CVE-2025-31721

A missing permission check in Jenkins 2.503 and earlier, LTS 2.492.2 and earlier allows attackers with Computer/Create permission but without Computer/Configure permission to copy an agent, gaining access to encrypted secrets in its configuration...

CVE-2025-31721

A missing permission check in Jenkins 2.503 and earlier, LTS 2.492.2 and earlier allows attackers with Computer/Create permission but without Computer/Configure permission to copy an agent, gaining access to encrypted secrets in its configuration...

CVE-2025-31721

A missing permission check in Jenkins 2.503 and earlier, LTS 2.492.2 and earlier allows attackers with Computer/Create permission but without Computer/Configure permission to copy an agent, gaining access to encrypted secrets in its configuration...

PT-2025-14511 · Jenkins +1 · Jenkins +1

Name of the Vulnerable Software and Affected Versions: Jenkins versions 2.503 and earlier Jenkins LTS versions 2.492.2 and earlier Description: A missing permission check in Jenkins allows attackers with Computer/Create permission but without Computer/Configure permission to copy an agent, gainin...

Jenkins LTS < 2.492.3 / Jenkins weekly < 2.504 Multiple Vulnerabilities

According to its its self-reported version number, the version of Jenkins running on the remote web server is Jenkins LTS prior to 2.492.3 or Jenkins weekly prior to 2.504. It is, therefore, affected by multiple vulnerabilities: - A missing permission check in Jenkins 2.503 and earlier, LTS 2.492...

SignalGate Is Driving the Most US Downloads of Signal Ever

Scandal surrounding the Trump administration’s Signal group chat has led to a landmark week for the encrypted messaging app’s adoption—its “largest US growth moment by a massive margin.”...

Oops! Google accidentally deletes some users&#8217; Maps Timeline data

Google has admitted it accidentally deleted some users' Google Maps Timeline data after a "technical issue". As reported by Forbes on March 11, users started noticing that their Google Maps Timelines had completely disappeared. At the time, we didn't know anything about the cause of this issue...

CVE-2024-8773 Protocol Downgrade in SIMPLE.ERP

SIMPLE.ERP client is vulnerable to MS SQL protocol downgrade request from a server side, what could lead to an unencrypted communication vulnerable to data interception and modification. This issue affect SIMPLE.ERP from 6.20 to 6.30. Only the 6.30 version received a patch [email protected], which make ...

SIMPLE.ERP 安全漏洞

SIMPLE.ERP is an e-commerce platform from SIMPLE, Inc. A security vulnerability exists in SIMPLE.ERP versions 6.20 through 6.30, which stems from an MS SQL protocol degradation request may result in unencrypted communication that is susceptible to data interception and modification...

Security Bulletin: After deploying IBM Storage Virtualize vSphere Remote Plug-in, credentials used for vSphere admin and registration with IBM Storage Virtualize products may be exposed in the plugin support package (CVE-2023-43029)

Summary The credentials-encrypted key is not unique across all IBM Storage Virtualize vSphere Remote Plugin virtual machine instances deployed from a Fix Central via OVA. It is possible that the credentials for IBM FlashSystem, IBM SAN Volume Controller, IBM Storwize, vSphere admin, and...

CVE-2025-25042

A vulnerability in the AOS-CX REST interface could allow an authenticated remote attacker with low privileges to view sensitive information. Successful exploitation could allow an attacker to read encrypted credentials of other users on the switch, potentially leading to further unauthorized acce...

H2O 安全漏洞

H2O is an in-memory platform for distributed, scalable machine learning open-sourced by H2O.ai. A security vulnerability exists in H2O version 3.46.0, which stems from a custom encryption tool endpoint that does not restrict encrypted files, potentially leading to ransomware behavior...

The vulnerability of the MoTw mechanism in Windows operating systems allows attackers to circumvent existing security restrictions and gain access to encrypted data.

The vulnerability of the MoTe-Web mechanism in Windows operating systems is related to a breach of data protection mechanisms. Exploiting this vulnerability allows attackers to circumvent existing security restrictions and gain access to encrypted data...

The vulnerability of TP-Link Tapo C500 Wi-Fi cameras, which stems from the use of a rigidly encrypted cryptographic key, allows attackers to carry out “man-in-the-middle” attacks.

The vulnerability of TP-Link Tapo C500 Wi-Fi cameras lies in the use of a strictly encrypted cryptographic key. Exploiting this vulnerability could allow an attacker to carry out a “man-in-the-middle” attack...

CVE-2024-40585

An insertion of sensitive information into log file vulnerabilities CWE-532 in FortiManager version 7.4.0, version 7.2.3 and below, version 7.0.8 and below, version 6.4.12 and below, version 6.2.11 and below and FortiAnalyzer version 7.4.0, version 7.2.3 and below, version 7.0.8 and below, versio...

CVE-2024-40585

An insertion of sensitive information into log file vulnerabilities CWE-532 in FortiManager version 7.4.0, version 7.2.3 and below, version 7.0.8 and below, version 6.4.12 and below, version 6.2.11 and below and FortiAnalyzer version 7.4.0, version 7.2.3 and below, version 7.0.8 and below, versio...

CVE-2024-40590

An improper certificate validation vulnerability CWE-295 in FortiPortal version 7.4.0, version 7.2.4 and below, version 7.0.8 and below, version 6.0.15 and below when connecting to a FortiManager device, a FortiAnalyzer device, or an SMTP server may allow an unauthenticated attacker in a...

CVE-2024-40590

An improper certificate validation vulnerability CWE-295 in FortiPortal version 7.4.0, version 7.2.4 and below, version 7.0.8 and below, version 6.0.15 and below when connecting to a FortiManager device, a FortiAnalyzer device, or an SMTP server may allow an unauthenticated attacker in a...

CVE-2024-40590

CVE-2024-40590 describes an improper certificate validation (CWE-295) in FortiPortal. Affected are FortiPortal versions 7.4.0, 7.2.4 and below, 7.0.8 and below, and 6.0.15 and below when connecting to a FortiManager device, FortiAnalyzer device, or an SMTP server. This allows an unauthenticated a...

Fortinet FortiManager和Fortinet FortiAnalyzer 日志信息泄露漏洞

Fortinet FortiManager and Fortinet FortiAnalyzer are both products of Fortinet, Inc. Fortinet FortiManager is a centralized network security management platform. The platform supports centralized management of any number of Fortinet devices, and can be grouped into different management domains AD...