Lucene search
K

1120 matches found

NVD
NVD
added 2026/01/13 8:16 p.m.11 views

CVE-2025-68698

Jervis is a library for Job DSL plugin scripts and shared Jenkins pipeline libraries. Prior to 2.2, Jervis uses PKCS1Encoding which is vulnerable to Bleichenbacher padding oracle attacks. Modern systems should use OAEP Optimal Asymmetric Encryption Padding. This vulnerability is fixed in 2.2...

8.7CVSS0.00128EPSS
Exploits0References2
NVD
NVD
added 2026/01/13 8:16 p.m.22 views

CVE-2025-68702

Jervis is a library for Job DSL plugin scripts and shared Jenkins pipeline libraries. Prior to 2.2, Jervis uses padLeft32, '0' when it should use padLeft64, '0' because SHA-256 produces 32 bytes which equates to 64 hex characters. This vulnerability is fixed in 2.2...

8.7CVSS0.00147EPSS
Exploits0References2
NVD
NVD
added 2026/01/13 8:16 p.m.30 views

CVE-2025-68703

Jervis is a library for Job DSL plugin scripts and shared Jenkins pipeline libraries. Prior to 2.2, the salt is derived from sha256Sumpassphrase. Two encryption operations with the same password will have the same derived key. This vulnerability is fixed in 2.2...

8.7CVSS0.00116EPSS
Exploits0References2
NVD
NVD
added 2026/01/13 8:16 p.m.10 views

CVE-2025-68704

Jervis is a library for Job DSL plugin scripts and shared Jenkins pipeline libraries. Prior to 2.2, Jervis uses java.util.Random which is not cryptographically secure for timing attack mitigation. This vulnerability is fixed in 2.2...

8.2CVSS0.00231EPSS
Exploits0References2
NVD
NVD
added 2026/01/13 8:16 p.m.8 views

CVE-2025-68925

Jervis is a library for Job DSL plugin scripts and shared Jenkins pipeline libraries. Prior to 2.2, the code doesn't validate that the JWT header specifies "alg":"RS256". This vulnerability is fixed in 2.2...

6.9CVSS0.00128EPSS
Exploits0References2
CVE
CVE
added 2026/01/13 7:30 p.m.19 views

CVE-2025-68925

Summary (CVE-2025-68925): Jervis (net.gleske:jervis) is vulnerable prior to version 2.2 due to a JWT header check omission that fails to enforce the algorithm field (alg) to RS256. The issue allows potential JWT forgery or signature bypass depending on context, as described in multiple sources (e...

6.9CVSS6.7AI score0.00128EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/01/13 7:21 p.m.27 views

CVE-2025-68701 Jervis has Deterministic AES IV Derivation from Passphrase

Jervis is a library for Job DSL plugin scripts and shared Jenkins pipeline libraries. Prior to 2.2, Jervis uses deterministic AES IV derivation from a passphrase. This vulnerability is fixed in 2.2...

8.7CVSS0.00202EPSS
Exploits0References2
OSV
OSV
added 2026/01/13 7:16 p.m.10 views

CVE-2025-68698 Jervis has an RSA PKCS#1 v1.5 Padding Vulnerability

Jervis is a library for Job DSL plugin scripts and shared Jenkins pipeline libraries. Prior to 2.2, Jervis uses PKCS1Encoding which is vulnerable to Bleichenbacher padding oracle attacks. Modern systems should use OAEP Optimal Asymmetric Encryption Padding. This vulnerability is fixed in 2.2...

8.7CVSS6.8AI score0.00128EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/01/13 12:0 a.m.8 views

PT-2026-2493

Jervis is a library for Job DSL plugin scripts and shared Jenkins pipeline libraries. Prior to 2.2, Jervis uses PKCS1Encoding which is vulnerable to Bleichenbacher padding oracle attacks. Modern systems should use OAEP Optimal Asymmetric Encryption Padding. This vulnerability is fixed in 2.2...

8.7CVSS6.9AI score0.00128EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/01/13 12:0 a.m.11 views

PT-2026-2497

Jervis is a library for Job DSL plugin scripts and shared Jenkins pipeline libraries. Prior to 2.2, Jervis uses java.util.Random which is not cryptographically secure for timing attack mitigation. This vulnerability is fixed in 2.2...

8.2CVSS6.8AI score0.00231EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/01/13 12:0 a.m.10 views

PT-2026-2494

CVE-2025-68701 Jervis is a library for Job DSL plugin scripts and shared Jenkins pipeline libraries. Prior to 2.2, Jervis uses deterministic AES IV derivation from a passphrase. Thi… https://t.co/yRJFluABgT...

8.7CVSS6.9AI score0.00202EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/01/09 9:49 a.m.11 views

CVE-2020-24578

An issue was discovered on D-Link DSL-2888A devices with firmware prior to AU2.31V1.1.47ae55. It has a misconfigured FTP service that allows a malicious network user to access system folders and download sensitive files such as the password hash file...

6.5CVSS7.1AI score0.01848EPSS
Exploits1References1
EUVD
EUVD
added 2026/01/06 12:30 a.m.6 views

EUVD-2026-0944

Multiple D-Link DSL gateway devices contain a command injection vulnerability in the dnscfg.cgi endpoint due to improper sanitization of user-supplied DNS configuration parameters. An unauthenticated remote attacker can inject and execute arbitrary shell commands, resulting in remote code...

9.3CVSS8.6AI score0.00964EPSS
Exploits0References3
CVE
CVE
added 2026/01/05 9:14 p.m.49 views

CVE-2026-0625

CVE-2026-0625 affects multiple D-Link DSL gateway devices (e.g., DSL-2740R, DSL-2640B, DSL-2780B, DSL-526B). The dnscfg.cgi endpoint permits an unauthenticated remote command injection due to improper sanitization, enabling arbitrary shell commands execution and DNS configuration modification wit...

9.3CVSS7.1AI score0.00964EPSS
In wildExploits0References4
Positive Technologies
Positive Technologies
added 2026/01/05 12:0 a.m.12 views

PT-2026-1338

Name of the Vulnerable Software and Affected Versions D-Link DSL-2640B versions ≤ 1.07 D-Link DSL-2740R versions 1.17 D-Link DSL-2780B versions ≤ 1.01.14 D-Link DSL-526B versions ≤ 2.01 D-Link DSL gateway devices affected versions not specified Description A critical remote code execution RCE...

9.3CVSS6.8AI score0.00964EPSS
Exploits0References72
CVE
CVE
added 2025/12/22 9:35 p.m.15 views

CVE-2023-53974

Affected software: D-Link DSL-124 ME, firmware 1.00. A configuration file disclosure vulnerability allows unauthenticated attackers to download a full backup containing network credentials and configurations via a crafted POST to the router’s configuration endpoint. Root cause: endpoint misconfig...

8.8CVSS6.5AI score0.00448EPSS
Exploits1References4Affected Software1
CNNVD
CNNVD
added 2025/12/22 12:0 a.m.5 views

D-Link DSL-124 访问控制错误漏洞

The D-Link DSL-124 is an optical cat routing all-in-one from China AUO D-Link. An access control error vulnerability exists in the D-Link DSL-124 ME1.00 version, which stems from a configuration file disclosure issue that could allow an unauthenticated attacker to obtain router settings via a POS...

8.8CVSS6.7AI score0.00448EPSS
Exploits1References4
Spring Security Advisories
Spring Security Advisories
added 2025/12/09 12:0 a.m.12 views

This Week in Spring - December 9th, 2025

Hi, Spring fans! Welcome to another installment of This Week in Spring! I am in lovely New Jersey, the Garden State , as I write this and I spent most of the last week in New Orleans. It's been a busy week in the Spring community and beyond and so you know what that means? There's a ton of stuff ...

6.8AI score
Exploits0
Cvelist
Cvelist
added 2025/11/13 2:9 a.m.12 views

CVE-2025-59367

An authentication bypass vulnerability has been identified in certain DSL series routers, may allow remote attackers to gain unauthorized access into the affected system. Refer to the 'Security Update for DSL Series Router' section on the ASUS Security Advisory for more information...

9.3CVSS0.00862EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/11/13 2:9 a.m.3 views

CVE-2025-59367

An authentication bypass vulnerability has been identified in certain DSL series routers, may allow remote attackers to gain unauthorized access into the affected system. Refer to the 'Security Update for DSL Series Router' section on the ASUS Security Advisory for more information...

9.3CVSS7AI score0.00862EPSS
Exploits0References1
Rows per page
Query Builder