14 matches found
EUVD-2025-23665
Malicious code in bioql PyPI...
EUVD-2025-19625
Malicious code in bioql PyPI...
CVE-2025-54876
The Janssen Project is an open-source identity and access management IAM platform. In versions 1.9.0 and below, Janssen stores passwords in plaintext in the local clicmd.log file. This is fixed in the nightly prerelease...
CVE-2025-54876
The Janssen Project is an open-source identity and access management IAM platform. In versions 1.9.0 and below, Janssen stores passwords in plaintext in the local clicmd.log file. This is fixed in the nightly prerelease...
CVE-2025-54876
The Janssen Project IAM stores passwords in plaintext in the local cli_cmd.log file for versions 1.9.0 and below, creating a confidentiality risk. Root cause: passwords written to a local log. Severity is MEDIUM (CVSS 4.0 base 6.9) per the advisory. Remediation: upgrade to a version later than 1....
CVE-2025-54876 Jans CLI stores plaintext passwords in the local cli_cmd.log file
The Janssen Project is an open-source identity and access management IAM platform. In versions 1.9.0 and below, Janssen stores passwords in plaintext in the local clicmd.log file. This is fixed in the nightly prerelease...
CVE-2025-54876 Jans CLI stores plaintext passwords in the local cli_cmd.log file
The Janssen Project is an open-source identity and access management IAM platform. In versions 1.9.0 and below, Janssen stores passwords in plaintext in the local clicmd.log file. This is fixed in the nightly prerelease...
PT-2025-32006 · Unknown · Janssen Project
Name of the Vulnerable Software and Affected Versions: Janssen Project versions 1.9.0 and below Description: The Janssen Project, an open-source identity and access management IAM platform, stores passwords in plaintext in the local cli cmd.log file. Recommendations: Update to a version later tha...
CVE-2025-53003 Janssen Config API returns results without scope verification
The Janssen Project is an open-source identity and access management IAM platform. Prior to version 1.8.0, the Config API returns results without scope verification. This has a large internal surface attack area that exposes all sorts of information from the IDP including clients, users, scripts...
CVE-2025-53003
The Janssen Project Config API was vulnerable before version 1.8.0 due to lack of scope verification, exposing information from the IDP (clients, users, scripts, etc.). The issue has been fixed in 1.8.0. A recommended workaround mentioned in the sources is to fork and patch the Config API followi...
CVE-2025-53003 Janssen Config API returns results without scope verification
The Janssen Project is an open-source identity and access management IAM platform. Prior to version 1.8.0, the Config API returns results without scope verification. This has a large internal surface attack area that exposes all sorts of information from the IDP including clients, users, scripts...
CVE-2025-53003 Janssen Config API returns results without scope verification
The Janssen Project is an open-source identity and access management IAM platform. Prior to version 1.8.0, the Config API returns results without scope verification. This has a large internal surface attack area that exposes all sorts of information from the IDP including clients, users, scripts...
Janssen 安全漏洞
Janssen is an open source user authentication component from the Janssen Project Open Source. A security vulnerability exists in Janssen versions prior to 1.8.0, which stems from the Config API returning results without validating the scope, which could lead to information disclosure...
PT-2025-27496 · Gluu Flex +1 · Gluu Flex +1
Name of the Vulnerable Software and Affected Versions: Janssen Project versions prior to 1.8.0 Gluu Flex versions prior to 5.8.0 Description: The Janssen Project is an open-source identity and access management IAM platform. Prior to version 1.8.0, the Config API returns results without scope...