CVE-2025-53650

Jenkins Credentials Binding Plugin 687.v619cb15e923f and earlier does not properly mask i.e., replace with asterisks credentials present in exception error messages that are written to the build log...

Multiple vulnerabilities detected in PostgreSQL

Multiple PostgreSQL vulnerability updates CVE-2025-1094-PostgreSQL quoting APIs miss neutralizing quoting syntax in text that fails encoding validation CVE-2024-10979-PostgreSQL PL/Perl environment variable changes execute arbitrary code CVE-2024-10978-PostgreSQL SET ROLE, SET SESSION AUTHORIZATI...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS in the Overview tab error message handling process. An attacker can execute arbitrary JavaScript code in the context of the affected user's browser by injecting malicious payloads into error messages that are...

CVE-2025-27451 CVE-2025-27451

For failed login attempts, the application returns different error messages depending on whether the login failed due to an incorrect password or a non-existing username. This allows an attacker to guess usernames until they find an existing one...

Endress+Hauser MEAC300-FNADE4 安全漏洞

The Endress+Hauser MEAC300-FNADE4 is a cost-effective emissions data management computer from Endress+Hauser Vietnam. A security vulnerability exists in the Endress+Hauser MEAC300-FNADE4 that stems from an error message discrepancy that can be exploited by an attacker to cause username enumeratio...

PT-2025-27780 · Endress+Hauser · Endress+Hauser Meac300-Fnade4

Name of the Vulnerable Software and Affected Versions: The product name cannot be determined. Description: The issue arises from the application's behavior of returning different error messages for failed login attempts, depending on whether the failure was due to an incorrect password or a...

infinispan: Credential Leakage in Infinispan CLI

A flaw was found in Infinispan CLI. A sensitive password, decoded from a Base64-encoded Kubernetes secret, is processed in plaintext and included in a command string that may expose the data in an error message when a command is not found...

CVE-2025-6700

A vulnerability classified as problematic was found in Xuxueli xxl-sso 1.1.0. This vulnerability affects unknown code of the file /xxl-sso-server/login. The manipulation of the argument errorMsg leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to...

Infinispan CLI vulnerable to Generation of Error Message Containing Sensitive Information

A flaw was found in Infinispan CLI. A sensitive password, decoded from a Base64-encoded Kubernetes secret, is processed in plaintext and included in a command string that may expose the data in an error message when a command is not found...

CVE-2025-5731

A flaw was found in Infinispan CLI. A sensitive password, decoded from a Base64-encoded Kubernetes secret, is processed in plaintext and included in a command string that may expose the data in an error message when a command is not found...

CVE-2025-5731

A flaw was found in Infinispan CLI. A sensitive password, decoded from a Base64-encoded Kubernetes secret, is processed in plaintext and included in a command string that may expose the data in an error message when a command is not found...

CVE-2025-5731

A flaw was found in Infinispan CLI. A sensitive password, decoded from a Base64-encoded Kubernetes secret, is processed in plaintext and included in a command string that may expose the data in an error message when a command is not found. Mitigation Currently, no mitigation is available for this...

Xuxueli XXL-SSO Cross-site Scripting vulnerability

A vulnerability classified as problematic was found in Xuxueli xxl-sso 1.1.0. This vulnerability affects unknown code of the file /xxl-sso-server/login. The manipulation of the argument errorMsg leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the errorMsg parameter in the /xxl-sso-server/login process. An attacker can inject and execute arbitrary scripts in the context of a user's browser by crafting a malicious request. Details Cross-site...

PT-2025-27013 · Unknown · Infinispan Cli

Name of the Vulnerable Software and Affected Versions: Infinispan CLI affected versions not specified Description: A flaw was found in Infinispan CLI where a sensitive password, decoded from a Base64-encoded Kubernetes secret, is processed in plaintext. This password is included in a command stri...

xxl-sso 安全漏洞

xxl-sso is a distributed single sign-on framework by the individual developer Xu Xueli. A security vulnerability exists in xxl-sso version 1.1.0, which is caused by incorrect operation of the errorMsg parameter in the file /xxl-sso-server/login, resulting in a cross-site scripting attack...

CVE-2025-6551

A vulnerability was found in java-aodeng Hope-Boot 1.0.0 and classified as problematic. This issue affects the function Login of the file /src/main/java/com/hope/controller/WebController.java. The manipulation of the argument errorMsg leads to cross site scripting. The attack may be initiated...

Hope-Boot 安全漏洞

Hope-Boot is a modern scaffolding project by the individual developer java-aodeng. A security vulnerability exists in Hope-Boot version 1.0.0, which stems from the mishandling of the parameter errorMsg by the Login function in WebController.java, which could lead to a cross-site scripting attack...

Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: wifi: brcm80211: fmac: Error handling has been added for the brcmfusbdlwriteimage function. The brcmfusbdlcmd function calls brcmf80211writeimage, but it does not check its return value. If the brcmfusbdlcmd function fails, the...

Security update for rabbitmq-server313

This update for rabbitmq-server313 fixes the following issues: CVE-2025-30219: incorrectly escaped virtual hostname present in error message could lead to XSS attack. bsc1240071 Non-security fixes: Require rabbitmq-server313-plugins rather then rabbitmq-server-plugins. bsc1231656, bsc1234763 Patc...