Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a mismatch in the type of the get/set function of the sglsgenr variable, which could result in a global...

CVE-2025-0504

CVE-2025-0504 affects Black Duck SCA versions prior to 2025.10.0. The root cause is an overly broad configuration of user role permissions: a scoped Project Manager with Global User Read access could access Project Administrator functionalities that should be inaccessible. Consequence: potential ...

CVE-2025-0504 Black Duck SCA Project Privilege Escalation

Black Duck SCA versions prior to 2025.10.0 had user role permissions configured in an overly broad manner. Users with the scoped Project Manager user role with the Global User Read access permission enabled access to certain Project Administrator functionalities which should have be inaccessible...

Checkmk 安全漏洞

Checkmk is an IT monitoring platform from Checkmk, Inc. A security vulnerability exists in Checkmk versions prior to 2.4.0p16, prior to 2.3.0p41, and all versions 2.2.0 and prior, which stems from the mkinotify plugin creating globally readable and writable files that could lead to unauthorized...

GHSA-X8GM-J36P-FPPF LibreNMS vulnerable to Stored Cross-site Scripting via File Upload

Summary Stored Cross-Site Scripting XSS can archive via Uploading a new Background for a Custom Map. Details Users with "admin" role can set background for a custom map, this allow the upload of SVG file that can contain XSS payload which will trigger onload. This led to Stored Cross-Site Scripti...

Nextcloud Desktop Client 安全漏洞

Nextcloud is a suite of open source, self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany.Nextcloud Desktop Client is a desktop client application for Nextcloud. A security vulnerability exists in Nextcloud Desktop Client versions 3.13.1 through...

SQL Injection

librenms/librenms is vulnerable to a SQL Injection. The vulnerability is due to inadequate input validation in the end point POST /search/search=packages within packages.inc.php, allowing a user with global read privileges to execute SQL commands via the package parameter and allows an attacker t...

PT-2024-24590

Name of the Vulnerable Software and Affected Versions LibreNMS versions prior to 24.4.0 Description A SQL injection vulnerability in the POST /search/search=packages endpoint in LibreNMS allows a user with global read privileges to execute SQL commands via the package parameter. This vulnerabilit...

Jenkins Plugin Git server security vulnerability

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...

CVE-2023-0969 Global read overflow in Z/IP Gateway

A vulnerability in SiLabs Z/IP Gateway 7.18.01 and earlier allows an authenticated attacker within Z-Wave range to manipulate an array pointer to disclose the contents of global memory...

Jenkins Plugin Request Rename Or Delete 安全漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is an application. An open source automation server, Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is an application.An authorization issue vulnerability exist...

Jenkins XebiaLabs XL Release Plugin 安全漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products. jenkins is an application. An open source automation server, Jenkins provides hundreds of plugins to support building, deploying, and automating any project. jenkins Plugin is an application. jenkins XebiaLabs XL Release Plugin...

Jenkins Plugin build-metrics 安全漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is an application. Jenkins Plugin is an application that provides hundreds of plugins to support building, deploying, and automating any project. Jenkins build-metrics Plugin version 1.3 and earlier versions are vulnerable t...

Jenkins Plugin requests-plugin 安全漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products. jenkins is an application. An open source automation server, Jenkins provides hundreds of plugins to support building, deploying, and automating any project. jenkins Plugin is an application. jenkins Plugin requests-plugin version...

CloudBees Jenkins Mercurial Security Feature Issue Vulnerability

CloudBees Jenkins Hudson Labs is the United States CloudBees company a set of Java-based development of continuous integration tools . The product is mainly used to monitor the continuous software version release/testing project and some timed execution of the task . Jenkins Mercurial plugin 2.11...

CloudBees Jenkins Ansible Privilege Permission and Access Control Issues Vulnerability

CloudBees Jenkins Hudson Labs is the United States CloudBees company a set of Java-based development of continuous integration tools . The product is mainly used to monitor the continuous software version release/testing project and some timed execution of the task . Jenkins Ansible plug-in 1.0 a...

CloudBees Jenkins Kubernetes Privilege Permission and Access Control Issues Vulnerability

CloudBees Jenkins Hudson Labs is the United States CloudBees company a set of Java-based development of continuous integration tools . The product is mainly used to monitor the continuous software version release/testing project and some timed execution of the task . A permission and access contr...

CloudBees Jenkins Kubernetes Plugin Access Control Error Vulnerability

CloudBees Jenkins Hudson Labs is the United States CloudBees company a set of Java-based development of continuous integration tools . The product is mainly used to monitor the continuous software version release/testing project and some timed execution of the task . An access control error...

CloudBees Jenkins Information Disclosure Vulnerability (CNVD-2020-17202)

CloudBees Jenkins is the United States CloudBees company a set of Java-based development of continuous integration tools . The product is mainly used to monitor the continuous software version release/testing project and some timed execution of the task . There is a security vulnerability in...

Unspecified Vulnerability in Mitsubishi Electric smartRTUs and Inea ME-RTUs

Mitsubishi Electric smartRTU is an intelligent Remote Terminal Unit RTU from Mitsubishi Electric, Japan.Inea ME-RTU is an intelligent communication gateway product from Inea, Slovenia. A security vulnerability exists in Mitsubishi Electric smartRTU version 2.02 and earlier and INEA ME-RTU version...