpublisher.BuildPublisher.xml in the Jenkins master home directory. These credentials were stored unencrypted, allowing anyone with local file system access to acce...
PT-2020-15336 · Jenkins · Jenkins Bmc Release Package/Deployment Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins BMC Release Package and Deployment Plugin versions 1.1 and earlier Description: The issue allows credentials to be stored unencrypted in the global configuration file on the Jenkins master. This can be viewed by users with access to t...
CVE-2019-16572
Jenkins Weibo Plugin 1.0.1 and earlier stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system...
CVE-2019-10467
Jenkins Sonar Gerrit Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system...
PT-2019-11854 · Jenkins · Jenkins Bitbucket Oauth Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Bitbucket OAuth Plugin versions 0.9 and earlier Jenkins Bitbucket OAuth Plugin prior to 0.10 Description: The issue concerns the storage of credentials in an unencrypted manner in the global config.xml configuration file on the Jenkin...
CVE-2019-10452
Jenkins View26 Test-Reporting Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system...