13 matches found
CVE-2018-1000009
Jenkins Checkstyle Plugin 3.49 and earlier processes XML external entities in files it parses as part of the build process, allowing attackers with user permissions in Jenkins to extract secrets from the Jenkins master, perform server-side request forgery, or denial-of-service attacks...
EUVD-2022-4815
Malicious code in bioql PyPI...
EUVD-2024-2240
Malicious code in bioql PyPI...
EUVD-2025-26505
Malicious code in bioql PyPI...
GHSA-438M-6MHW-HQ5W Mautic vulnerable to secret data extraction via elfinder
Summary A user with administrator rights can change the configuration of the mautic application and extract secrets that are not normally available. Impact An administrator who usually does not have access to certain parameters, such as database credentials, can disclose them...
CVE-2025-9822
SummaryA user with administrator rights can change the configuration of the mautic application and extract secrets that are not normally available. ImpactAn administrator who usually does not have access to certain parameters, such as database credentials, can disclose them...
CVE-2025-9822
SummaryA user with administrator rights can change the configuration of the mautic application and extract secrets that are not normally available. ImpactAn administrator who usually does not have access to certain parameters, such as database credentials, can disclose them...
CVE-2025-9822 Secret data extraction via elfinder
SummaryA user with administrator rights can change the configuration of the mautic application and extract secrets that are not normally available. ImpactAn administrator who usually does not have access to certain parameters, such as database credentials, can disclose them...
CVE-2025-9822 Secret data extraction via elfinder
SummaryA user with administrator rights can change the configuration of the mautic application and extract secrets that are not normally available. ImpactAn administrator who usually does not have access to certain parameters, such as database credentials, can disclose them...
PT-2025-35722
Name of the Vulnerable Software and Affected Versions: mautic affected versions not specified Description: A user with administrator rights can modify the application’s configuration and extract sensitive information that is normally inaccessible. This allows an administrator to disclose...
CVE-2024-7206 Firmware extraction and Hardware SSL Pinning Bypass
SSL Pinning Bypass in eWeLink Some hardware products allows local ATTACKER to Decrypt TLS communication and Extract secrets to clone the device via Flash the modified firmware...
CVE-2024-7206 Firmware extraction and Hardware SSL Pinning Bypass
SSL Pinning Bypass in eWeLink Some hardware products allows local ATTACKER to Decrypt TLS communication and Extract secrets to clone the device via Flash the modified firmware...
CVE-2024-41122 Custom environment variables allow to alter execution flow of plugins in Woodpecker
Woodpecker is a simple yet powerful CI/CD engine with great extensibility. The server allow to create any user who can trigger a pipeline run malicious workflows: 1. Those workflows can either lead to a host takeover that runs the agent executing the workflow. 2. Or allow to extract the secrets w...