Jfrog Artifactory <6.17.0 - Default Admin Password

Jfrog Artifactory prior to 6.17.0 uses default passwords such as "password" for administrative accounts and does not require users to change them. This may allow unauthorized network-based attackers to completely compromise of Jfrog Artifactory. id: CVE-2019-17444 info: name: Jfrog Artifactory...

JFrog Artifactory 6.7.3 - Admin Login Bypass

JFrog Artifactory 6.7.3 is vulnerable to an admin login bypass issue because by default the access-admin account is used to reset the password of the admin account. While this is only allowable from a connection directly from localhost, providing an X-Forwarded-For HTTP header to the request allo...

jfrog-cli-2.104.1-1.1 on GA media (moderate)

jfrog-cli-2.104.1-1.1 on GA media Announcement ID: openSUSE-SU-2026:10844-1 Rating: moderate Cross-References: CVE-2025-11579 CVSS scores: CVE-2025-11579 SUSE : 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L CVE-2025-11579 SUSE : 4.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA...

OPENSUSE-SU-2026:10844-1 jfrog-cli-2.104.1-1.1 on GA media

These are all security issues fixed in the jfrog-cli-2.104.1-1.1 package on the GA media of openSUSE Tumbleweed...

Malicious code in zest-product (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c9081ad708b658c1bd56299e401ca6a764cc9137d99573bc922d38a7381cc30d On npm install, postinstall.js collects host identity and environment data os.hostname, username, process.cwd, process.env values, plus shelled-out...

Malicious Package

Overview @kindo/selfbot is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

CVE-2026-45022 vulnerabilities

Vulnerabilities for packages: zot, argocd-image-updater, trivy-fips, skaffold, rancher-fleet, kaniko, apko, coder-fips, src-fingerprint, kargo, flux-image-automation-controller, kyverno-fips, pulumi-language-java, snyk-cli, trufflehog-fips, gomplate-fips, syft-fips, gitlab-runner,...

GHSA-389R-GV7P-R3RP vulnerabilities

Vulnerabilities for packages: zot, argocd-image-updater, trivy-fips, skaffold, rancher-fleet, kaniko, apko, coder-fips, src-fingerprint, kargo, flux-image-automation-controller, kyverno-fips, pulumi-language-java, snyk-cli, trufflehog-fips, gomplate-fips, syft-fips, gitlab-runner,...

[SECURITY] Fedora 44 Update: jfrog-cli-2.98.0-1.fc44

JFrog CLI is a client that provides a simple interface that automates access to the JFrog products...

Fedora 44 : jfrog-cli (2026-6b87863841)

The remote Fedora 44 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-6b87863841 advisory. Upstream release 2.98.0. https://github.com/jfrog/jfrog-cli/releases/tag/v2.98.0 Resolves the following security issues: CVE-2025-11579 CVE-2025-665...

GHSA-HR2V-4R36-88HR vulnerabilities

Vulnerabilities for packages: chaos-mesh, cerbos, eksctl, flux-source-controller-fips, helm-push, zot, helm-operator, kuma, kube-arangodb-fips, pluto, tw, trivy-fips, zarf-fips, flux, nova-fips, helm-operator-fips, cluster-api-helm-controller-fips, helm-exporter, rancher-fleet, istio,...

CVE-2026-32288 vulnerabilities

Vulnerabilities for packages: zot, extism, podman, rancher-fleet, ipfs-cluster, malcontent, helm-diff-fips, flux-source-watcher, helm, kyverno-fips, spegel-fips, docker-cli-buildx, keda-fips, dex, harbor-fips, azuredisk-csi-fips, dex-fips, kubescape-server-fips, kbld, syft, tekton-chains-fips,...

GHSA-X4JJ-H2V8-HQQV vulnerabilities

Vulnerabilities for packages: zot, extism, podman, rancher-fleet, ipfs-cluster, malcontent, helm-diff-fips, flux-source-watcher, helm, kyverno-fips, spegel-fips, docker-cli-buildx, keda-fips, dex, harbor-fips, azuredisk-csi-fips, dex-fips, kubescape-server-fips, kbld, syft, tekton-chains-fips,...

CVE-2026-32283 vulnerabilities

Vulnerabilities for packages: agentbeat, nri-discovery-kubernetes, zot, aws-sigv4-proxy-fips, cilium-certgen, extism, nri-discovery-kubernetes-fips, rancher-support-bundle-kit, minio-object-browser-fips, jupyterhub-k8s-image-awaiter-fips, nova-fips, podman, terraform-provider-sendgrid,...

CVE-2026-33762 vulnerabilities

Vulnerabilities for packages: flux-source-controller-fips, zot, argocd-image-updater, trivy-fips, skaffold, rancher-fleet, kaniko, apko, src-fingerprint, kargo, flux-image-automation-controller, kyverno-fips, pulumi-language-java, snyk-cli, trufflehog-fips, gomplate-fips, syft-fips, gitlab-runner...

GHSA-GM2X-2G9H-CCM8 vulnerabilities

Vulnerabilities for packages: flux-source-controller-fips, zot, argocd-image-updater, trivy-fips, skaffold, rancher-fleet, kaniko, apko, src-fingerprint, kargo, flux-image-automation-controller, kyverno-fips, pulumi-language-java, snyk-cli, trufflehog-fips, gomplate-fips, syft-fips, gitlab-runner...

CVE-2026-34165 vulnerabilities

Vulnerabilities for packages: flux-source-controller-fips, zot, argocd-image-updater, trivy-fips, skaffold, rancher-fleet, kaniko, apko, src-fingerprint, kargo, flux-image-automation-controller, kyverno-fips, pulumi-language-java, snyk-cli, trufflehog-fips, gomplate-fips, syft-fips, gitlab-runner...

CVE-2021-41834

JFrog Artifactory prior to version 7.28.0 and 6.23.38, is vulnerable to Broken Access Control, the copy functionality can be used by a low-privileged user to read and copy any artifact that exists in the Artifactory deployment due to improper permissions validation...

CVE-2022-0668

JFrog Artifactory prior to 7.37.13 is vulnerable to Authentication Bypass, which can lead to Privilege Escalation when a specially crafted request is sent by an unauthenticated user...

CVE-2022-0573

JFrog Artifactory before 7.36.1 and 6.23.41, is vulnerable to Insecure Deserialization of untrusted data which can lead to DoS, Privilege Escalation and Remote Code Execution when a specially crafted request is sent by a low privileged authenticated user due to insufficient validation of a...